bitcoin-dev

Should Graftroot be optional?

Should Graftroot be optional?

Original Postby Gregory Maxwell

Posted on: May 23, 2018 23:45 UTC

In a discussion on the bitcoin-dev mailing list, Natanael brought up the issue of maintaining accountability for funds held in a P2SH address, even if all parties involved in signing a transaction collude.

The concern is that circumventing the rules set forth by the script could break the original purpose of the fund. However, there was some confusion regarding the example given and the possibility of graftroot. Graftroot would mean that funds are paid to a public key, allowing the holder(s) of the corresponding private key to sign without constraint, which would eliminate accountability regardless of graftroot. It was ultimately agreed upon that it should be possible to send funds constrained by a script without a public key ever existing at all.