With present model of Bitcoin Script, that’s not attainable.
Nevertheless, with some upgrades to Bitcoin’s ScriptVM it will turn out to be attainable, the conditions are:
- A strategy to decide to transaction’s outputs (e.g. OP_CHECKTEMPLATEVERIFY or TX introspection opcodes + OP_CAT)
- A strategy to break up & concatenate stack gadgets (OP_CAT & OP_SPLIT)
- A method for inputs to “see” one another (introspection opcodes)
With that, one might code a hash-lock however with an extra requirement: one other enter should reveal an aged dedication to (prevout + output contents of the TX). That is one thing solely the one that is aware of the key would have the ability to produce forward of showing the key. As soon as he spends from the contract he’ll reveal it, however he’ll have already got the aged dedication and others will not have the ability to steal his funds.
As soon as posted to mempool, safety would depend on the spending TX getting mined earlier than an attacker would have the ability to age an alternate dedication and put up an alternate spending TX.
A proof-of-concept for such a contract exists for Bitcoin Money (BCH), a blockchain fork of Bitcoin (BTC) which upgraded the ScriptVM with the required L1 primitives in ’18 (OP_CAT & OP_SPLIT) and ’22 (introspection opcodes) community upgrades.
The “lock” redeem script, positioned on the UTXO which might maintain the steadiness
(observe: there isn’t any unlocking knowledge, the enter’s unlocking script is simply the redeem script push)
// sha256(one_time_secret + commit_script_tail)
<93168bb98087a29aeb40733ef301f907c3e4125568dd0ddf851f304b43438a14>
// slice related enter's script
OP_INPUTINDEX OP_1ADD
OP_INPUTBYTECODE
<1> OP_SPLIT
OP_SWAP OP_SPLIT
<2> OP_SPLIT
<1> OP_SPLIT
<32> OP_SPLIT
<1> OP_SPLIT
<1> OP_SPLIT
// confirm sha256(one_time_secret + commit_script_tail)
<6> OP_ROLL OP_SWAP OP_CAT OP_SHA256
<6> OP_ROLL OP_EQUALVERIFY
// confirm enter script head format
<0x51> <0x61> OP_WITHIN OP_VERIFY
<0x51> <0x61> OP_WITHIN OP_VERIFY
OP_SIZE <32> OP_EQUALVERIFY
OP_DROP <32> OP_EQUALVERIFY
<0x4c72> OP_EQUAL
The “commit” redeem script, positioned on the UTXO which might reveal the aged dedication
(observe: the unlocking knowledge is simply the one_time_secret)
// sha256(associated_outpoint + one_time_secret + {first 3 outputs})
<0x8bda8c89d438b6da3fd9d289da59532736bfb23d93bba1e2e8da41c194ea43e9>
// age_reveal
<2>
// age_cleanup
<4>
OP_DEPTH <4> OP_LESSTHAN
// if no secret is offered then it is a cleanup spend
OP_IF
// as soon as redeem script is revealed and utxo aged past age_cleanup,
// any miner can declare the mud to himself
// confirm age_cleanup
OP_CHECKSEQUENCEVERIFY OP_DROP
OP_2DROP
// else it's a reveal spend
OP_ELSE
// drop age_cleanup, not wanted right here
OP_DROP
// confirm age_spend
OP_CHECKSEQUENCEVERIFY OP_DROP
// get related outpoint on high of stack
OP_INPUTINDEX OP_1SUB OP_DUP
OP_OUTPOINTTXHASH
OP_SWAP OP_OUTPOINTINDEX OP_CAT
// get one_time_secret on high of stack and concatenate
OP_ROT OP_CAT
// concatenate outputs 00 [& 01 [& 02]]
<0> OP_OUTPUTVALUE OP_CAT
<0> OP_OUTPUTTOKENCATEGORY OP_CAT
<0> OP_OUTPUTTOKENCOMMITMENT OP_CAT
<0> OP_OUTPUTTOKENAMOUNT OP_CAT
<0> OP_OUTPUTBYTECODE OP_CAT
OP_TXOUTPUTCOUNT <2> OP_GREATERTHANOREQUAL
OP_IF
<1> OP_OUTPUTVALUE OP_CAT
<1> OP_OUTPUTTOKENCATEGORY OP_CAT
<1> OP_OUTPUTTOKENCOMMITMENT OP_CAT
<1> OP_OUTPUTTOKENAMOUNT OP_CAT
<1> OP_OUTPUTBYTECODE OP_CAT
OP_ENDIF
OP_TXOUTPUTCOUNT <3> OP_GREATERTHANOREQUAL
OP_IF
<2> OP_OUTPUTVALUE OP_CAT
<2> OP_OUTPUTTOKENCATEGORY OP_CAT
<2> OP_OUTPUTTOKENCOMMITMENT OP_CAT
<2> OP_OUTPUTTOKENAMOUNT OP_CAT
<2> OP_OUTPUTBYTECODE OP_CAT
OP_ENDIF
OP_SHA256
// confirm towards embedded pre-commitment
OP_EQUALVERIFY
OP_ENDIF
OP_1
The contracts may be loaded into BitAuthIDE debugger utilizing this hyperlink.
The contracts have been efficiently spent from on BCH mainnet:
This proof-of-concept was first revealed right here