Fair warning — this section is critical to a full understanding of this proposed approach, but it does require strong technical knowledge of Bitcoin.

The million dollar transaction requirements are as follows:

It has sufficient value from the inputs to add up to the target reward plus fees. At, say, 100 satoshi/byte that implies a 1 BTC fee would be required. It must be acceptable according to a deployed transaction size limit of 1,000,000 bytes, but ensure the 80 byte block header takes it over the 1,000,000 byte block size limit. In other words, the safe final transaction size should be 999,921–999,999 bytes. This implies around 5586 standard inputs (P2PKH) with an additional one to three OP_RETURNs to make up the final bytes. The transaction has a single standard P2PKH output paid to a single use address we’ll call the bounty address.

When the million dollar transaction is published, a redemption transaction is published alongside it to allow the successful miner to claim the bounty.

The redemption transaction spends the bounty as its single input. It has a P2PKH output for the bounty value minus a priority fee payable to a single use redemption address. It also has a second output. This output contains the private key for the redemption address in an OP_RETURN script.

Note that the use of the redemption transaction as a separate transaction to the bounty provides full replay protection in the event of a chain split.

To claim the bounty the miner creates a block that includes both the bounty transaction and the redemption transaction. In order to make the claim, the miner includes a third transaction that immediately spends the redemption transaction into an address that they control.

However, other miners could, and perhaps would, simply orphan the block until they are one that creates the successful block with the bounty.

Catch-22? Well not quite.

The rational miner shouldn’t take the full bounty but use a percentage of the value as enticement to other miners. Remember, they need the confirmations of blockchain for the bounty transaction. The best tactic would be to claim only a proportion of the value, say 50%. The million dollar transaction confirmation looks like this:

One input that redeems the bounty value via the redemption transaction using the publicly revealed private key as a standard P2PKH input. An output that moves half the value of the input to an address under the successful miner’s control. Two further outputs: a P2PKH output for the remaining half the value minus a priority fee payable to a new address whose private key is in the second OP_RETURN output.

Note that miners who subsequently confirm the million dollar transaction and the paid-forward proportion of the bounty will have a lot of block space to scoop up the overpriced fees of transactions stuck in the current transaction backlog and improve on their partial reward.