Thursday, 6 December 2018

Provably fair miner donations instead of burn addresses, using OP_CDSV + OP_CSV

Recently we have seen a lot of cool tricks based on the fact that OP_CHECKDATASIGVERIFY can be used to let a script examine parts of its own spending transaction, and thereby assert conditions on parts of that transaction. Here's a use case that gives an alternative to burn addresses, where the "burn address" is actually a script that forces itself to only be used in a transaction that makes a "fair" donation to SHA256 miners.

Redeemscript pseudocode:

  1. Require OP_CHECKSIG from public key 0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798. (This is the pubkey for private key 1, so anybody can sign this). Keep a copy of signature and public key on stack.
  2. Introspection trick: use OP_CHECKDATASIGVERIFY with signature and public key to enforce that sighash_preimage (according to checksig algorithm) is correctly provided from the scriptsig stack. Keep just sighash_preimage.
  3. Extract hashOutputs from sighash_preimage.
  4. Enforce that hashOutputs == 0b41ef50758023563608376a77716211450d4fd3cb5713216390931378277d94, which is the double-sha256 of 0100000000000000000a6a08776f726d686f6c65 (i.e., there must be one output: amount 0, with OP_RETURN "wormhole")
  5. Finish off with 100 OP_CHECKSEQUENCEVERIFY, which means the coin can only be spent after 100 confirmations.

Scriptsig: must provide a transaction signature (which anyone can make, since the private key is 1) and the correct sighash_preimage to go along with it. It might be better to move the OP_CHECKSIG to the end of the script and precede it with OP_CODESEPARATOR, just to reduce the required size of sighash_preimage.

Any utxo created on this P2SH address is a provably 'fair' donation to miners since:

  • It is only spendable in a transaction that donates all BCH to the miner who mines it.
  • It is only spendable after 100 blocks have elapsed. Nobody can predict which miner will be the lucky one to snatch it up.

Note that if there are many miner-locked fee coins like this, all maturing at the same time, then this means that it may be profitable for all SHA256 miners to suddenly switch over to mine BCH in order to snatch up the fee -- depending on just how large the fees are. Thus the donation is in effect made fairly to all SHA256 hardware owners, in proportion to their hashpower. Or at least, to the ones who are paying attention.

submitted by /u/markblundeberg
[link] [comments]

source https://www.reddit.com/r/btc/comments/a3lzyg/provably_fair_miner_donations_instead_of_burn/
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)