Bitcoin Stack Exchange is a question and answer site for Bitcoin crypto-currency enthusiasts. It only takes a minute to sign up.
Sign up to join this community
Anybody can ask a question
Anybody can answer
The best answers are voted up and rise to the top
Basically, the entire question fits into the title. Does the Bitcoin scripting language allow for a transaction output to only be spendable to a specific address? Is it possible to forbid all other spends? Is it possible to dictate that only that spend over a specified amount of money can happen such that the transaction fees cannot be chosen arbitrarily large?
If so, I suppose it’s also possible to design an output script in such a way that it can be spent to a specific address (and only to this specific address) when a signature by a specific party is present, but to arbitrary addresses if that party’s signature and also that of a specific other party is present. Should this for any reason not be possible, please let me know. This is what I’m mainly interested in.
No it is not possible to make an output that is only spendable to a specific address. Outputs that are spent have no effect on the outputs of the spending transaction. They are completely separate and independent on each other except for the amount that was spent.
An output’s script only defines what the input script must be, and the input script has no effect on the output scripts of that transaction.
As far as I know, the answer is no.
What you are suggesting would imply that an
UTXO could affect the conditions in which the output of a transaction spending it would be built, but it can only affect how the input is built.
UTXOs can define how they should be spent, but no how the resulting
UTXO spending it will be created.
This kind of thing is called a “covenant transaction”. It is not currently possible in bitcoin, however there are proposals to add this to bitcion and one of them will likely land sometime in the next few years. One is OP_CHECKTEMPLATEVERIFY and another is OP_CONSTRAINDESTINATION.
Not trustlessly, but if the source can trust you to destroy information or come up with a scheme where you wouldn’t be able to view or save the private key, you could:
- Send to an address you have the private key for
- Sign a transaction spending the output to the target address
- Destroy the private key
- Give your recipient the signed transaction.
Of course, destroying the private key is the critical step here. Requires trust, creativity, or some cryptography based solution I am unaware of.