[bitcoin-dev] Safer NOINPUT with output tagging

[Luke Dashjr]

Even besides NOINPUT, such a wallet would simply never show a second payment 
to the same address (or at least never show it as confirmed, until 
successfully spent).

At least if tx versions are used, it isn't possible to indicate this 
requirement in current Bitcoin L1 addresses. scriptPubKey might not be 
impossible to encode, but it isn't really clear what the purpose of doing so 
is.

If people don't want to use NOINPUT, they should just not use it. Trying to 
implement a nanny in the protocol is inappropriate and limits what developers 
can do who actually want the features.

Luke


On Tuesday 19 February 2019 19:22:07 Johnson Lau wrote:
> This only depends on the contract between the payer and payee. If the
> contract says address reuse is unacceptable, it’s unacceptable. It has
> nothing to do with how the payee spends the coin. We can’t ban address
> reuse at protocol level (unless we never prune the chain), so address reuse
> could only be prevented at social level.
>
> Using NOINPUT is also a very weak excuse: NOINPUT always commit to the
> value. If the payer reused an address but for different amount, the payee
> can’t claim the coin is lost due to previous NOINPUT use. A much stronger
> way is to publish the key after a coin is well confirmed.
>
> > On 20 Feb 2019, at 3:04 AM, Luke Dashjr <luke at dashjr.org> wrote:
> >
> > On Thursday 13 December 2018 12:32:44 Johnson Lau via bitcoin-dev wrote:
> >> While this seems fully compatible with eltoo, is there any other
> >> proposals require NOINPUT, and is adversely affected by either way of
> >> tagging?
> >
> > Yes, this seems to break the situation where a wallet wants to use
> > NOINPUT for everything, including normal L1 payments. For example, in the
> > scenario where address reuse will be rejected/ignored by the recipient
> > unconditionally, and the payee is considered to have burned their
> > bitcoins by attempting it.
> >
> > Luke