Using script you could, in principle, use password-based transactions, where only someone who knows a password can spend the coins. A hash would mask the password in the input transaction.

I expect a code like:


would be enough. I asked if this was possible (http://bitcoin.stackexchange.com/questions/5510/password-based-bitcoin-transactions) and was pointed out that it is not so secure. An intermediate relaying node that sees the transaction could try to outrun the legitimate spender and spend the coins.

Does anyone know how risky this is or if there are any ways to improve the system? My original idea was having a simple "contract" that transfers the coins only if certain information is made public (think for instance about an on-line contest). So the alternative should preserve the public part.

I have recently found a similar problem when discussing quantum computers, or, more generally, what happens if there appears an algorithm that can deduce the private key from the public key of a user.

https://bitcointalk.org/index.php?topic=133425.0

If you use addresses, the hashing will reduce the attacks to the equivalent of the password transaction I mention and is also relevant to the robustness of the Bitcoin system as a whole.