[bitcoin-dev] Delegated signatures in Bitcoin within existing rules, no fork required

ZmnSCPxj ZmnSCPxj at protonmail.com
Tue Mar 16 06:09:56 UTC 2021


Good morning Jeremy,

This is a very cool idea!

> Multiple Delegates: By signing a txn with several delegate outputs, it is possible to enforce multiple disparate conditions. Normally this is superfluous -- why not just concatenate S1 and S2? The answer is that you may have S1 require a relative height lock and S2 require a relative time lock (this was one of the mechanisms investigated for powswap.com).

I am somewhat confused by this.
Do you mean that the delegating transaction (the one signed using the script of A with `SIGHASH_NONE`) has as input (consumes) multiple delegate outputs D1, D2... with individual scripts S1, S2... ?

> Sequenced Contingent Delegation: By constructing a specific TXID that may delegate the coins, you can make a coin's delegation contingent on some other contract reaching a specific state. For example, suppose I had a contract that had 100 different possible end states, all with fixed outpoints at the end. I could delegate coins in different arrangements to be claimable only if the contract reaches that state. Note that such a model requires some level of coordination between the main and observing contract as each Coin delegate can only be claimed one time.

Does this require that each contract end-state have a known TXID at setup time?

> Redelegating: This is where A delegates to S, S delegates to S'. This type of mechanism most likely requires the coin to be moved on-chain to the script (A OR S or S'), but the on-chain movement may be delayed (via presigned transactions) until S' actually wants to do something with the coin.

The script `A || S || S'` suggests that delegation effectively still allows the original owner to still control the coin, right?
Which I suppose is implied by "Revocation" above.

Regards,
ZmnSCPxj



More information about the bitcoin-dev mailing list