More questions for Greg Maxwell.

[PepeLapiu]

I know you're just going to ignore this or delete my reply

No way, Greg. What you wrote is so absurd that it would be impossible to ignore it. I was so floored when I read your reply, that I had to screenshot it. What you wrote deserves it's own thread.

When asked under what conditions BIP110 would confiscate your coin, Greg replied with this:

For security some people have made transactions which are timelocked for the future, so that e.g. kidnappers can't force them to make payments or so that the transactions for inheritance will only be valid in the future.  After making the transaction they can delete their private keys so that they can't be forced to make any more alternatives, or they can simply lose them -- an eventuality that the presigned transaction was created to pay for.    These presigned transactions can pay to any valid address, for example a 4 of 8 taproot multisig that has a tree depth of more than 7 levels (e.g. family members/friends/heirs).
BIP110 would functionally destroy these coins.  

So I have some questions about this statement.

- Greg, can you find any tutorial anywhere on line where they explain how to delete your private keys after you commit your coin to a convoluted inheritance/kidnapping scheme with op_if in Taproot? Preferably something that was dated prior to BIP110 announcement, of course. And something a layman would understand?

- Are there any other scenarios anywhere else that you can think of where deleting your keys would cause you to lose your coin, with or without BIP110 being involved?

- Would the initial core 30 release allow me to spend my coin after it deleted my private keys?


As for others reading this, please understand. If you delete your private keys, you will absolutely lose your coin. And that has always been true since 2009 when bitcoin was created. This is why we have a notorious saying 'Not your keys, not your coin".

You delete your private keys, you will lose your coin 100% of the time. But Greg Maxwell here is trying to tell you that somehow can be blamed on BIP110.

If anyone ever tells you to delete your private keys as a part of some anti-kidnapping scheme, here is what you do:

- Politely kick that idiot in the nuts repeatedly.

- Dig a 5 ft hole in your backyard. Burry your private keys at 4 foot deep, and a decoy private key buried right on top of it at 2 ft deep.

That way, when your kidnapper forces you to reveal your keys, tell him where to dig 2 foot deep.

[ertil]

can you find any tutorial anywhere on line where they explain how to delete your private keys after you commit your coin

It is well known at least since 2016, and it was used to create Zcash altcoin:

The instantiation of the Zcash network required the creation of a master private key. To ensure privacy, this private key must later be destroyed, otherwise counterfeit Zcash coins could be generated. To maximize the chance that no one person could obtain the private key, software was written which allowed individuals from six different locations to collaboratively generate the private key, use it to instantiate Zcash, and then destroy the computers used in the process afterwards.

And similar setup can be done on Bitcoin as well. We have 2026, so that kind of things are known for at least 10 years, if not more.

And something a layman would understand?

The main problem with BIP-110 is that you don't know, what will be blocked in the future, and what will be allowed. You constantly have to ask people, if they understand your scripts, or you risk being blocked. Which defeats the purpose of the Script: it was invented to allow nodes to process future scripts, even if they don't understand it. But BIP-110 wants to push us to the world, where only centrally approved use cases can be seen on-chain, and where only very simple scripts are allowed.

If you delete your private keys, you will absolutely lose your coin.

If you have a valid transaction, then you don't need your keys anymore. And BIP-110 says: "Surprise! You thought you can broadcast your valid transaction later? No way, it is now invalid".