<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Fri, Apr 25, 2014 at 8:18 PM, Luke-Jr <span dir="ltr"><<a href="mailto:luke@dashjr.org" target="_blank">luke@dashjr.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
This one looks entirely useless (it cannot be made secure)</blockquote><div><br></div>The hash locking isn't to prevent someone else stealing your coin. Once a user broadcasts a transaction with x in it, then everyone has access to x.<br>
<br></div><div class="gmail_quote">It is to release the coin on the other chain. If you spend the output, you automatically give the other participant the password to take your coin on the other chain (completing the trade).<br>
</div><div class="gmail_quote"><br></div><div class="gmail_quote">The BIP allows the hash to protect any of other standard transactions (except P2SH, since that is a template match).<br><br></div><div class="gmail_quote">
For example, it would allow a script of the form<br><br><pre>OP_HASH160 [20-byte-password-hash] OP_EQUAL_VERIFY OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
</pre>To spend it, you would need to provide the password and also sign the transaction using the private key.<br></div><div class="gmail_quote"></div><div class="gmail_quote"><div><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
and the assertion<br>
that it is necessary for atomic cross-chain transfers seems unfounded and<br>
probably wrong...<br>
<br></blockquote><div><br></div><div>I meant that it is required for the particular protocol.<br></div><div><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Luke<br></blockquote></div></div></div>