Developers can leverage multisignature transactions in Bitcoin in order to construct smart contracts. Smart contracts refer to binding contracts between two or more parties and are enforced in a decentralized manner by the blockchain without the need for a centralized enforcer.
Recall that multisignature transactions (see Chapter 4) require m > 1 correct signatures to be considered valid transactions. Although the primary use of multisignature transactions mainly targeted resistance to coin theft, these transactions also support the construction of smart contracts in Bitcoin. In what follows, we discuss various types of achievable contracts in Bitcoin.
Making a Deposit
Recall that Bitcoin is mainly used to issue nonrefundable payments among users. However, there are a number of application scenarios where users need to make deposits (e.g., when using a service which requires assurance in case of damage or misuse). Bitcoin can plan for this case by enabling the creation of deposits to potentially untrusted entities.
As described in , a user A can make a deposit of v BTCs to entity B by constructing a transaction T1 that spends v BTCs into an output address C in such a way that the signatures of both A and B are required to spend T1. The user A does not immediately broadcast T1 in the Bitcoin network; instead, A sends B H(T1), C, as well as a new address that is owned by A using an off-line channel (e.g., using a direct TCP connection). Upon reception of H(T1), B constructs another transaction T2 that spends the BTCs stored in C (by linking it to H(T1)) back to an address specified by A. T2 is formed such that the nLockTime field is set to a future preagreed date, and the sequence number for the input is set to zero. B then sends T2 to A using an off-line channel.
Subsequently, A verifies that T2 is well-formed and signs T1 and broadcasts both T1 and T2 in the network. At this stage, the v BTCs cannot be spent individually by either A or B. Once the date specified in nLockTime is reached, the contract is completed and A will receive the v BTCs back by spending transaction T2 even
Figure 8.2 Making deposits in Bitcoin.
if B is not online. Note that by setting the sequence number to zero, the contract between A and B can be amended in future if both agree. This process is depicted in Figure 8.2.