On Fri, Apr 25, 2014 at 8:18 PM, Luke-Jr <luke@dashjr.org> wrote:

This one looks entirely useless (it cannot be made secure)

The hash locking isn't to prevent someone else stealing your coin. Once a user broadcasts a transaction with x in it, then everyone has access to x.

It is to release the coin on the other chain. If you spend the output, you automatically give the other participant the password to take your coin on the other chain (completing the trade).

The BIP allows the hash to protect any of other standard transactions (except P2SH, since that is a template match).

For example, it would allow a script of the form

OP_HASH160 [20-byte-password-hash] OP_EQUAL_VERIFY OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

To spend it, you would need to provide the password and also sign the transaction using the private key.

and the assertion
that it is necessary for atomic cross-chain transfers seems unfounded and
probably wrong...

I meant that it is required for the particular protocol.

Luke