Is the following idea possible in Bitcoin's Script?

CIYAM

legendary

Activity: 1890

Merit: 1089

Ian Knowles - CIYAM Lead Developer

Quote from: dagelf on January 22, 2016, 05:41:08 AM

What's your use case? Perhaps there's a simpler solution...

It's perhaps a little strange - but what I have been considering is the idea of how to ensure that the same address is not used twice as a sort of contract.

So if two signatures can be tied to the same public key then that would release funds that perhaps otherwise would be CLTV refundable.

dagelf

newbie

Activity: 47

Merit: 0

Quote from: CIYAM on January 12, 2016, 08:33:46 AM

What I am wanting to create is a Bitcoin script that will do the following:

- check against
- check against

What's your use case? Perhaps there's a simpler solution...

CIYAM

legendary

Activity: 1890

Merit: 1089

Ian Knowles - CIYAM Lead Developer

Quote from: Kefkius on January 20, 2016, 06:24:00 PM

At any rate, hopefully this will give you some ideas.

Indeed - thanks for the input.

Kefkius

member

Activity: 64

Merit: 21

Quote from: CIYAM on January 12, 2016, 08:33:46 AM

What I am wanting to create is a Bitcoin script that will do the following:

- check against
- check against

then only redeem if both sig checks work but *additionally* I need it to ensure that is identical to and that is different to .

Is this even possible?

If must be identical to , then essentially aren't you saying that you require two the following:

- check against
- check against

Though it seems roundabout, OP_CHECKMULTISIG could potentially be used. If you put in a null output and require 2-of-2 signatures that sign the output, then in effect that would mean and have to be valid signatures of .

Here's my cursory attempt. The problem with it (in addition to whatever problems I don't see) is that the scriptPubKey doesn't pass the "is_p2sh()" test since it's not "OP_HASH160 <20 bytes> OP_EQUAL". Since I'm not sure how far you're willing to go from Bitcoin in your endeavor, I figure I'll include this anyway.

redeemScript:

Code:

2   2 OP_CHECKMULTISIG

scriptSig:

Code:

scriptPubKey:

Code:

// This part copies  and  to the alt stack for later.
2 OP_PICK OP_TOALTSTACK 1 OP_PICK OP_TOALTSTACK

// Normal P2SH stuff.
OP_HASH160  OP_EQUAL

// Bring  and  back from the alt stack. The top stack item will be true if they are not equal.
OP_FROMALTSTACK OP_FROMALTSTACK OP_EQUAL OP_NOT

At any rate, hopefully this will give you some ideas.

CIYAM

legendary

Activity: 1890

Merit: 1089

Ian Knowles - CIYAM Lead Developer

Quote from: DannyHamilton on January 14, 2016, 05:35:47 PM

CIYAM, I'm thinking I'll make all threads that I start "self-moderated" as a way to reduce the amount of sig ad spam in my threads.

Yup - mostly the ad sig spammers had kept away from the tech. discussion and project boards (where I pretty much only post nowdays) but it appears that now they won't even respect those two boards. Sad

DannyHamilton

legendary

Activity: 3528

Merit: 4945

Quote from: ?? on ??

-unknowledgeable nonsense?-

Reported as sig ad spam.

CIYAM, I'm thinking I'll make all threads that I start "self-moderated" as a way to reduce the amount of sig ad spam in my threads.

CIYAM

legendary

Activity: 1890

Merit: 1089

Ian Knowles - CIYAM Lead Developer

The concept is related to my own blockchain R&D and so perhaps not relevant to other uses.

If possible the idea would be to create a P2SH address that has this special script in it which can be redeemed if (and only if) the private key holder signs two messages (it is basically a higher-level mechanism to prevent attempts and double-spends in a non-POW implementation).

Assuming we have a simple message such as:

then if a block creator was to create two blocks at the same height (which would require the same public key due to other mechanisms) then if some funds had been stored in the P2SH address to redeem then anyone could take those funds at that point in time.

