It's not an insurmountable problem, but the design of the protocol, as I mention below, makes the transition from "unspendable" to "spendable" difficult, because you can't even try to satisfy the conditions until you try to spend the coins -- the only thing that would make sense would be to do this with another transaction that does nothing but transfer the unspendable coins to another address.

It really is quite complicated. In the best case, in my view, there would be specialized clients that would interpret certain classes of transaction scripts, and the majority of wallet software would not care at all, and only acknowledge the basic transactions (pay to pubkey hash). But all miners have to be aware of the full scope, and all full nodes will need to have some extra complexity, in order to even validate the blockchain. That complexity leads to unpredictable behavior and bugs. My guess is that when Bitcoin really has to go head-to-head with another coin, this "feature" will have a dragging effect.

I glanced at the papers on http://coloredcoins.org, and they haven't changed. Though the colored coins are tracked through the blockchain, the fact that a coin is colored, and what that color means, lives entirely outside the blockchain. My analogy with "smart property" simply looking for a particular serial numbered bill is very apt, but of course you gain the cryptographic anti-counterfeiting guarantees of bitcoin. All the same risks apply as well; you can inadvertently spend a colored coin, and if the recipient is not looking out for it, they'll probably never know that they are in nominal possession of a colored coin, and possession of the "smart property" will simply float around between people, just like a similarly-marked dollar bill inserted into a vending machine would do.

I read you saying it's quite complicated, but everything you said feels reasonably simple to me. Maybe I've been staring at these challenges for too long? Maybe in a few years everyone will feel it's reasonably simple? Or maybe not.

When you get a charge hold on your credit card, there is nothing you can do to satisfy it either aside from waiting for the charge to resolve. I'd like to think we're used to this reality.

Regarding needing to keep track of all unspent/spendable outputs, the Bitcoin client has been doing this since the beginning. If you go into your Bitcoin data directory, there are two sets of databases—the blockchain and all of the unspent outputs in the blockchain. These get updated with every mined block. Querying it is easy.

Regarding coloredcoins, the annotations live on the blockchain but the protocol (ie. how they're interpreted) lives in the client.

Part of the reason why multiple accounts are popular in crypto wallets is precisely for this scenario. You can keep your car-owning colored coins in one account, your spending change in another, your life's savings in more, etc. It's kind-of like having a Checking, Savings, Retirement, Investment, Mutual Fund, etc accounts in your bank.

You're absolutely right these all come with new challenges for us to work through, but I'm not having trouble imagining a rosy future where people aren't accidentally giving away rights to their cars and failing to meet rent because their savings are tied up in a complicated Script that is refusing to get resolved. We're not there today, but it's still early and many folks are working on all kinds of innovative wallets. :)

It may be complex but it's built from simple parts. You can check out the mini-language transactions are expressed in on the Bitcoin wiki. It's really quite simple.

Of course, ordinary users needn't care, since this is exactly what the Bitcoin software does for you: It tracks your money and how much of it is spendable.

> But all miners have to be aware of the full scope

Yes, miners execute a simple virtual machine that determines if the signatures in transactions are the satisfaction of the pubkeys.

Ignoring some cryptographic not ready for prime-time stuff, any other consensus system will operate the same way. In Bitcoin's case the script virtual machine is very carefully constrained to minimize the risk.

It's odd that you seem to speak highly of proposed work that would have a more complicated and less constrained execution execution environment in one breath but then claim that bitcoin's very simple system is a liability in your next message.