Moving coins between blockchains.

[Cryddit]

Say that I have code for a P2P currency platform that natively supports "colored coins" -- ie, coins of a particular type having different values, and values permitted to float against one another.  I developed the code thinking of a P2P stock exchange, basically the "colored coins" were intended to be stocks that some company would issue on the P2P exchange. 

The idea of using multiple currencies seemed like a good one.  It would be nice if you could trade frictionlessly using any cryptocoin.

But how can a Bitcoin (or Litecoin, or whatever) exist in the blockchain of an altchain? 

A "one way door" is easy enough; if you "burn" a bitcoin by sending it to a bitcoin address which is provably unspendable, the altchain network (if it knows about how to access the bitcoin blockchain) can verify that.  A special transaction type can create a "bitcoin" flavored coin into the alt chain when you prove you have the private key of the address that the bitcoin was sent to the unspendable bitcoin address from.  The problem with this is that the coin has been burned as far as the bitcoin chain is concerned.  There is no way to get it back.   The altcoin chain can

What I want to do is modify the "one way door" mechanism to make it into a "two way door."  A bitcoin sent to a "two way door" should be unspendable until the owner of the corresponding "bitcoin-flavored" altcoin z  in turn burns it in the altchain by sending it to an unspendable altchain address. This 'burn' in the altchain ('burning' the bitcoin-flavored altcoin) should release information to the sender allowing the sender (and no one else) to construct a key which allows spending the original, locked up bitcoin (in the bitcoin chain) by using the key. The person who 'sends' a bitcoin-flavored altcoin to the unspendable altchain address is presumed to be its current owner, right?  So he is the one who can be given the key to unlock the original bitcoin, still sitting in its little cage.

It's all well and good for the bitcoin-flavored altcoin to be permanently erased from the altcoin chain.  It (or another one fungibly like it) can be re-created if another (or the same) bitcoin is sent again to the "two way door."   But we don't want the bitcoin permanently erased from the bitcoin chain because it is in that chain that it actually has its primary value.

What I want is very much like an 'escrow' but based on the activity of another blockchain.  Anyone have any ideas on how to construct it?

[DeathAndTaxes]

I don't believe it is possible in a trustless way because there is no concept as "locked coins" in Bitcoin.

To see why it isn't possible lets look at where it would be possible.  If you imagine two brand new coins ACoin & BCoin.  Both A & B allow destroying coins in their chain via a type of transaction and creating coins via another tx.  The create coins tx requires as its input the tx id of the destroy tx on the other chain.  This would be pretty trivial to implement.   You destroy x coins on chain A and then create a enerate tx on chain B referencing the txid of the destroy on A like magic you created y new coins on chain B.

The problem is that while xCoin might support creating coins from nothing Bitcoin doesn't (excluding mining) so we can't make generation of xCoins based on destroying Bitcoins if you want it reversible.  The only workaround would be to somehow "lock down" the coins until the alt-coins are destroyed.  All unspent outputs can be spent by some entity (unless private keys are permanently lost) so at all times someone will be able to cheat the system.   You could use a system involving multiple custodians in a P2SH multi-sig address to reduce the risk but it wouldn't be trust free.  One way to ensure those breaking the trust can't benefit would be to require them to escrow a certain amount of xCoins which they forfeit (destroyed, given to miners, etc) if they release Bitcoins before xCoins are destroyed.  That would allow you to reduce the trust but not eliminate it.  If someone escrows 1000 xCoins but can steal 1 BTC and say the value of 1 BTC rises such that 1 BTC is worth more than 100,000 xCoins then theft will likely happen. There may be other ways to do this in a limited trust manner but it would never be trust free.

Not sure if it helps but rather than destroying and creating coins it is relatively easy to make trust free trades between chains.  Joe has Bitcoins and wants xCoins, Jane has xCoins and wants Bitcoins.  Neither party trusts the other one.  It is possible to construct a system in which neither party can cheat the other one.  

