Peter Todd [ARCHIVE] on Nostr: š Original date posted:2013-06-02 š Original message:On Sat, Jun 01, 2013 at ...
š
Original date posted:2013-06-02
š Original message:On Sat, Jun 01, 2013 at 10:32:07PM -0400, Gavin wrote:
> Feels like a new opcode might be better.
>
> Eg <data> 100 OP_NOP1
>
> ... Where op_nop1 is redefined to be 'verify depth' ...
Good idea.
Either way, looks like complex announce-commit logic isn't needed and a
simple txout with one of a few possible forms will work.
I'd say we tell people to sacrifice to (provably) unspendable for now
and do a soft-fork later if there is real demand for this stuff in the
future.
> On Jun 1, 2013, at 3:30 PM, Peter Todd <pete at petertodd.org> wrote:
>
> > Currently the most compact way (proof-size) to sacrifice Bitcoins that
> > does not involve making them unspendable is to create a anyone-can-spend
> > output as the last txout in the coinbase of a block:
> >
> > scriptPubKey: <data> OP_TRUE
> >
> > The proof is then the SHA256 midstate, the txout, and the merkle path to
> > the block header. However this mechanism needs miner support, and it is
> > not possible to pay for such a sacrifice securely, or create an
> > assurance contract to create one.
> >
> > A anyone-can-spend in a regular txout is another option, but there is no
> > way to prevent a miner from including a transaction spending that txout
> > in the same block. Once that happens, there is no way to prove the miner
> > didn't create both, thus invalidating the sacrifice. The announce-commit
> > protocol solves that problem, but at the cost of a much larger proof,
> > especially if multiple parties want to get together to pay the cost of
> > the sacrifice. (the proof must include the entire tx used to make the
> > sacrifice)
> >
> > However if we add a rule where txouts ending in OP_TRUE are unspendable
> > for 100 blocks, similar to coinbases, we fix these problems. The rule
> > can be done as a soft-fork with 95% support in the same way the
> > blockheight rule was implemented. Along with that change
> > anyone-can-spend outputs should be make IsStandard() so they will be
> > relayed.
> >
> > The alternative is sacrifices to unspendable outputs, which is very
> > undesirable compared to sending the money to miners to further
> > strengthen the security of the network.
> >
> > We should always make it easy for people to write code that does what is
> > best for Bitcoin.
--
'peter'[:-1]@petertodd.org
0000000000000092f448c7630e47584650efa7e27604161c0b5984d603d944ea
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130602/e4620fb3/attachment.sig>;
š Original message:On Sat, Jun 01, 2013 at 10:32:07PM -0400, Gavin wrote:
> Feels like a new opcode might be better.
>
> Eg <data> 100 OP_NOP1
>
> ... Where op_nop1 is redefined to be 'verify depth' ...
Good idea.
Either way, looks like complex announce-commit logic isn't needed and a
simple txout with one of a few possible forms will work.
I'd say we tell people to sacrifice to (provably) unspendable for now
and do a soft-fork later if there is real demand for this stuff in the
future.
> On Jun 1, 2013, at 3:30 PM, Peter Todd <pete at petertodd.org> wrote:
>
> > Currently the most compact way (proof-size) to sacrifice Bitcoins that
> > does not involve making them unspendable is to create a anyone-can-spend
> > output as the last txout in the coinbase of a block:
> >
> > scriptPubKey: <data> OP_TRUE
> >
> > The proof is then the SHA256 midstate, the txout, and the merkle path to
> > the block header. However this mechanism needs miner support, and it is
> > not possible to pay for such a sacrifice securely, or create an
> > assurance contract to create one.
> >
> > A anyone-can-spend in a regular txout is another option, but there is no
> > way to prevent a miner from including a transaction spending that txout
> > in the same block. Once that happens, there is no way to prove the miner
> > didn't create both, thus invalidating the sacrifice. The announce-commit
> > protocol solves that problem, but at the cost of a much larger proof,
> > especially if multiple parties want to get together to pay the cost of
> > the sacrifice. (the proof must include the entire tx used to make the
> > sacrifice)
> >
> > However if we add a rule where txouts ending in OP_TRUE are unspendable
> > for 100 blocks, similar to coinbases, we fix these problems. The rule
> > can be done as a soft-fork with 95% support in the same way the
> > blockheight rule was implemented. Along with that change
> > anyone-can-spend outputs should be make IsStandard() so they will be
> > relayed.
> >
> > The alternative is sacrifices to unspendable outputs, which is very
> > undesirable compared to sending the money to miners to further
> > strengthen the security of the network.
> >
> > We should always make it easy for people to write code that does what is
> > best for Bitcoin.
--
'peter'[:-1]@petertodd.org
0000000000000092f448c7630e47584650efa7e27604161c0b5984d603d944ea
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130602/e4620fb3/attachment.sig>;