User:Gmaxwell/covenant busting: Difference between revisions
(Created page with "With more expressive script systems there is a risk of non-removable [https://bitcointalk.org/index.php?topic=278122.0 covenants] which break the fungibility of coins. It migh...") |
(No difference)
|
Revision as of 00:03, 16 August 2014
With more expressive script systems there is a risk of non-removable covenants which break the fungibility of coins. It might be desirable it the system provided a way to bust long lasting covenants.
Lets imagine that I just spent a covenant controlled coin that had sat still for a long time.
Then I go to spend one of its outputs, but instead of spending it normally— Lets define FEC as a 8-bit reed solomon code. I present two values: X, Y. X is a new scriptpubkey hash that I'd rather be spending instead and Y is some value such that H(Y) xor FEC(scriptpubkey).
This way if I have at least 20 bytes of control over the covenant's script pubkey I can use it to set it up so that I can tear off the covenant and the covenant cannot prevent me except by giving me less than 20 bytes of control... since the covenant can't know Y it can't restrict my freedom to disallow this.
The trick is also doing this without making covenants useless or creating other vulnerabilities.