summaryrefslogtreecommitdiff
path: root/40/fc0c30653dfe8464f87fbfcb18f2bc45cb556f
blob: 576426520462024f68246bf9072715a4b030f4ae (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <kalle@rosenbaum.se>) id 1YmiMI-000269-NK
	for bitcoin-development@lists.sourceforge.net;
	Mon, 27 Apr 2015 12:41:58 +0000
X-ACL-Warn: 
Received: from mail-qg0-f44.google.com ([209.85.192.44])
	by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1YmiMH-0006tv-Hl
	for bitcoin-development@lists.sourceforge.net;
	Mon, 27 Apr 2015 12:41:58 +0000
Received: by qgej70 with SMTP id j70so48649647qge.2
	for <bitcoin-development@lists.sourceforge.net>;
	Mon, 27 Apr 2015 05:41:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:cc:content-type;
	bh=B5kD07ZUs2GhHdbnNwm1Lf5vC1+y8rauNEqNMPTjCVg=;
	b=JF9SyR96GYnvk+1RDgAoK4jvj3tFCUtlJ4ccNwM1G7SI1swcjimhf3hWaQVgxX7S57
	no0GJ4MSVE/mLoOej5r416aOHotDmfJc2G23I/sH5gW22bZ1RA/3lh3cJv2ynDoKA6RL
	y0uZfWKzbFFcjqLdaK1IHUQIIJfouHD3EXfVTgglEG9bAsFrRgG70HHt6sRhq/WJ3HS2
	E0W7vjY0NiZLrh7yIXO1DpYYE6PDBz7O5lumBuulPISwXoGMLUJ66TUcBiB2Y8azt3gU
	sJ2WfJQkQPt+LHiWbPuzAvXkkibso6xVGgtWpDnQoL0EV7Dw6Rf8CzTZboHeuDVCtyOI
	koQA==
X-Gm-Message-State: ALoCoQlwfm6/3XfUOkXjq4skZG8ERg/DseEB/tHVfq7qt6O2bpDyRX7675n5NllMLkP5uG1wjMH8
MIME-Version: 1.0
X-Received: by 10.140.28.163 with SMTP id 32mr7287707qgz.5.1430138511945; Mon,
	27 Apr 2015 05:41:51 -0700 (PDT)
Received: by 10.96.145.9 with HTTP; Mon, 27 Apr 2015 05:41:51 -0700 (PDT)
Received: by 10.96.145.9 with HTTP; Mon, 27 Apr 2015 05:41:51 -0700 (PDT)
In-Reply-To: <CAPswA9xUfr1D6New3hm+1Z1OqSfkAZ8L+VnbFZayG+uJecgaeA@mail.gmail.com>
References: <CAPswA9zzVDxW8_WXg5833r2Z4pxZOppYtNLHMQ=Nw-H72cMz7w@mail.gmail.com>
	<A2849710-1069-45A1-89C0-9D8E40C4A8D6@newcastle.ac.uk>
	<CAPswA9wNS2J=4YhpqWN8SmzJuUF8mek8XLUYTE+twLX9vM4Jhg@mail.gmail.com>
	<CAPswA9wZk_8EjbN8J-VbMGQ6nrZ7SthopJ=HYMtpxhSCsm_neA@mail.gmail.com>
	<553D87CE.5000005@thinlink.com>
	<CAPswA9xUfr1D6New3hm+1Z1OqSfkAZ8L+VnbFZayG+uJecgaeA@mail.gmail.com>
Date: Mon, 27 Apr 2015 14:41:51 +0200
Message-ID: <CAPswA9w=DMDokS8BrDPTtWa_qpdORbK+V4aNS4DoAKE_F1iVoA@mail.gmail.com>
From: Kalle Rosenbaum <kalle@rosenbaum.se>
To: Tom Harding <tomh@thinlink.com>
Content-Type: multipart/alternative; boundary=001a1139b1b2fc047f0514b4115a
X-Spam-Score: 1.0 (+)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	1.0 HTML_MESSAGE           BODY: HTML included in message
X-Headers-End: 1YmiMH-0006tv-Hl
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Proof of Payment
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2015 12:41:58 -0000

--001a1139b1b2fc047f0514b4115a
Content-Type: text/plain; charset=UTF-8

"Or a really high lock_time, but it would not make it invalid, just
delayed."

Ok, this was a bad idea, since nodes would have to keep it in memory.
Please disregard that idea...

