On Mon, Jun 10, 2013 at 01:25:05PM -0400, Alan Reiner wrote:
> to sign votes.  Not only that, but it would require them to reveal their
> public key, which while isn't technically so terrible, large amounts of
> money intended to be kept in storage for 10+ years will prefer to avoid
> any exposure at all, in the oft-chance that QCs come around a lot
> earlier than we expected.  Sure, the actual risk should be pretty much
> non-existent, but some of the most paranoid folks are probably the same
> ones who have a lot of funds and want 100.00% of the security that is
> possible.   They will see this as wildly inconvenient.

Solving that problem is pretty easy actually: just add a voting only
public key to your outputs. Specifically you would have an opcode called
something like "OP_VOTE" and put a code-path in your script that only
executes for that specific key.

It'd work best if we implement merklized abstract syntax trees to allow
you to reveal only the part of a script that is actually executed rather
than the whole script, a feature useful for a lot of other things.


Incidentally remember that we can implement as many new opcodes as we
want with a soft-fork by redefining one of the OP_NOP's to be a
OP_VERSION opcode that returns false for a given version:

    version OP_VERSION OP_IFNOT {new opcodes} OP_ENDIF

Nodes with the existing codebase will think the script always succeeds,
because the IFNOT branch isn't taken, leaving the non-false version on
the stack, while new nodes will take that branch.

-- 
'peter'[:-1]@petertodd.org
0000000000000109243df1322b7b5173c5796cf979318e933d887210c981c1f8