New P2SH(let’s call it P2MINT for now) address that requires script to be ( coinstake ? 1 : 2)-of-2 multisig and in coinstake mode require all outputs’ pubKeyScripts to be P2MINT of that script.
Optionally limit outputs number and fee - stake destruction attack.
It’s mutation of sigmike’s solution - actually I don’t see benefits, just a note - even more, there is a con, we reveal spending pubkey, in case of ECC gets compromised there’s no protection while with sigmike’s solution funds are safe.
We can modify his script to something like this:
OP_COINSTAKE
OP_IF
mintingPubKey
OP_ELSE
OP_DUP
OP_HASH160
spendingPubkey.GetHash160()
OP_EQUALVERIFY
OP_ENDIF
OP_CHECKSIG
scriptSig mint: mintingSig
scriptSig spend: spendingSig spendingPubKey
or
mintingPubkey
OP_CHECKSIGVERIFY
OP_COINSTAKE
OP_NOTIF
OP_DUP
OP_HASH160
spendingPubkey.GetHash160()
OP_EQUALVERIFY
OP_CHECKSIGVERIFY
OP_ENDIF
OP_TRUE
scriptSig mint: mintingSig
scriptSig spend: spendingSig spendingPubKey mintingSig
/ requires both privkeys to spend /
Or we can make it w/o OP_COINSTAKE and make script verifiable by itself (w/o context knowledge)
OP_IF
mintingPubkey
OP_ELSE
OP_DUP
OP_HASH160
spendingPubkey.GetHash160()
OP_EQUALVERIFY
OP_ENDIF
OP_CHECKSIG
scriptSig mint: mintingSig OP_TRUE
scriptSig spend: spendingSig spendingPubKey OP_FALSE
This kind of modification is better then previous imo, we mark tx as invalid if scriptSig element is used in wrong context - we have to perform other checks outside script to perform more validation so no point for altering scrip core.
/ we need to check if OP_FALSE is used - malleability /
Another way is to define OP_COINSTAKE as constant, then
OP_DUP
OP_COINSTAKE
OP_EQUALS
OP_IF
OP_DROP
mintingPubkey
OP_ELSE
OP_DUP
OP_HASH160
spendingPubkey.GetHash160()
OP_EQUALVERIFY
OP_ENDIF
OP_CHECKSIG
scriptSig mint: mintingSig OP_COINSTAKE
scriptSig spend: spendingSig spendingPubKey
My favorite
Using mintingPubkey instead of mintingPubkey.GetHash160() is rational.