User:Gmaxwell/covenant busting

From Bitcoin Wiki
Jump to: navigation, search

With more expressive script systems there is a risk of non-removable covenants which break the fungibility of coins. It might be desirable it the system provided a way to bust long lasting covenants.

Lets imagine that I just spent a covenant controlled coin that had sat still for a long time.

Then I go to spend one of its outputs, but instead of spending it normally— Lets define FEC as a 8-bit reed solomon code. I present two values: X, Y. X is a new scriptpubkey hash that I'd rather be spending instead and Y is some value such that H(Y) xor FEC(scriptpubkey).

This way if I have at least 20 bytes of control over the covenant's script pubkey I can use it to set it up so that I can tear off the covenant and the covenant cannot prevent me except by giving me less than 20 bytes of control... since the covenant can't know Y it can't restrict my freedom to disallow this. The use of the FEC means that it doesn't matter which bytes we control.

The trick is also doing this without making covenants useless or creating other vulnerabilities.