0
Consider Alice and Bob created the following native segwit script:
hash SHA256 defined as H | Alice PubKey | Bob Pubkey
Only Bob has the pre-image (plain text that hashes [sha256] to H). Can Alice just sign a transaction without revealing H, and just hand over the partially signed transaction off chain to Bob so he can reveal H + add his signature, make the transaction final and spend it?
The catch here is that neither Alice and Bob to be in total and exclusive control of the funds, but for Bob to have to reveal an additional secret as spending condition.
Thank you very much for your answer. Can you please describe in few words how the software should handle the data? So support for this can be added? – skydanc3r – 2018-01-29T22:58:08.637
The software would just need to understand what the script is and know where the data in question (provided signatures and preimage) must go. – Andrew Chow – 2018-01-29T23:06:46.650
so this is a 2-of-2 multisig, and the (redeemscript-) hash is shared between both. Bob can keep the cleartext redeem script. And Alice gets only the hash of it. Otherwise Alice wouldn't sign the complete transaction (where the redeem script hash is in the "sigscript section")? – pebwindkraft – 2018-02-01T12:52:25.700
@pebwindkraft No. That scenario would not be possible at all as Alice needs the redeemScript to produce a valid signature. What OP is talking about is an HTLC. – Andrew Chow – 2018-02-01T15:46:53.917