Password-based bitcoin transactions

4

0

I have been reading about the role of script in transactions and I gather it should be possible to do a Bitcoin transfer to a receiver who knows a password. Instead of checking an address, the script would check that the hash of an input corresponds to the value given by the sender.

I have a few doubts on how this would work exactly. The script I have in mind, following the notation used in https://en.bitcoin.it/wiki/Script for standard and IP transactions, is:

scriptPubKey: OP_HASH160 <passwordHash> OP_EQUALVERIFY OP_CHECKSIG
scriptSig: <sig><pubKey><password>

The transfer would have six steps:

- Stack: Empty  Script: <sig><pubKey><password> OP_HASH160 <passwordHash> OP_EQUALVERIFY OP_CHECKSIG
- Stack: <sig><pubKey><password>  Script: OP_HASH160 <passwordHash> OP_EQUALVERIFY OP_CHECKSIG
- Stack: <sig><pubKey><passwordhashA>  Script: <passwordHash> OP_EQUALVERIFY OP_CHECKSIG
- Stack: <sig><pubKey><passwordhashA><passwordHash>  Script:  OP_EQUALVERIFY OP_CHECKSIG
- Stack: <sig><pubKey>   Script:  OP_CHECKSIG
- Stack: true   Script:  Empty

I have left OP_HASH160 because it is already being used so no new operation is needed, but the other hashes in script should be possible. The protocol has some nice properties like making the password public when the coins are transferred.

Is this code correct? Is there something similar in the blockchain? I would like to try it, but I'm not really sure how to connect to the network with such a script. Should I first create a transaction to a "Bitcoin Limbo" and then try to recover it to the final address?

halftimepad

Posted 2012-11-26T18:44:34.417

Reputation: 1 218

Answers

5

What if somebody sees the password as the transaction is being relayed around, and makes a new version that transfers your bitcoins to them? If they have better network integration/a higher bandwidth connection, then their version might be able to overtake yours.

Nick ODell

Posted 2012-11-26T18:44:34.417

Reputation: 26 536

1Yeah, it's better to encrypt a private key and use the password to that. You can even store the encrypted private key in the block chain if you want.theymos 2012-11-26T19:52:28.423

I guess there are then two questions. Whether the password transaction is possible and whether it is advisable. The attack you suggest reminds me of double spending. I should think about it, but maybe the same network consensus mechanism that puts double spending in check would be enough to protect the password transaction .halftimepad 2012-11-26T22:38:16.173

2Possible: yes; advisable; no. Also, the attack I described is much easier to pull off than double spending, because it doesn't require getting 51% of hashing power. Also, to usefully double-spend, you need some sort of merchant to trust you. This attack can be pulled off by any random person on the internet.Nick ODell 2012-11-27T06:32:48.340

Asked: 2012-11-26T18:44:34.417

Viewed: 545 times

Active: 2012-11-26T19:24:59.647