David A. Harding [ARCHIVE] on Nostr: 📅 Original date posted:2022-11-10 📝 Original message:On 2022-11-07 23:17, ...
📅 Original date posted:2022-11-10
📝 Original message:On 2022-11-07 23:17, Salvatore Ingala via bitcoin-dev wrote:
> Hi list,
Hi Salvatore!,
> I have been working on some notes to describe an approach that uses
> covenants in order to enable general smart contracts in bitcoin. You
> can find them here:
>
> https://merkle.fun
I haven't yet been able to understand everything in your post, but I'm
wondering if you can describe how your proposal significantly differs in
application from [1]? E.g., you write:
> 1. Alice posts the statement “f(x) = y”.
> 2. After a challenge period, if no challenge occurs, Alice is free to
> continue and unlock the funds; the statement is true.
> 3. At any time before the challenge period expires, Bob can start a
> challenge: “actually, f(x) = z”.
That looks to me very similar to Gregory Maxwell's script from[1]
(comments and variable name changes mine):
# Offchain, Alice posts the statement f(x) = y
# Offchain, Bob provides Ex, an encrypted form of x that can be proven
in zero knowledge to satisfy both f(x) = y and sha256(x) = Y
OP_SHA256
<Y> OP_EQUAL
OP_IF
# Bob provided the preimage for Y, that preimage being the solution,
so he can spend the funds now
<Bob Pubkey>
OP_ELSE
# The challenge period ended, so Alice can reclaim her funds
<block_height+100> OP_CHECKLOCKTIMEVERIFY OP_DROP
<Alice Pubkey>
OP_ENDIF
OP_CHECKSIG
Thanks and apologies if I'm missing something obvious!,
-Dave
[1]
https://bitcoincore.org/en/2016/02/26/zero-knowledge-contingent-payments-announcement/
📝 Original message:On 2022-11-07 23:17, Salvatore Ingala via bitcoin-dev wrote:
> Hi list,
Hi Salvatore!,
> I have been working on some notes to describe an approach that uses
> covenants in order to enable general smart contracts in bitcoin. You
> can find them here:
>
> https://merkle.fun
I haven't yet been able to understand everything in your post, but I'm
wondering if you can describe how your proposal significantly differs in
application from [1]? E.g., you write:
> 1. Alice posts the statement “f(x) = y”.
> 2. After a challenge period, if no challenge occurs, Alice is free to
> continue and unlock the funds; the statement is true.
> 3. At any time before the challenge period expires, Bob can start a
> challenge: “actually, f(x) = z”.
That looks to me very similar to Gregory Maxwell's script from[1]
(comments and variable name changes mine):
# Offchain, Alice posts the statement f(x) = y
# Offchain, Bob provides Ex, an encrypted form of x that can be proven
in zero knowledge to satisfy both f(x) = y and sha256(x) = Y
OP_SHA256
<Y> OP_EQUAL
OP_IF
# Bob provided the preimage for Y, that preimage being the solution,
so he can spend the funds now
<Bob Pubkey>
OP_ELSE
# The challenge period ended, so Alice can reclaim her funds
<block_height+100> OP_CHECKLOCKTIMEVERIFY OP_DROP
<Alice Pubkey>
OP_ENDIF
OP_CHECKSIG
Thanks and apologies if I'm missing something obvious!,
-Dave
[1]
https://bitcoincore.org/en/2016/02/26/zero-knowledge-contingent-payments-announcement/