If using a monetary network requires out-of-band payments, then that severely limits the actual utility of the monetary network as a medium of exchange. Imagine if the only way to make a bank transfer was to first go in-person to the bank of the recipient of the transfer to give them something that then allowed your bank to make the transfer -- it would be an unworkable monetary system. Similarly, if future Bitcoin transactions require making out-of-band payments, then it has failed as a monetary network with an endogenous unit of account. The whole system has to work without reliance upon exogenous monetary media or mechanisms. As such, the commit-and-reveal scheme fails to maintain the monetary properties of the network as a whole unless we assert reliance upon altruism to get the commitments into the blockchain, which instead breaks the incentive-based game theoretic design. Maybe it would work as a stop-gap solution in the event of the advent of a relevant quantum computer, but it is certainly not a good long-term plan as currently formulated.<div><br /></div><div>Recall the original premise: "Bitcoin: A Peer-to-Peer Electronic Cash System". If you can't transact with it as cash, i.e. as the ultimate endogenous settlement mechanism, then it is no longer Bitcoin. Requiring an exogenous system fundamentally breaks the model.<br /><div><br /></div><div>-- Jonathan<br /><br /></div></div><div class="gmail_quote"><div dir="auto" class="gmail_attr">On Monday, June 2, 2025 at 9:53:55 AM UTC-4 Peter Todd wrote:<br/></div><blockquote class="gmail_quote" style="margin: 0 0 0 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">On Fri, May 30, 2025 at 03:00:41PM -0700, Jonathan Voss wrote:
<br>&gt; As far as I can tell, the main flaw in commit/reveal protocols is in the 
<br>&gt; commit phase: if revealing a commitment with N confirmations is required to 
<br>&gt; spend bitcoins, then, without spending any bitcoins, how do you get the 
<br>&gt; commitment into the blockchain in the first place? Maybe I am just 
<br>&gt; misunderstanding this. If so, then a commit/reveal scheme may be a workable 
<br>&gt; solution.
<br>
<br>You can always purchase new BTC to perform the commitment.
<br>
<br>Indeed, this problem is often seen in alt-coins where fees must be paid in a
<br>native asset, while users are trying to send some kind of tokenized asset like
<br>a USD token. You can have funds that you can&#39;t move because you don&#39;t have the
<br>correct asset. While annoying, this isn&#39;t a fatal problem.
<br>
<br>-- 
<br><a href="https://petertodd.org" target="_blank" rel="nofollow" data-saferedirecturl="https://www.google.com/url?hl=en-US&amp;q=https://petertodd.org&amp;source=gmail&amp;ust=1748976183939000&amp;usg=AOvVaw30SLWTOVWLLHXu9ctm9oTe">https://petertodd.org</a> &#39;peter&#39;[:-1]@<a href="http://petertodd.org" target="_blank" rel="nofollow" data-saferedirecturl="https://www.google.com/url?hl=en-US&amp;q=http://petertodd.org&amp;source=gmail&amp;ust=1748976183939000&amp;usg=AOvVaw0s2nrCzbnyp4yNmieblefT">petertodd.org</a>
<br></blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoindev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href="https://groups.google.com/d/msgid/bitcoindev/16f0f405-3f39-498e-9399-a6050773c4c7n%40googlegroups.com?utm_medium=email&utm_source=footer">https://groups.google.com/d/msgid/bitcoindev/16f0f405-3f39-498e-9399-a6050773c4c7n%40googlegroups.com</a>.<br />