Author

Topic: Support for Hierarchical Multi-Signature Transactions? (Read 855 times)

legendary
Activity: 1232
Merit: 1094
Ah thank you Vitalik.  That's exactly what I was looking for.

But most of this is not yet implemented?  That is sad

Looks like all those opcodes are active?
newbie
Activity: 24
Merit: 0
As for what is possible right now, I'm looking at https://en.bitcoin.it/wiki/Script, and it looks like there's a lot of opcodes that nobody seems to be taking advantage of yet. Might something like

(sig) (pubkey) OP_CHECKSIG (sig) (pubkey) OP_CHECKSIG (sig) (pubkey) OP_CHECKSIG OP_ADD OP_ADD 2 OP_GREATERTHANOREQUAL
(sig) (pubkey) OP_CHECKSIG (sig) (pubkey) OP_CHECKSIG (sig) (pubkey) OP_CHECKSIG OP_ADD OP_ADD 2 OP_GREATERTHANOREQUAL
(sig) (pubkey) OP_CHECKSIG (sig) (pubkey) OP_CHECKSIG (sig) (pubkey) OP_CHECKSIG OP_ADD OP_ADD 2 OP_GREATERTHANOREQUAL
OP_ADD OP_ADD 2 OP_GREATERTHANOREQUAL

for a "2-of-3 per group, 2 groups out of 3" transaction work?

Ah thank you Vitalik.  That's exactly what I was looking for.

But most of this is not yet implemented?  That is sad
legendary
Activity: 1050
Merit: 1000
You are WRONG!
hmm. The scripting language is not turing-complete, no loops. What are the limits of scripts?
kjj
legendary
Activity: 1302
Merit: 1026
The script system should be able to handle nearly arbitrary complexity in signing schemes.

Right now, the bulk of the network only supports a few simple script types, so the best you can do is M-of-N.

The good news is that M-of-N can, with a little cleverness, emulate just about any more complex scheme.
sr. member
Activity: 330
Merit: 397
Bitcoin multisig has nothing to do with cryptographic secret sharing schemes. Traditional secret sharing relies on fancy mathematical tricks like representing some secret as a polynomial and handing out, say, 10 points on that polynomial, such that any 5 of them are enough to determine what the original polynomial is. Bitcoin does not need that because its job isn't hiding secrets - rather, it's verification. In the case of Bitcoin, you simply have everyone make their signatures and then have miners directly check if at least 5 of the 10 signatures are valid. So the Bitcoin protocol can theoretically be extended to support any kind of hierarchical, anarchical, pseudorandom or whatever other ruleset for transaction validation (that's right, we could implement gambling right in the blockchain!) provided that no human judgement is required to determine validity (so, "redeemable by the owner of 178gb... if is deceased" won't work without a trusted authority).

As for what is possible right now, I'm looking at https://en.bitcoin.it/wiki/Script, and it looks like there's a lot of opcodes that nobody seems to be taking advantage of yet. Might something like

(sig) (pubkey) OP_CHECKSIG (sig) (pubkey) OP_CHECKSIG (sig) (pubkey) OP_CHECKSIG OP_ADD OP_ADD 2 OP_GREATERTHANOREQUAL
(sig) (pubkey) OP_CHECKSIG (sig) (pubkey) OP_CHECKSIG (sig) (pubkey) OP_CHECKSIG OP_ADD OP_ADD 2 OP_GREATERTHANOREQUAL
(sig) (pubkey) OP_CHECKSIG (sig) (pubkey) OP_CHECKSIG (sig) (pubkey) OP_CHECKSIG OP_ADD OP_ADD 2 OP_GREATERTHANOREQUAL
OP_ADD OP_ADD 2 OP_GREATERTHANOREQUAL

for a "2-of-3 per group, 2 groups out of 3" transaction work?
newbie
Activity: 24
Merit: 0
There is currently support for threshold multi-signature transactions where, for instance, 2 of 3 people must sign a transaction before it is valid.

Will there ever be support for hierarchy among the signers of a transaction?  A google search of "hierarchy secret sharing" shows that some hierarchies can be implemented.
Jump to: