[bitcoin-dev] Covenants through merkelized txids.
rusty at rustcorp.com.au
Fri Nov 10 01:31:14 UTC 2017
This is an alternative to jl2012's BIPZZZ (OP_PUSHTXDATA).
It riffs on the (ab)use of OP_CHECKSIGFROMSTACK that Russell
used to implement covenants. I've been talking about it to random
people for a while, but haven't taken time to write it up.
The idea is to provide a OP_TXMERKLEVERIFY that compares the top stack
element against a merkle tree of the current tx constructed like so:
TXMERKLE = merkle(nVersion | nLockTime | fee, inputs & outputs)
inputs & outputs = merkle(inputmerkle, outputmerkle)
input = merkle(prevoutpoint, nSequence | inputAmount)
output = merkle(nValue, scriptPubkey)
Many variants are possible, but if we have OP_CAT, this makes it fairly
easy to test a particular tx property. A dedicated OP_MERKLE would make
it even easier, of course.
If we one day HF and add merklized TXIDs, we could also use this method
to inspect the tx *being spent* (which was what I was originally trying to
Thanks for reading!
 Aka Dr. "Not Rusty" O'Connor. Of course both of us in the same thread will
probably break the internet.
 You could put every element in a leaf, but that's less compact to
use: cheaper to supply the missing parts with OP_CAT than add another level.
 Eg. use the high nVersion bit to say "make my txid a merkle".
More information about the bitcoin-dev