Author: Joseph Poon 2016-03-08 02:56:20
Published on: 2016-03-08T02:56:20+00:00
The email conversation between two individuals is about exploring the use of signatures as a method of revocation for commitments. It is proposed that if private keys are disclosed as a method of revocation, then it is possible to achieve compactness without using OP_CODESEPARATOR. Temporary private keys must be disclosed instead of signatures under this mechanism, and they can be stored by making them derived from a tree or chain of hash functions. An example of a compact revocable broadcast script for Bob and Alice is provided, with their successful redemption and penalty transactions included. It is noted that if Alice did not broadcast the correct commitment, Bob could take the money immediately because she disclosed her private key when creating the new commitment transaction. If Alice correctly broadcasted the most recent commitment, Bob would not have PrivkeyAlice, so he cannot take the funds, but Alice does not have PrivkeyBob, so she has to wait for the CSV delay.It is mentioned that space can be saved in the timeout/non-penalty case, but transactions are larger for penalty cases. Additionally, it is possible to make it just a multisig output with the child transaction spending from it pre-signed as well using nSequence, but that requires more storage and more on-chain transactions. The email concludes with a side note that OP_CODESEPARATOR may become useful if there is SIGHASH_NOINPUT inside segregated witness in the future.
Updated on: 2023-05-23T22:42:13.689572+00:00