[Bitcoin-development] Proposal: soft-fork to make anyone-can-spend outputs unspendable for 100 blocks

Peter Todd pete at petertodd.org
Sun Jun 2 06:13:27 UTC 2013

On Sat, Jun 01, 2013 at 10:32:07PM -0400, Gavin wrote:
> Feels like a new opcode might be better.
> Eg  <data> 100 OP_NOP1
> ... Where op_nop1 is redefined to be 'verify depth' ... 

Good idea.

Either way, looks like complex announce-commit logic isn't needed and a
simple txout with one of a few possible forms will work.

I'd say we tell people to sacrifice to (provably) unspendable for now
and do a soft-fork later if there is real demand for this stuff in the

> On Jun 1, 2013, at 3:30 PM, Peter Todd <pete at petertodd.org> wrote:
> > Currently the most compact way (proof-size) to sacrifice Bitcoins that
> > does not involve making them unspendable is to create a anyone-can-spend
> > output as the last txout in the coinbase of a block:
> > 
> > scriptPubKey: <data> OP_TRUE
> > 
> > The proof is then the SHA256 midstate, the txout, and the merkle path to
> > the block header. However this mechanism needs miner support, and it is
> > not possible to pay for such a sacrifice securely, or create an
> > assurance contract to create one.
> > 
> > A anyone-can-spend in a regular txout is another option, but there is no
> > way to prevent a miner from including a transaction spending that txout
> > in the same block. Once that happens, there is no way to prove the miner
> > didn't create both, thus invalidating the sacrifice. The announce-commit
> > protocol solves that problem, but at the cost of a much larger proof,
> > especially if multiple parties want to get together to pay the cost of
> > the sacrifice. (the proof must include the entire tx used to make the
> > sacrifice)
> > 
> > However if we add a rule where txouts ending in OP_TRUE are unspendable
> > for 100 blocks, similar to coinbases, we fix these problems. The rule
> > can be done as a soft-fork with 95% support in the same way the
> > blockheight rule was implemented. Along with that change
> > anyone-can-spend outputs should be make IsStandard() so they will be
> > relayed.
> > 
> > The alternative is sacrifices to unspendable outputs, which is very
> > undesirable compared to sending the money to miners to further
> > strengthen the security of the network.
> > 
> > We should always make it easy for people to write code that does what is
> > best for Bitcoin.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130602/e4620fb3/attachment.sig>

More information about the bitcoin-dev mailing list