3
2
Is the following scenario possible?
I want to send money to a script. This script will require knowing a private key to spend, as usual, but the script is only valid if the money is being sent to one of two addresses. That is, if the transaction has more than one output, it is invalid. If the transaction's output is a standard script to address A or to address B then it is valid. If the transaction output value is any less than x, it is invalid.
In other words, it seems the scripts serve to validate that you can spend the output, but then the output can be spent however the claimant wants. Is there any way to limit how the outputs are spent? All this without requiring a trusted oracle of course.
Interesting question. This particular application (funds to be paid to either A or B, but a third party C gets to decide which) might be achievable using multisig transactions, but maybe needing more interaction between the parties. – Nate Eldredge – 2014-03-21T03:51:46.273
@NateEldredge: Wouldn't multisig not help with this? e.g. say you need 2 of A, B, or C's signatures to spend it. A and B could both decide to just send it to E. – Claudiu – 2014-03-21T04:02:26.633
One way would be to require 3 signatures out of 4, and give two shares to C. – Nate Eldredge – 2014-03-21T12:04:10.103
@NateEldredge: Oh interesting. So you need either A&C, B&C, or all three. Someone could still steal all the private keys and send the money to E, though. I'm asking if there's a network-level rule to restrict how an input is spent, but it seems like there isn't. – Claudiu – 2014-03-21T15:57:59.883