I need to generate a receive address that is directly associated with some metadata, M, that forms part of a verifiable contract.
I require that customers can verify that an address really was generated from a specific contract message, but I do not want them to have the private key to the address.
I obviously don't want to bloat the blockchain nor do I wish to use non-standard transactions. P2SH is also not possible as it is still largely unsupported by many online wallet providers.
So here is my first attempt, based on (
https://bitcointalk.org/index.php?topic=108423.0) ...
# generate an EC key pair for the company
issuer_public_key = issuer_private_key * G
# create a contract message string, M
M = 'Terms of contract bla bla and also includes issuer_public_key for safety'
# generate a hash of the message
e = SHA256(M)
# create an EC point that is known to both parties
contract_point = (e * issuer_public_key)
# generate a public key for this contract to form our receive address. Customer agrees to contract when they send BTC to receive address.
receive_public_key = contract_point + issuer_public_key
# the private key for the receive address is thus
receive_private_key = contract_point + issuer_private_key
Feedback much appreciated