[bitcoin-dev] [BIP Proposal] Simple Proof-of-Reserves Transactions

Luke Dashjr luke at dashjr.org
Fri Feb 15 15:18:18 UTC 2019

On Tuesday 29 January 2019 22:03:04 Steven Roose via bitcoin-dev wrote:
> The existence of the first input (which is just a commitment hash) ensures
> that this transaction is invalid and can never be confirmed.

But nodes can never prove the transaction is invalid, thus if sent it, they 
will likely cache the "transaction", taking up memory. I'm not sure if this 
is an actual problem, as an attacker can fabricate such transactions anyway.

> #:Not all systems that will be used for verification have access to a full
> index of all transactions.  However, proofs should be easily verifiable
> even after some of the UTXOs used in the proof are no longer unspent.
> Metadata present in the proof allows for relatively efficient verification
> of proofs even if no transaction index is available.

I don't see anything in the format that would prove unspentness...

> The proposed proof-file format provides a standard way of combining
> multiple proofs and associated metadata.  The specification of the format
> is in the Protocol
> Buffers<ref>https://github.com/protocolbuffers/protobuf/</ref> format.

IIRC, this has been contentious for its use in BIP70 and may hinder adoption.

> message OutputMeta {
> // Identify the outpoint.
> bytes txid = 1;
> uint32 vout = 2;
> // The block hash of the block where this output was created.
> bytes block_hash = 3;

This isn't really sufficient. There should probably be a merkle proof.


More information about the bitcoin-dev mailing list