On Saturday, June 06, 2015 2:35:17 PM Kalle Rosenbaum wrote:
> Current methods of proving a payment:
> * Signing messages, chosen by the server, with the private keys used to
> sign the transaction. This could meet 1 and 2 but probably not 3. This is
> not standardized either. 4 Could be met if designed so.

It's also not secure, since the signed messages only prove ownership of the 
address associated with the private key, and does not prove ownership of 
UTXOs currently redeemable with the private key, nor prove past UTXOs spent 
were approved by the owner of the address.

> A proof of payment for a transaction T, here called PoP(T), is used to
> prove that one has ownership of the credentials needed to unlock all the
> inputs of T.

This appears to be incompatible with CoinJoin at least. Maybe there's some 
clean way to avoid that by using 
https://github.com/Blockstream/contracthashtool ?

> It has the exact same structure as a bitcoin transaction with
> the same inputs and outputs as T and in the same order as in T. There is
> also one OP_RETURN output inserted at index 0, here called the pop output.

I also agree with Pieter, that this should *not* be so cleanly compatible 
with Bitcoin transactions. If you wish to share code, perhaps using an 
invalid opcode rather than OP_RETURN would be appropriate.


Bitcoin-development mailing list

Reply via email to