Bitcoin Forum

can you make OP_CHECKHASHVERIFY to remove the last stack item?
then you can add OP_DEPTH 0 OP_EQUAL at the end of the public sig which will cause old clients to reliably fail verification unless they verify the script - i.e. support bip17.

Huh? You don't WANT old client to fail verification unless you purposely want to fork the chain, and if we do that, we might as well make other changes, too.

If the old clients aren't a majority why would it fork the chain?
If they are a majority, the alternative will be that all BIP17 transactions are spendable by anyone.
What am i missing here?

If the old clients won't verify it, they will reject the block containing it entirely, no matter how many other nodes say it's legit.

bummer
:)

how about this:

sig1 OP_0 sig1 sig2 SEPARATOR 2 pub1 pub2 2 checkmultisig pub1

hash <hash(pub1)> compare checksig <hash(x)> OP_CHECKHASHVERIFY OP_DROP

x is all the mess from the separator up to the hash(x)
the pub will be twice as long but at a const. length (the complex script can be as long is it needs)
an old client will always verify at least the first sig

Could use OP_DUP and such instead of the sig twice... but not too bad of an idea, actually! Addresses would end up a little long, but maybe not entirely unmanagable: 8TAwKxdJjw3tjdWJFhLg3PPnhaYFic1rHzDMTqmZukt1d2y8yFwEhAJndKcBM (length 61)

This is based on 1 byte version (= 5), 20 bytes "script hash", 20 bytes "script hash" XOR "first signature hash" (so you can't change one without changing the other...), and then the usual 4 bytes checksum.