Quote
Nevertheless, it is a Bitcoin-compliant transaction that can be replaced at any time as long as the original transaction has not been confirmed, isn't it ?
1. You commit your Script behind some address type. Which means, that people won't see for example "OP_RIPEMD160 2. Then, when you reveal the Script behind your address, it is too late to modify it, because it is already deeply confirmed. And then, nobody can create an identical Script with a different "
3. If you spend coins from the Script mentioned above, then everyone can verify, that you know SHA-256 of the public key. Only the true solver will know that. Then, some huge mining pool can agree to deposit some coins, to learn the solution to the puzzle.
4. The solver will see, that coins are deposited to "OP_SHA256
5. The solver can pass a transaction to the mining pool, claiming all coins from his address. Then, the pool can learn the public key, and sweep it with 100% transaction fee.
Edit: In general, it seems to be resistant to some simple attacks:
1. If the solver is lying, he will be unable to produce a proper address, and spend it, while revealing SHA-256 of the public key, so nobody will give him any coins in the first place.
2. If someone is observing the chain, and trying to replicate "I have the key" signal with a different solver's key, then that person will be unable to do that before the solver, because the real solver's address will be deeply confirmed. If we count the earliest attempt as the legit one, then any future solvers will not get anything.
3. Rewarding the solver is not direct, it is more similar to HTLC: there are two conditions: the solver's public key (with signature), and the puzzle's public key (where the hash of it is revealed in the Script). Which means, that the solver cannot run away with coins, without revealing the public key to the puzzle.
4. It is compatible with full-RBF and other network rules: the puzzle can be sweeped with 100% fee, and if it will be done by some pool, then the transaction will start from a single confirmation. Reorging a single block is not that easy. However, if the risk of reorg is too high, then rewarded amounts can be adjusted if needed, and someone may agree to reveal the public key for 6 BTC, instead of 6.6 BTC. We will see.
, I am part of the largest bitcoin
