Miniscript - Max Fang's Notes

# Miniscript - Main descriptive website: http://bitcoin.sipa.be/miniscript/ - Also contains: - **Policy to Miniscript compiler** - **Analyze a Miniscript** - **Miniscript reference** - **Satisfactions and malleability** - C++ compiler: https://github.com/sipa/miniscript - Bitcoin Core compatible C++ implementation: https://github.com/sipa/miniscript/tree/master/bitcoin/script - Rust-miniscript implementation: https://github.com/apoelstra/rust-miniscript - Talk about (an early version of) Miniscript at [SBC'19](https://cyber.stanford.edu/sbc19): [video](https://www.youtube.com/watch?v=XM1lzN4Zfks) [transcript](http://diyhpl.us/wiki/transcripts/stanford-blockchain-conference/2019/miniscript/) [slides](https://prezi.com/view/KH7AXjnse7glXNoqCxPH/) ## Introduction from Main Website _Miniscript_ is a language for writing (a subset of) Bitcoin Scripts in a structured way, enabling analysis, composition, generic signing and more. Bitcoin Script is an unusual stack-based language with many edge cases, designed for implementing spending conditions consisting of various combinations of signatures, hash locks, and time locks. Yet despite being limited in functionality it is still highly nontrivial to: - Given a combination of spending conditions, finding the most economical script to implement it. - Given two scripts, construct a script that implements a composition of their spending conditions (e.g. a multisig where one of the "keys" is another multisig). - Given a script, find out what spending conditions it permits. - Given a script and access to a sufficient set of private keys, construct a general satisfying witness for it. - Given a script, be able to predict the cost of spending an output. - Given a script, know whether particular resource limitations like the ops limit might be hit when spending. Miniscript functions as a representation for scripts that makes these sort of operations possible. It has a structure that allows composition. It is very easy to statically analyze for various properties (spending conditions, correctness, security properties, malleability, ...). It can be targeted by spending policy compilers (see below). Finally, compatible scripts can easily be converted to Miniscript form - avoiding the need for additional metadata for e.g. signing devices that support it. For now, Miniscript is really only designed for P2WSH and P2SH-P2WSH embedded scripts. Most of its constructions works fine in P2SH as well, but some of the (optional) security properties rely on Segwit-specific rules. Furthermore, the implemented policy compilers assume a Segwit-specific cost model. Miniscript was designed and implemented by Pieter Wuille, Andrew Poelstra, and Sanket Kanjalkar at Blockstream Research, but is the result of discussions with several other people.