Professional Documents
Culture Documents
========================
Example 1: How can A irreversibly give B coins B can only spend *after* time T?
A pays coins to 2-of-2 multisig address owned by A and B, creating UTXO
A creates+signs transaction sending this UTXO to B, with lock_time T
A gives new transaction to B. B can sign, but can't submit until time T
Example 2: How can A give B coins but reclaim them if not spent *before* time T?
A creates+signs but doesn't submit tx1 paying coins to B
A sends hash of tx1 to B
B creates+signs transaction tx2 paying tx1 back to A with lock_time T
B sends tx2 to A, and A submits tx1
Say you want to verify transaction happened w/o downloading entire blockchain
Enlist help of server with full blockchain, but don't trust server
Server sends you just block headers + Merkle path to transactions
Download just block headers + Merkle path in one block with your transaction
What you get from this is Simple Payment Verification (SPV) security
You know work was invested in transaction
Don't know that miners were honest (could be in ill-formed block)
Can we make this even smaller? Yes with a Proof-of-Proof-of-Work
Observation: In a blockchain with target T, some hashes should be <<T
So build skiplist. Each block contains not just prev pointer, but
Array where prev[i] is most recent block with hash <= T/2^i
Intuition: can return compact proof by returning higher-difficult subchains
Return last k blocks always, then for previous height - k blocks:
- return m blocks linked by prev[i] for greatest i
- for lesser i's return up to 2m most recent blocks
Non-Interactive Proof of Proof of Work (NIPoPoW) <https://nipopows.com/>
But some serious gotchas, so check out details before implementing
Say you have brilliant Blockchain idea, but incompatible with Bitcoin
Very hard to upgrade Bitcoin--all miners would need to upgrade
So just build new clean-slate blockchain NewCoin? Two problems:
1. How do you distribute the coins and convince people they have value?
2. How do you secure the mining?
Bit of chicken-and-egg problem (saw Goldfinger attacks last time)
Idea for #1: Let people trade Bitcoin for NewCoin
Send BTC to address with ScriptPK RETURN <NewCoin address> (destroys BTC)
Submit special NewCoin tx with SPV proof you destroyed bitcoin
NewCoin ruls will issue proportional number of coins to <NewCoin address>
So now NewCoin worth 1 BTC? No only costs 1 BTC, because can't go back
Could use atomic cross-chain swap to go back, but no guarantee of taker
Idea for problem #2: Merged mining
Embed NewCoin block header in Bitcoin block header
Example: namecoin header marked by fabe6d6d in BTC coinbase ScriptSig
Not every Bitcoin miner needs to do this--namecoin has own prev pointer
But represents free additional income to miners, so why not?
How do we do this without Bitcoin script SPV parsing feature? Federated pegs
Emulate OP_SideChainProofVerify by semi-trusted consortium of functionairies
Send payments to MultiSig BTC address of consortium instead of SPV-locking
Maybe BTS later implements OP_SideChainProofVerify as security improvement
Blockstream Liquid does this today