Just an extension of this discussion:
https://bitcointalk.org/index.php?topic=486133.0Script is one of the most important elements in bitcoin, but it is far from perfect. Several codes were disabled due to bugs. OP_CHECKSIG is not upgradable. Do we even have a chance to have Script 2.0? This is the Script 2.0 in my mind:
1. It has to be backward compatible, aka soft fork. Thanks to Satoshi, this existing Script will allow us to do so by redefining one of the OP_NOP as something like OP_SCRIPT2EVAL
2. It has to be fully upgradable: it should retain enough room for future upgrade, in case we want Script 3.0, 4.0, 5.0. This is simple
3. Support merklized abstract syntax tree (MAST). This will allow very complex redemption conditions and embedding secret messages, while saving a lot of space.
4. Support multiple public key algorithms, allowing n-of-n multisig with n different public key algorithms. Since it is extremely unlikely for breaking different algorithms at the same time, funds are safe forever.
5. Support more hashing algorithms. Same as 4
6. OP_CHECKSIG should be broken down into several codes. It should allow the signer to specify the value of the input so lightweight wallet can calculate the fee without knowing the details of the previous tx. It should have enough flexibility to let people decide the way to sign. I had other preliminary ideas here:
https://bitcointalk.org/index.php?topic=258931.07. The new OP_CHECKSIG has to take tx malleability in mind. It should allow people not to specify the txid of input (signing any UTXO of the same address), or sign the normalized txid. With normalized txid supported, however, it means full nodes have to keep an index of the normalized txid of all UTXO
8. It may allow pushing the block height and block hash to the stake. Pushing block height may allow something not doable with nLockTime (I'm not very sure). Pushing block hash will allow users to specify the fork which they want their tx being mined (something like POS. not sure if this is really useful)
EDIT: 9. It should allow the use of shorter hash and public key. This will be very useful for micro-payment and short-term storage.
The problem is, having a Script 2.0 like this could be risky. We may need to create a new alt-coin to test it for a long time before it could be merge to bitcoin. Any comments?
