On 2022-11-07 23:17, Salvatore Ingala via bitcoin-dev wrote:
Hi list,
Hi Salvatore!,
I have been working on some notes to describe an approach that uses
covenants in order to enable general smart contracts in bitcoin. You
can find them here:
https://merkle.fun
I haven't yet been able to understand everything in your post, but I'm
wondering if you can describe how your proposal significantly differs in
application from [1]? E.g., you write:
1. Alice posts the statement “f(x) = y”.
2. After a challenge period, if no challenge occurs, Alice is free to
continue and unlock the funds; the statement is true.
3. At any time before the challenge period expires, Bob can start a
challenge: “actually, f(x) = z”.
That looks to me very similar to Gregory Maxwell's script from[1]
(comments and variable name changes mine):
# Offchain, Alice posts the statement f(x) = y
# Offchain, Bob provides Ex, an encrypted form of x that can be proven
in zero knowledge to satisfy both f(x) = y and sha256(x) = Y
OP_SHA256
<Y> OP_EQUAL
OP_IF
# Bob provided the preimage for Y, that preimage being the solution,
so he can spend the funds now
<Bob Pubkey>
OP_ELSE
# The challenge period ended, so Alice can reclaim her funds
<block_height+100> OP_CHECKLOCKTIMEVERIFY OP_DROP
<Alice Pubkey>
OP_ENDIF
OP_CHECKSIG
Thanks and apologies if I'm missing something obvious!,
-Dave
[1]
https://bitcoincore.org/en/2016/02/26/zero-knowledge-contingent-payments-announcement/
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