Kalle

Den 27 apr 2015 14:35 skrev "Kalle Rosenbaum" <kalle@rosenbaum.se>:
>
> >
> > Some more use cases might be:
> > Waiting in comfort:
> >  - Send a payment ahead of time, then wander over and collect the goods
> > after X confirmations.
> >
> > Authorized pickup :
> >  - Hot wallet software used by related people could facilitate the use
> > of 1 of N multisig funds.  Any one of the N wallets could collect goods
> > and services purchased by any of the others.
>
> I like this one, because it shows the power of reusing the transaction
data structure.
>
> >
> > Non-monetary gifts:
> >  - Sender exports spent keys to a beneficiary, enabling PoP to work as a
> > gift claim
> >
> > Contingent services:
> >  - Without Bob's permission, a 3rd party conditions action on a payment
> > made from Alice to Bob.  For example, if you donated at least .02 BTC to
> > Dorian, you (or combining scenarios, any of your N authorized family
> > members), can come to my dinner party.
>
> This is an interesting one.
>
> >
> > I tried out your demo wallet and service and it worked as advertised.
> >
> > Could the same standard also be used to prove that a transaction COULD
> > BE created?  To generalize the concept beyond actual payments, you could
> > call it something like proof of payment potential.
>
> I guess it's possible, but we'd have to remove the txid from the output,
since there is none. This is a way of saying "I'm in control of these
addresses". The other party/parties can then verify the funds on the
blockchain and watch those addresses for changes. Maybe there are some
interesting use cases here. Ideas?
>
> >
> > Why not make these proofs permanently INVALID transactions, to remove
> > any possibility of their being mined and spending everything to fees
> > when used in this way, and also in cases involving reorganizations?
>
> Yes. Initially I thought it would be enough that the funds are already
spent, but I think you're right here. Reorgs could be a problem. Worse, you
also might want to prove 0-confirmation transactions, in which case it's a
huge security problem. Someone might intercept the PoP and publish it on
the bitcoin network, spending all the funds. But I still would like wallets
to be able to build/verify PoPs with little or no modifications. Could we
possibly change the version number on the PoP to something other than 1?
Maybe 2^4-1? Or a really high lock_time, but it would not make it invalid,
just delayed. Any suggestions here?
>
> >
> > I agree that PoP seems complementary to BIP70.
> >
> >
>
> Thank you very much for your comments!
>
> /Kalle

--001a1139b1b2fc047f0514b4115a
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">&quot;Or a really high lock_time, but it would not make it i=
nvalid, just delayed.&quot; </p>
<p dir=3D"ltr">Ok, this was a bad idea, since nodes would have to keep it i=
n memory. Please disregard that idea... </p>
<p dir=3D"ltr">Kalle </p>
<p dir=3D"ltr">Den 27 apr 2015 14:35 skrev &quot;Kalle Rosenbaum&quot; &lt;=
<a href=3D"mailto:kalle@rosenbaum.se">kalle@rosenbaum.se</a>&gt;:<br>
&gt;<br>
&gt; &gt;<br>
&gt; &gt; Some more use cases might be:<br>
&gt; &gt; Waiting in comfort:<br>
&gt; &gt; =C2=A0- Send a payment ahead of time, then wander over and collec=
t the goods<br>
&gt; &gt; after X confirmations.<br>
&gt; &gt;<br>
&gt; &gt; Authorized pickup :<br>
&gt; &gt; =C2=A0- Hot wallet software used by related people could facilita=
te the use<br>
&gt; &gt; of 1 of N multisig funds.=C2=A0 Any one of the N wallets could co=
llect goods<br>
&gt; &gt; and services purchased by any of the others.<br>
&gt;<br>
&gt; I like this one, because it shows the power of reusing the transaction=
 data structure.<br>
&gt;<br>
&gt; &gt;<br>
&gt; &gt; Non-monetary gifts:<br>
&gt; &gt; =C2=A0- Sender exports spent keys to a beneficiary, enabling PoP =
to work as a<br>
&gt; &gt; gift claim<br>
&gt; &gt;<br>
&gt; &gt; Contingent services:<br>
&gt; &gt; =C2=A0- Without Bob&#39;s permission, a 3rd party conditions acti=
on on a payment<br>
&gt; &gt; made from Alice to Bob.=C2=A0 For example, if you donated at leas=
t .02 BTC to<br>
&gt; &gt; Dorian, you (or combining scenarios, any of your N authorized fam=
ily<br>
&gt; &gt; members), can come to my dinner party.<br>
&gt;<br>
&gt; This is an interesting one.<br>
&gt;<br>
&gt; &gt;<br>
&gt; &gt; I tried out your demo wallet and service and it worked as adverti=
sed.<br>
&gt; &gt;<br>
&gt; &gt; Could the same standard also be used to prove that a transaction =
COULD<br>
&gt; &gt; BE created?=C2=A0 To generalize the concept beyond actual payment=
s, you could<br>
&gt; &gt; call it something like proof of payment potential.<br>
&gt;<br>
&gt; I guess it&#39;s possible, but we&#39;d have to remove the txid from t=
he output, since there is none. This is a way of saying &quot;I&#39;m in co=
ntrol of these addresses&quot;. The other party/parties can then verify the=
 funds on the blockchain and watch those addresses for changes. Maybe there=
 are some interesting use cases here. Ideas?<br>
&gt;<br>
&gt; &gt;<br>
&gt; &gt; Why not make these proofs permanently INVALID transactions, to re=
move<br>
&gt; &gt; any possibility of their being mined and spending everything to f=
ees<br>
&gt; &gt; when used in this way, and also in cases involving reorganization=
s?<br>
&gt;<br>
&gt; Yes. Initially I thought it would be enough that the funds are already=
 spent, but I think you&#39;re right here. Reorgs could be a problem. Worse=
, you also might want to prove 0-confirmation transactions, in which case i=
t&#39;s a huge security problem. Someone might intercept the PoP and publis=
h it on the bitcoin network, spending all the funds. But I still would like=
 wallets to be able to build/verify PoPs with little or no modifications. C=
ould we possibly change the version number on the PoP to something other th=
an 1? Maybe 2^4-1? Or a really high lock_time, but it would not make it inv=
alid, just delayed. Any suggestions here?<br>
&gt;<br>
&gt; &gt;<br>
&gt; &gt; I agree that PoP seems complementary to BIP70.<br>
&gt; &gt;<br>
&gt; &gt;<br>
&gt;<br>
&gt; Thank you very much for your comments!<br>
&gt;<br>
&gt; /Kalle</p>

--001a1139b1b2fc047f0514b4115a--