[Bitcoin-development] Alternative to OP_EVAL
Gavin Andresen
gavinandresen at gmail.com
Mon Jan 2 15:59:00 UTC 2012
Here are my latest thoughts on a safer OP_EVAL alternative, inspired
by all the ideas and agitated IRC and email
discussions of the last week or so:
Goal: Let users publish a short "funding address" that is the hash of
an arbitrary redemption Script revealed when they spend the funds,
implemented in a backwards-compatible-in-the-blockchain way.
Proposal:
A new 'standard' transaction type, "pay to Script hash":
scriptPubKey: HASH160 <push-20-byte-hash> EQUAL
Redeemed with the same scriptSig as the OP_EVAL proposal:
<signatures> <serialized Script>
Old clients/miners will ignore <signatures> and just validate that the
hash of <serialized Script> matches.
New clients/miners will recognize the new type of transaction and will
do the following additional validation:
1. Fail validation if there were any operations other than "push data"
in the original scriptSig.
2. Deserialize the top (last) item on the scriptSig stack (fail
validation if it fails to deserialize properly).
3. Run an additional validation on the deserialized script, using the
remaining items on the scriptSig stack and the deserialized script as
the scriptPubKey.
---------------
As Amir said in IRC chat today, "the idea is a hack.... but I like it."
I like it, too-- it is cleaner than OP_EVAL, more straightforward to
implement, and pretty much exactly matches the feature I care about
(moving code from the scriptPubKey to the scriptSig). There are no
special cases like "CODESEPARATORS not allowed in <serialized
script>".
--
--
Gavin Andresen
More information about the bitcoin-dev
mailing list