[Anon136]

this is a really great idea.

unfortunately you are never going to get a bitcoin fork that will allow bitcoin to integrate into such a system so you would just have to create an altcoin. i doubt people would want to burn up their bitcoins inorder to seed the new chain either so you would probably want to have new currency minted on blocks in the initial chain and just allow what ever chains other people wanted to create to operate with transaction fees alone.

if you did make this altcoin it would really be THE most promising altcoin around, i would invest and i think many others would too.

probably it would be good to merged mine with bitcoin also i think.

[Cryddit]

All coins in bitcoin are "locked" coins.  To open lock, you must satisfy conditions of script.  Usually means just show you have private key.  So no different than usual from Bitcoin side of the problem.

Altcoin side of the problem is somehow do-able, but I haven't seen yet exactly how.  Here is brief.

Some transaction or sequence of transactions "hides" the information necessary to spend the bitcoin in the blockchain of the altcoin.  Maybe it has to be done in a series, each after a previous transaction in the sequence is "confirmed."  Maybe it involves the creation and destruction of a couple of different special-flavor altcoin as intermediate steps.  During the process, an ordinary transaction is entered on the bitcoin blockchain which moves the bitcoin to a new script-hash address.  Last transaction in series creates the bitcoin-flavored altcoin on the altcoin blockchain.

Later, someone who has bitcoin-flavored altcoin wants to spend bitcoin.  Must go through another series of transactions, starting with destroying the Bitcoin-flavored altcoin and resulting eventually in releasing to that user sufficient information to spend Bitcoin.  This may involve the production and destruction of one or more special or different-flavored altcoin along the way.   It may need to be done in series after previous transaction in series is confirmed.  I'm pretty sure this is possible.  Zerocoin protocol working on altchain side, or something of key negotiation, secret sharing, etc.  Just haven't figured out exactly how yet.

[Anon136]

All coins in bitcoin are "locked" coins.  To open lock, you must satisfy conditions of script.  Usually means just show you have private key.  So no different than usual from Bitcoin side of the problem.

Altcoin side of the problem is somehow do-able, but I haven't seen yet exactly how.  Here is brief.

Some transaction or sequence of transactions "hides" the information necessary to spend the bitcoin in the blockchain of the altcoin.  Maybe it has to be done in a series, each after a previous transaction in the sequence is "confirmed."  Maybe it involves the creation and destruction of a couple of different special-flavor altcoin as intermediate steps.  During the process, an ordinary transaction is entered on the bitcoin blockchain which moves the bitcoin to a new script-hash address.  Last transaction in series creates the bitcoin-flavored altcoin on the altcoin blockchain.

Later, someone who has bitcoin-flavored altcoin wants to spend bitcoin.  Must go through another series of transactions, starting with destroying the Bitcoin-flavored altcoin and resulting eventually in releasing to that user sufficient information to spend Bitcoin.  This may involve the production and destruction of one or more special or different-flavored altcoin along the way.   It may need to be done in series after previous transaction in series is confirmed.  I'm pretty sure this is possible.  Zerocoin protocol working on altchain side, or something of key negotiation, secret sharing, etc.  Just haven't figured out exactly how yet.

you are over thinking it. it could just be understood by all involved parties that the sequentially lowest number that is a valid provably undependable address would correspond to blockchain 1 and the second lowest provably undependable address would correspond to blockchain 2. anyone who destroys coins on any chain by sending them to address 1 will have it recorded on blockchain 1, anyone who destroys coins on any chain by sending them to address 2 will have it recorded on blockchain 2. easy as pie.

you would obviously need to outline rules for prefixing that would denote which chain we were operating on. similar to how bitcoin uses 1 and litecoin uses L. for example this would always start with z001, z002 ect, leaving room for 999 chains. also you would need to include a valid address for the chain corresponding to the unspendable address in the transaction but that wouldnt be hard either.