delvingbitcoin
Unspendable keys in descriptors
Posted on: December 19, 2023 16:59 UTC
In the ongoing discussions about privacy and standards in cryptocurrency transactions, there's a consensus that participants should not be forced to disclose when their key path is unspendable.
This point is important because it ensures that wallet users don't get the wrong impression that revealing only the script path was usable is inherently detrimental to privacy. There are solutions available, such as using a secret, that allow one to prove to other involved parties that the key is indeed unspendable without compromising confidentiality.
A particular scenario under consideration involves a coinjoin transaction where one participant, Alice, wishes to use her provably unspendable keypath UTXO while another participant, Bob, intends to make a payment to a segregated witness (SegWit) address. Initially, it was thought that Alice could simply provide a signature to a coordinator as proof rather than publicly showing that her script path had to be used. However, this approach has been reevaluated as it fails to address the issue of non-interactive revelation to the receiver that the taproot spend was exclusively a script spend. As it stands, without making such details public, there seems to be no non-interactive method to convey that only the script path was viable for the transaction.