From: Mike Hearn <mike@plan99•net>
To: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: [Bitcoin-development] Detecting OP_EVAL scriptPubKeys that are to you
Date: Tue, 25 Oct 2011 12:49:11 +0200 [thread overview]
Message-ID: <CANEZrP1ic4RXFzoqf66MGv=rJe3MgWxVi5nnk2VKkMc4VMCDyw@mail.gmail.com> (raw)
scriptPubKeys that use OP_EVAL contain a hash of a script. If I
understand correctly, that means to detect a transaction in a block
that is relevant to your wallet, that means you need to pre-calculate
every possible hash that might appear.
For the case of a single payment, that's not a problem. It means for
each key you now have to check for:
- raw key
- key hash
- hash of script that contains key hash
- hash of script that contains raw key
which isn't so bad.
What is the complexity like when multi-signing comes into the picture?
I *think* it's not an issue for the use cases currently envisioned,
but being unable to "see into" a script could complicate things later.
Specifically: for a wallet protection service, you have to make sure
the WPS keys are matched 1:1 with your own private keys. You must
never mix them up otherwise you have to check the block chain for the
cross-product. Deterministic wallets are one way to achieve that
without compromising privacy.
For escrow contracts, using OP_EVAL means you cannot detect them
unless the sender has told you the pubkey they are going to use,
because otherwise you can't recreate the hashed script. Escrow
protocols require some out of band communication anyway in order to
set up the escrow key, so this isn't inherently a problem.
Are there any use cases where you will want to recognize transactions
to you, where you can't predict the full script contents?
next reply other threads:[~2011-10-25 10:49 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-25 10:49 Mike Hearn [this message]
2011-10-25 13:21 ` Gavin Andresen
2011-10-25 14:49 ` Gregory Maxwell
2011-10-25 16:47 ` Alan Reiner
2011-10-26 8:58 ` Michael Grønager
2011-10-26 14:03 ` Gregory Maxwell
2011-10-26 15:00 ` Gavin Andresen
2011-10-27 7:32 ` Michael Grønager
2011-10-27 9:08 ` Gregory Maxwell
2011-10-28 10:24 ` Michael Grønager
2011-10-29 17:01 ` Gavin Andresen
2011-10-31 8:50 ` Michael Grønager
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANEZrP1ic4RXFzoqf66MGv=rJe3MgWxVi5nnk2VKkMc4VMCDyw@mail.gmail.com' \
--to=mike@plan99$(echo .)net \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox