📅 Original date posted:2011-11-09
🗒️ Summary of this message: A proposal to use the Bitcoin P2P network to distribute signatures for partially-signed transactions, with potential anonymity benefits, but at a cost.
📝 Original message:Crossing posts ;)
I like your idea! - It adds a pricetag to distributing a signature - and - as you mention it will be part of the standard. It is only up to the clients if they want to support it or not, but it does give you 0-conf world wide instantaneous anonymously distribution of half-baked transactions...
However, the parties will anyway need to know at least about each others public keys up front and hence the 0-conf might not be that important... Left is, as you said, some anonymity (not much extra though)...
/M
On 09/11/2011, at 21:02, Gavin Andresen wrote:
>> I don't think partially-signed transactions belong on the main Bitcoin
>> P2P network, mostly because I don't see any way of preventing somebody
>> from endlessly spamming bogus, will-never-be-completed partial
>> transactions just to be annoying.
>
> ... of course I write that and then start thinking about ways you
> COULD use the P2P network to distribute signatures, maybe by
> broadcasting (and paying fees for) complete transactions that contain
> extra signatures for the transaction that you want to sign.
>
> Here's a half-baked idea that might be brilliant or stupid:
>
> + Start with an escrow transaction, with 3 public keys. I own one of the keys.
> + I broadcast a 'fee-only' transaction that pays 0 bitcoins to the key
> I own. But I add extra data to the scriptSig; something like:
>
> scriptSig: <escrow_signature> <serialized_escrow_transaction> <sig> <pubkey>
> scriptPubKey: ...standard DUP HASH160 <pubkeyhash> ...etc
> nValue: 0
>
> The other parties to the escrow transaction could monitor the
> block-chain for transactions to my <pubkeyhash>, and get the signature
> and proposed "spend the funds in escrow" transaction from the
> scriptSig.
>
> .......
>
> "But won't that gunk up the block chain with more data?"
>
> Yup. But the parties to the transaction will have to pay for the
> extra data they're including.
>
> And everything in the scriptSigs can, theoretically, be forgotten (or
> never sent) to most nodes on the network once the transaction is spent
> and is buried deep enough in the block chain. (a nValue=0 transaction
> can be considered 'immediately spent').
>
> "Can you really put arbitrary stuff in the scriptSig?"
>
> Yup. The IsStandard() check today allows up to 200 bytes, which
> wouldn't be enough for an extra signature and <serialized
> transaction>.
>
> The standard <sig> <pubkey> is about 150 bytes; part of the
> multi-signature proposal will be increasing that to 500 bytes to
> accomodate 3-signatures transactions. A simple 1-input-1-output
> <serialized transaction> would be around 50 bytes or so.
>
> "Wouldn't it be cheaper/better to NOT use the block chain to
> distribute signatures?"
>
> Yup. The only advantage I see is it might be more anonymous to use the
> blockchain instead of directly connecting to, and finding out the IP
> address of, the parties involved in the transaction.
>
>
> --
> --
> Gavin Andresen
Michael Gronager, PhD
Owner Ceptacle / NDGF Director, NORDUnet A/S
Jens Juels Gade 33
2100 Copenhagen E
Mobile: +45 31 62 14 01
E-mail: gronager at ceptacle.com
Michael Grønager [ARCHIVE] /
npub15f…xlq6h
2023-06-07 02:38:29
in reply to nevent1q…a82e
Author Public Key
npub15fmnxm546tg2sv0l7elusrvqsgezdzdg3m0flpml5fr2qf3f5slskxlq6hPublished at
2023-06-07 02:38:29Event JSON
{
"id": "c6793066924c849f3e97060e915ffc1f2a16466fd077af744106aacb6b815c81",
"pubkey": "a277336e95d2d0a831fff67fc80d8082322689a88ede9f877fa246a02629a43f",
"created_at": 1686105509,
"kind": 1,
"tags": [
[
"e",
"a7fd8b1daaa858237747bd2300e513940cf62340eedfc2d0e5c06a3e24e868d2",
"",
"root"
],
[
"e",
"27995bfae7450f729b991ba87bc700afb59576bdda4c5946ec2778a673bf3571",
"",
"reply"
],
[
"p",
"857f2f78dc1639e711f5ea703a9fc978e22ebd279abdea1861b7daa833512ee4"
]
],
