WIP: RFC 5 : New Scalable Blockchain Protocol

This document provides specifications of a new blockchain protocol which will be used power future versions of Duniter currencies. It is however a generalist protocol and could be used by other projects outside of Duniter and with little or no modifications.

rfc/0005 Duniter Protocol Rework.md

@@ -27,6 +27,7 @@ extensibility.
 1. [Certification document](#6-certification-document)
 1. [Revocation document](#7-revocation-document)
 1. [Transaction document](#8-transaction-document)
+1. [Script system](#9-script-system)
 1. Block document
 
 ## 1. Introduction
@@ -282,8 +283,6 @@ the text document.
 
 ## 8. Transaction document
 
-### 8.1. Structure
-
 A **transaction document** describes the consumption of **sources** and the creation of
 **outputs**. Since we're dealing with *Universal Dividends*, it's possible to provide a list
 of UDs to spend. Each source or UD can be spent only once, and the
@@ -294,6 +293,7 @@ described below.
 
 | Size | Data |
 |:----:|:-----|
+| *36 bytes* | Transaction document creation blockstamp
 | *1 byte* | Number of UD inputs |
 | *1 byte* | Number of unspent inputs |
 | *1 byte* | Number of outputs |
@@ -306,24 +306,25 @@ described below.
 | | **For each unspent input** : |
 | *32 bytes* | Source transaction document hash |
 | *1 byte* | Source output index |
-| ... | *Unlock parameters (with alignement padding)* |
+| ... | *Unlock parameters (with alignement padding with `Nop` opcodes)* |
 |
 | | **For each output** : |
 | *4 bytes* | Unsigned currency value |
 | *1 byte* | Unsigned value power base |
-| ... | *Lock script (with alignement padding)* |
+| ... | *Lock script (with alignement padding with `Nop` opcodes)* |
 
-### 8.2 Script system
+## 9. Script system
 
 > This system is heavily inspired by Bitcoin script system discribed
 > [here](https://en.bitcoin.it/wiki/Script). It adds to it transaction data reflection
-> such as outputs, amounts, merkelized scripts and multiple cryptographic systems
+> (such as outputs, amounts); merkelized scripts and multiple cryptographic systems
 > support.
 
 The script system is simple, **stack-based** and processed from left to right. It is intentionnaly
 **not Turing-complete, with no loops**.
 
-A *transaction* is valid if nothing in the script triggers a failure and the stack is empty when the script exits.
+A *transaction* is valid if nothing in the script triggers a failure and the stack contains
+only one `true` value.
 
 That stacks hold *byte vectors*. When used as numbers, byte vectors are interpreted as
 **big-endian variable-length integers** with two's complement fir sign handling. 0 can also be
@@ -336,7 +337,7 @@ the concatenation of the *unlock parameters* and the *lock script*. Thus the
 
 > We'll refeer to the **main stack** as **the stack** and precise **alt stack** when necessary.
 
