User:Gmaxwell/covenant busting

From Bitcoin Wiki
Revision as of 00:03, 16 August 2014 by Gmaxwell (talk | contribs) (Created page with "With more expressive script systems there is a risk of non-removable [https://bitcointalk.org/index.php?topic=278122.0 covenants] which break the fungibility of coins. It migh...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

With more expressive script systems there is a risk of non-removable covenants which break the fungibility of coins. It might be desirable it the system provided a way to bust long lasting covenants.


Lets imagine that I just spent a covenant controlled coin that had sat still for a long time.

Then I go to spend one of its outputs, but instead of spending it normally— Lets define FEC as a 8-bit reed solomon code. I present two values: X, Y. X is a new scriptpubkey hash that I'd rather be spending instead and Y is some value such that H(Y) xor FEC(scriptpubkey).

This way if I have at least 20 bytes of control over the covenant's script pubkey I can use it to set it up so that I can tear off the covenant and the covenant cannot prevent me except by giving me less than 20 bytes of control... since the covenant can't know Y it can't restrict my freedom to disallow this.

The trick is also doing this without making covenants useless or creating other vulnerabilities.

Retrieved from "https://en.bitcoin.it/w/index.php?title=User:Gmaxwell/covenant_busting&oldid=50063"