"content": "📅 Original date posted:2011-11-09\n🗒️ Summary of this message: A proposal to use the Bitcoin P2P network to distribute signatures for partially-signed transactions, with potential anonymity benefits, but at a cost.\n📝 Original message:Crossing posts ;)\n\nI like your idea! - It adds a pricetag to distributing a signature - and - as you mention it will be part of the standard. It is only up to the clients if they want to support it or not, but it does give you 0-conf world wide instantaneous anonymously distribution of half-baked transactions...\n\nHowever, the parties will anyway need to know at least about each others public keys up front and hence the 0-conf might not be that important... Left is, as you said, some anonymity (not much extra though)...\n\n/M\n\n\nOn 09/11/2011, at 21:02, Gavin Andresen wrote:\n\n\u003e\u003e I don't think partially-signed transactions belong on the main Bitcoin\n\u003e\u003e P2P network, mostly because I don't see any way of preventing somebody\n\u003e\u003e from endlessly spamming bogus, will-never-be-completed partial\n\u003e\u003e transactions just to be annoying.\n\u003e \n\u003e ... of course I write that and then start thinking about ways you\n\u003e COULD use the P2P network to distribute signatures, maybe by\n\u003e broadcasting (and paying fees for) complete transactions that contain\n\u003e extra signatures for the transaction that you want to sign.\n\u003e \n\u003e Here's a half-baked idea that might be brilliant or stupid:\n\u003e \n\u003e + Start with an escrow transaction, with 3 public keys. I own one of the keys.\n\u003e + I broadcast a 'fee-only' transaction that pays 0 bitcoins to the key\n\u003e I own. But I add extra data to the scriptSig; something like:\n\u003e \n\u003e scriptSig: \u003cescrow_signature\u003e \u003cserialized_escrow_transaction\u003e \u003csig\u003e \u003cpubkey\u003e\n\u003e scriptPubKey: ...standard DUP HASH160 \u003cpubkeyhash\u003e ...etc\n\u003e nValue: 0\n\u003e \n\u003e The other parties to the escrow transaction could monitor the\n\u003e block-chain for transactions to my \u003cpubkeyhash\u003e, and get the signature\n\u003e and proposed \"spend the funds in escrow\" transaction from the\n\u003e scriptSig.\n\u003e \n\u003e .......\n\u003e \n\u003e \"But won't that gunk up the block chain with more data?\"\n\u003e \n\u003e Yup. But the parties to the transaction will have to pay for the\n\u003e extra data they're including.\n\u003e \n\u003e And everything in the scriptSigs can, theoretically, be forgotten (or\n\u003e never sent) to most nodes on the network once the transaction is spent\n\u003e and is buried deep enough in the block chain. (a nValue=0 transaction\n\u003e can be considered 'immediately spent').\n\u003e \n\u003e \"Can you really put arbitrary stuff in the scriptSig?\"\n\u003e \n\u003e Yup. The IsStandard() check today allows up to 200 bytes, which\n\u003e wouldn't be enough for an extra signature and \u003cserialized\n\u003e transaction\u003e.\n\u003e \n\u003e The standard \u003csig\u003e \u003cpubkey\u003e is about 150 bytes; part of the\n\u003e multi-signature proposal will be increasing that to 500 bytes to\n\u003e accomodate 3-signatures transactions. A simple 1-input-1-output\n\u003e \u003cserialized transaction\u003e would be around 50 bytes or so.\n\u003e \n\u003e \"Wouldn't it be cheaper/better to NOT use the block chain to\n\u003e distribute signatures?\"\n\u003e \n\u003e Yup. The only advantage I see is it might be more anonymous to use the\n\u003e blockchain instead of directly connecting to, and finding out the IP\n\u003e address of, the parties involved in the transaction.\n\u003e \n\u003e \n\u003e -- \n\u003e --\n\u003e Gavin Andresen\n\nMichael Gronager, PhD\nOwner Ceptacle / NDGF Director, NORDUnet A/S\nJens Juels Gade 33\n2100 Copenhagen E\nMobile: +45 31 62 14 01\nE-mail: gronager at ceptacle.com",
"sig": "1ed9154d16fa9c5fb2801f02f3ca68078e1f6e20d26aa7b45b437f511a6a517abd9807eaed3caa378ab81bd469ae11018b6217f3b4d081512760f8a8733f1b3c"
}