-#### Opcodes
+### Opcodes
 
 | Opcode | Hex | Word | Input | Output | Description |
 |:------:|:---:|:-----|:------|:-------|:------------|
@@ -379,7 +380,7 @@ the concatenation of the *unlock parameters* and the *lock script*. Thus the
 | `120` | `0x77` | `Over2` | `x1 x2 x3 x4` | `x1 x2 x3 x4 x1 x2` | Copies the pair of items two spaces back in the stack to the front.
 | `121` | `0x78` | `Rot2` | `x1 x2 x3 x4 x5 x6` | `x3 x4 x5 x6 x1 x2` | The fifth and sixth items back are moved to the top of the stack.
 | `122` | `0x79` | `Swap2` | `x1 x2 x3 x4` | `x3 x4 x1 x2` | Swaps the top two pairs of items.
-| `123` | `0x7a` | IsEmpty | `in` | `true`/`false` | Returns 1 if the top of the stack in a zero-length vector. It consumes the input, so if it needs to be used it should be duplicated first.
+| `123` | `0x7a` | `IsEmpty` | `in` | `true`/`false` | Returns 1 if the top of the stack in a zero-length vector. It consumes the input, so if it needs to be used it should be duplicated first.
 |
 | | | | | | **Bitwise Logic**
 | `128` | `0x80` | `Invert` | `in` | `out` | Flips all of the bits in the input.
@@ -414,34 +415,62 @@ the concatenation of the *unlock parameters* and the *lock script*. Thus the
 |
 | | | | | | **Crypto**
 | `176` | `0xb0` | `Hash` | `value algo` | `hash` | The input is hashed using `algo` hashing algorithm. The list of algorithms is available below.
-| `177` | `0xb1` | `CheckSig` | `sig pubkey` | `hash` | The signature must be a valid signaure for the hash of this (the spending) transaction and public key. If it is, 1 is returned, 0 otherwise.
-| `178` | `0xb2` | `CheckSigHash` | `sig pubkey compactkey` | `hash` | Same as `CheckSig`, but `compactkey` must correspond to `pubkey`. With this opcode `pubkey` can be provided only at spending, thus protecting it for cryptographic attacks.
-| `179` | `0xb3` | `CheckMultiSig` | `sig1 sig2 ... pub1 pub2 ... <count>` | `hash` | Verify each pair `(sign, pubn)`.
-| `180` | `0xb4` | `CheckMultiSigHash` | `sig1 sig2 ... pub1 pub2 ... compact1 compact2 <count>` | `hash` | Combinaison of `CheckSigHash` and `CheckMultiSig`.
-| `181` | `0xb5` | `FetchData` | `arg1 arg2 ... argn <n>` | `value` | Fetch data from transaction (outputs, time, etc). Arguments will be provided later in this document. If data don't exist, an empty byte is returned.
-| `182` | `0xb6` | `Eval` | `script hash` | *special* | Evaluate `script` as if it was in-place. The script must have a Merkle Root equals to `hash`. If not, **transaction is invalid**. If the script *panic* (says the transaction is invalid), the **transaction is invalid**. The script hashing algorithm is described later in this document.
-| `183` | `0xb7` | `Unused` | `hash` | *empty value (false)* | Returns an empty value. The hash of this instruction is the provided hash. It allow to only provide hashes of unused code when using `Eval` opcode.
+| `177` | `0xb1` | `CheckSig` | `sig pubkey` | `true`/`false` | The signature must be a valid signaure for the hash of this (the spending) transaction and public key. If it is, 1 is returned, 0 otherwise.
+| `178` | `0xb2` | `CheckSigHash` | `sig pubkey compactkey` | `true`/`false` | Same as `CheckSig`, but `compactkey` must correspond to `pubkey`. With this opcode `pubkey` can be provided only at spending, thus protecting it for cryptographic attacks.
+| `179` | `0xb3` | `CheckMultiSig` | `sig1 sig2 ... pub1 pub2 ... <count>` | valid sig count | Verify each pair `(sign, pubn)`, return the sumber of valid transactions.
+| `180` | `0xb4` | `CheckMultiSigHash` | `sig1 sig2 ... pub1 pub2 ... compact1 compact2 <count>` | valid sig count | Combinaison of `CheckSigHash` and `CheckMultiSig`.
+| `181` | `0xb6` | `Eval` | `script hash` | *special* | Evaluate `script` as if it was in-place. The script must have a Merkle Root equals to `hash`. If not, **transaction is invalid**. If the script *panic* (says the transaction is invalid), the **transaction is invalid**. The script hashing algorithm is described later in this document.
+| `182` | `0xb7` | `Unused` | `hash` | *empty value (false)* | Returns an empty value. The hash of this instruction is the provided hash. It allow to only provide hashes of unused code when using `Eval` opcode.
 
 Any undefined operators return the value `1` and doesn't mark the transaction as invalid.
 If use before a `Assert`/`Verify` opcode, they won't mark the transaction as invalid easer.
 Changing them to new opcodes will only restrict the set of valid transactions and outdated client will never see new opcodes as invalid.
 With this setup it allow adding new backward-compatible features.
 
-#### Hashing algorithms list
+### Hashing algorithms list
+
+| Code | Name |
+|:----:|:-----|
+| `0` | SHA-256
+
+### Eval script hashing
 
 TODO
 
-#### FetchData arguments
+### Script examples
 
-The first argument of a `FetchData` opcode is a nested opcode : which information need to be
-fetched.
+To simplify our scripts examples, we write constants as `<data>` fields, and the stack push
+is implied.
 
-TODO
+#### Classic pay-to-pubkey script
 
-#### Eval script hashing
+```txt
+Script : <pubkey> CheckSig
+Parameters : <sig>
+```
 
-TODO
+Here is a step by step execution of the script
+
+| Stack | Script | Description |
+|:------|:-------|:------------|
+| | `<sig> <pubkey> CheckSig` | Script and parameters are merged.
+| `<sig> <pubkey>` | `CheckSig` | Data is pushed on the stack.
+| `true` |  | Signature is checked for top two stack items.
 
-#### Script examples
+There is only `true` in the stack, so this transaction is valid.
+
+#### Pay-to-compact-key script
+
+```txt
+Script : <compact key> CheckSigHash
+Parameters : <sig> <pubkey>
+```
+
+#### 2-of-3-multisig script
+
+```txt
+Script : <compact1> <compact2> <compact3> 3 CheckMultiSigHash 2 NumGreaterThanEqual
+Parameters : <sig1> <empty> <sig3> <pubkey1> <empty> <pubkey3>
+```
 
-TODO
\ No newline at end of file
+### How to allow usage of V10 outputs
\ No newline at end of file