User:Gmaxwell/covenant busting

From Bitcoin Wiki
Revision as of 00:03, 16 August 2014 by Gmaxwell (talk | contribs) (Created page with "With more expressive script systems there is a risk of non-removable [https://bitcointalk.org/index.php?topic=278122.0 covenants] which break the fungibility of coins. It migh...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

With more expressive script systems there is a risk of non-removable covenants which break the fungibility of coins. It might be desirable it the system provided a way to bust long lasting covenants.


Lets imagine that I just spent a covenant controlled coin that had sat still for a long time.

Then I go to spend one of its outputs, but instead of spending it normally— Lets define FEC as a 8-bit reed solomon code. I present two values: X, Y. X is a new scriptpubkey hash that I'd rather be spending instead and Y is some value such that H(Y) xor FEC(scriptpubkey).

This way if I have at least 20 bytes of control over the covenant's script pubkey I can use it to set it up so that I can tear off the covenant and the covenant cannot prevent me except by giving me less than 20 bytes of control... since the covenant can't know Y it can't restrict my freedom to disallow this.

The trick is also doing this without making covenants useless or creating other vulnerabilities.

Retrieved from "https://en.bitcoin.it/w/index.php?title=User:Gmaxwell/covenant_busting&oldid=50063"