Today we continue chapter 10 about Script, P2SH, and Miniscript.
You’re getting this two days earlier than usual, so that I can remind you there’s a Socratic seminar happening in Amsterdam this Wednesday afternoon! Sign up here.
Miniscript is a project that was designed by a few Blockstream engineers: Pieter Wuille, Andrew Poelstra, and Sanket Kanjalkar. It’s “a language for writing (a subset of) Bitcoin Scripts in a structured way, enabling analysis, composition, generic signing and more.” You can see examples and try it yourself at bitcoin.sipa.be/miniscript
Miniscript consists of a few dozen script fragments, each a sequence of op codes. These fragments can be combined. If individual script op codes are like an alphabet then Miniscript fragments are like words. By building a script that only uses these words, rather than just any combination of letters from the alphabet, you lose some Script features, but you gain certain guarantees about safety and correct behavior.
A simple example of Miniscript is pkh(A) — which consists of only a single fragment. It’s the equivalent of the standard P2PKH script analyzed above (OP_DUP OP_HASH160 <pubKeyHashA> OP_EQUALVERIFY OP_CHECKSIG). The poor man’s multisig above requires several Miniscript fragments: and_v(v:pk(pubKeyA),pk(pubKeyB)).
Miniscript makes sure there’s no funny stuff in the fine print. It removes some of the foot guns, but it also allows you to do very cool stuff safely. In particular, it lets you do things like AND. So you can say condition A must be true AND condition B must be true, and you can do things like OR. And whatever’s inside the OR or inside the AND can be arbitrarily complex.
In contrast, with Bitcoin Script, you have if and else statements, but if you’re not careful, those if and else statements won’t do what you think they’re going to do, because there’s complexity hidden after these statements.
Meanwhile, with Miniscript, the templates make sure you’re only doing things that are actually doing what you think they’re doing. Let’s say you’re a company and you offer a semi-custodial wallet solution, where you have one of the keys of the user and the user has the other has two keys. You don’t have a majority of the keys, but maybe there’s a five-year timeout where you do have control in case the user dies or something else happens.
This would be like a multisig set up. Normally, when you set up a multisig, everybody gives their public key for example, and you create a simple script that has three keys and three people sign. But the problem is, because you’re a big business that offers a service, you have some really complicated internal accounting department and you maybe want to have five different signatures by specific people with varied levels of complexity.
There’s a lot of complex stuff you can do with it, and all the complex stuff should count as one key.
The problem with that is how does the customer know the script is OK? They’d have to hire their own electronic lawyer to check that the script doesn’t have any little gimmicks in it.
Miniscript allows you to check that. A futuristic wallet could show you a little pie chart, saying “You’re this one piece of the pie, and there’s this other piece of the pie that’s really complicated, but you don’t have to worry about it. It’s not going to do anything sneaky.”