I think the idea might not be really very practical anyway as the block creator themselves would be the first person to attempt to spend the funds so it is probably going to require a bit more thought.

kiblirov

newbie

Activity: 48

Merit: 0

It is not solvable with the current OP_ commands we have. Core level implementation is mandatory to make it possible. If you really think it is vital to have such comparisons, then you need to make it happen. I would prefer if you would award a bounty, then many will try to write the code. It will be possible. Nothing can be said impossible in the bitcoin era.

DannyHamilton

legendary

Activity: 3528

Merit: 4945

Quote from: mmeijeri on January 12, 2016, 12:39:41 PM

- snip -
can't check signatures against arbitrary data.
- snip -

Bah. I hadn't even thought of that. OP_CHECKSIGVERIFY is going to check the signature against the transaction, not the supplied data. Hmm. Maybe not possible after all. Going to have to really think about this one, but I'm much less confident all of the sudden.

mmeijeri

hero member

Activity: 714

Merit: 500

Martijn Meijering

You can't check signatures against arbitrary data. Blockstream has a new opcode CHECKSIGFROMSTACK that allows it in Elements alpha, and that might find its way into Core reasonably soon.

DannyHamilton

legendary

Activity: 3528

Merit: 4945

Quote from: CIYAM on January 12, 2016, 11:35:28 AM

Quote from: DannyHamilton on January 12, 2016, 11:30:14 AM

I'd think it should be possible with some combination of one or more OP_DUP, OP_EQUAL, OP_EQUALVERIFY, OP_CHECKSIGVERIFY, and OP_NOT. I'd have to think about it to see if I could come up with the exact script, but I'd be surprised if it couldn't be done.

Hey @DannyHamilton - great to see that you are still here.

Yeah, I'm trying really hard to cut back on the time I spend here, but I just haven't been able to make a clean break yet.

Quote from: CIYAM on January 12, 2016, 11:35:28 AM

I don't think that this is going to be an easy problem to solve and I might offer a BTC reward for the solution (but no point in offering a reward if the problem is not solvable).

If it was an easy problem, I'd think you'd have already figured it out on your own, but I've got a gut feel that it *should* be possible. I may be wrong on that, but it doesn't feel impossible.

CIYAM

legendary

Activity: 1890

Merit: 1089

Ian Knowles - CIYAM Lead Developer

Quote from: DannyHamilton on January 12, 2016, 11:30:14 AM

I'd think it should be possible with some combination of one or more OP_DUP, OP_EQUAL, OP_EQUALVERIFY, OP_CHECKSIGVERIFY, and OP_NOT. I'd have to think about it to see if I could come up with the exact script, but I'd be surprised if it couldn't be done.

Hey @DannyHamilton - great to see that you are still here.

I don't think that this is going to be an easy problem to solve and I might offer a BTC reward for the solution (but no point in offering a reward if the problem is not solvable).

DannyHamilton

legendary

Activity: 3528

Merit: 4945

I'd think it should be possible with some combination of one or more OP_DUP, OP_EQUAL, OP_VERIFY, OP_EQUALVERIFY, OP_CHECKSIGVERIFY, and OP_NOT. I'd have to think about it to see if I could come up with the exact script, but I'd be surprised if it couldn't be done.

OP_EQUAL, OP_NOT, and OP_VERIFY should be able to determine if sig1 and sig2 are different, right?
OP_EQUALVERIFY should be able to determine if data1 and data2 are the same, right?
OP_CHECKSIGVERIFY should be able to determine if the signatures are valid, right?
OP_DUP should allow you to duplicate values as needed in the stack so that they can be used in more than one comparison, right?

Maybe I'll play around with this a bit tonight.

CIYAM

legendary

Activity: 1890

Merit: 1089

Ian Knowles - CIYAM Lead Developer

What I am wanting to create is a Bitcoin script that will do the following:

- check against
- check against

then only redeem if both sig checks work but *additionally* I need it to ensure that is identical to and that is different to .

Is this even possible?

Topic: Is the following idea possible in Bitcoin's Script? (Read 1770 times)