On Sat, Jun 01, 2013 at 10:32:07PM -0400, Gavin wrote: > Feels like a new opcode might be better. > > Eg 100 OP_NOP1 > > ... Where op_nop1 is redefined to be 'verify depth' ... Good idea. Either way, looks like complex announce-commit logic isn't needed and a simple txout with one of a few possible forms will work. I'd say we tell people to sacrifice to (provably) unspendable for now and do a soft-fork later if there is real demand for this stuff in the future. > On Jun 1, 2013, at 3:30 PM, Peter Todd wrote: > > > Currently the most compact way (proof-size) to sacrifice Bitcoins that > > does not involve making them unspendable is to create a anyone-can-spend > > output as the last txout in the coinbase of a block: > > > > scriptPubKey: OP_TRUE > > > > The proof is then the SHA256 midstate, the txout, and the merkle path to > > the block header. However this mechanism needs miner support, and it is > > not possible to pay for such a sacrifice securely, or create an > > assurance contract to create one. > > > > A anyone-can-spend in a regular txout is another option, but there is no > > way to prevent a miner from including a transaction spending that txout > > in the same block. Once that happens, there is no way to prove the miner > > didn't create both, thus invalidating the sacrifice. The announce-commit > > protocol solves that problem, but at the cost of a much larger proof, > > especially if multiple parties want to get together to pay the cost of > > the sacrifice. (the proof must include the entire tx used to make the > > sacrifice) > > > > However if we add a rule where txouts ending in OP_TRUE are unspendable > > for 100 blocks, similar to coinbases, we fix these problems. The rule > > can be done as a soft-fork with 95% support in the same way the > > blockheight rule was implemented. Along with that change > > anyone-can-spend outputs should be make IsStandard() so they will be > > relayed. > > > > The alternative is sacrifices to unspendable outputs, which is very > > undesirable compared to sending the money to miners to further > > strengthen the security of the network. > > > > We should always make it easy for people to write code that does what is > > best for Bitcoin. -- 'peter'[:-1]@petertodd.org 0000000000000092f448c7630e47584650efa7e27604161c0b5984d603d944ea