You'll Activate The Covenants And You'll Like It
Shinobi’s Strawman is a weekly series where our Technical Editor Shinobi challenges the Bitcoin community, aiming to stir up conversation around heated technical debates.__________________________________________________...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
Shinobi’s Strawman is a weekly series where our Technical Editor Shinobi challenges the Bitcoin community, aiming to stir up conversation around heated technical debates.
______________________________________________________________
It's been two years since the last upgrade to Bitcoin, Taproot, activated and went live on the network. Since then there has been a proliferation of proposed changes for the next upgrade to the protocol, and they seem to keep piling up faster than people can keep up with.
These proposals mostly fall into a single category of change: covenants. The basic purpose of a covenant is to fundamentally change how script restricts Bitcoin spending. Currently a script in a UTXO can only control or limit how that currently existing UTXO can be spent, the design goal of a covenant is to extend that restriction so that the script in the currently existing UTXO can restrict how future UTXOs not yet created can be spent.
I myself have voiced concerns in the past about the risks of enabling covenants, but came to the conclusion (touched on here) that those initial concerns were way overblown. I still think there are negative consequences that could potentially come from covenants that enable too many restrictions on future UTXOs, but those concerns are mostly rooted in potential incentive changes, not the abuse of covenants themselves to censor people.
Here's the kicker though: we absolutely need some form of covenants for the scaling direction we have gone in to really work in the long term. Systems like Lightning are all built around pre-signed transactions being used to restrict the spending conditions of future UTXOs, but this can be very limiting.
Changing the state of a Lightning channel with just two people in it is straight-forward and just requires a few transactions being signed. The balance change, any new HTLCs or contracts, and a few transactions to handle those. However, the number of transactions you need to sign starts growing for the more complicated the thing you are trying to do is. I.e. involve more than two people in a channel. Think about penalties, right now one person just penalizes the other person, it's very simple. The cheating party loses all their money to the single party being cheated.
How does that work with three people in a channel? It's no longer a matter of everything going to one person, the right amount has to go to every other person being cheated. And that right amount changes each time the channel updates. So every time the channel state changes, you have to sign (or create in some way) transactions that will penalize every single old channel state while ensuring the money goes to the other participants correctly matching the current state balances. And you somehow have to make sure that only the most recent penalty can be used, otherwise old ones made with different channel states won't distribute the money properly after someone tries to cheat. Imagine having to sign all of that growing set of transactions everytime you update a channel, it's totally unscalable (if you could even find a way to make it logically work in the first place). SIGHASH_ANYPREVOUT (APO) enables a solution to this through eltoo, allowing people to simply replace old states with the current one instead of penalizing people.
Similar issues occur when you consider trying to handle on-chain enforcement of things. If you pack 10 people into a single channel, what happens when one doesn't respond? You have to close the entire thing out on-chain and stop everyone from continuing to update things off-chain. Proposals like OP_TAPLEAFUPDATEVERIFY (TLUV) and OP_EVICT would offer a way for a single user to exit from a channel non-cooperatively without closing it for everyone else, or for everyone except one unresponsive person to eject that offline party efficiently and keep the channel open for themselves.
Long chains of pre-signed transactions can commit to individual payments occurring, channels being opened, etc. ahead of time. In order to be trusted though, that chain of transactions has to start from a multisig address where you are a keyholder, otherwise whatever is being committed to can be double-spent and voided. This necessitates a long set up phase of creating the multisig, everyone having to be online to sign everything, and then finally funding it. OP_CHECKTEMPLATEVERIFY (CTV) allows that to be done trustlessly without having to participate in a long complicated setup phase.
Everywhere we look and find problems or points of friction in making Lightning and other off-chain protocols work, some basic covenant proposal can elegantly address the problems. There are plenty of them too:
- SIGHASH_ANYPREVOUT
- OP_CHECKTEMPLATEVERIFY
- OP_CHECKSIGFROMSTACK
- OP_TAPLEAF_UPDATE_VERIFY
- OP_EVICT
- OP_TXHASH
- OP_CAT
- OP_VAULT and OP_UNVAULT
- TX_HASH+CSFS
- Template Key
I would not be shocked if I'm missing some either. Some of these proposals, or derivatives, or new ones not yet thought of are going to be necessary in order to continue scaling Bitcoin. There is no way around that, either we accept the limitations of Bitcoin as it is now, or we improve it to address those limitations.
So, we're going to do the same thing as the last Strawman. What are your thoughts on covenants? Do you have specific proposals you think are most interesting or useful? Any thoughts on what could be built, or what problems can be solved, using them? Are there things you don't understand about them? How they work, what they are useful for, what the risks and downsides are? Let's hear it.
DMs are open, and [email protected] is available if that works better as a submission method. Next Wednesday we'll do the same thing as last time and I'll go through and publish the responses with answers to any questions or thoughts on the replies.
Why this matters
This bitcoin story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on Bitcoin MagazineRelated market context
Vitalik Buterin’s Single Slot Finality Plan Shows Ethereum Still Has A Settlement-Speed Problem To Solve
Vitalik Buterin’s Single Slot Finality Plan Shows Ethereum Still Has A Settlement-Speed Problem To Solve is the kind of crypto sto...
Ethereum Foundation AI Agent Research Shows Where Smart Contracts May Be Heading Next
Ethereum Foundation AI Agent Research Shows Where Smart Contracts May Be Heading Next is the kind of crypto story that looks simpl...
VanEck Ethereum ETF Update Adds More Fee Pressure To The Fund Launch Race
VanEck Ethereum ETF Update Adds More Fee Pressure To The Fund Launch Race is the kind of crypto story that looks simple at headlin...
Ethereum Foundation says AI agents can find real bugs but triage is the real work
Ethereum Foundations Protocol Security team said AI agents can help find real bugs in protocol code, but warned that triage, repro...
Ethereum Foundation Turns AI Loose on ETH Network to Find Bugs Before Hackers Do
Ethereum researchers are using AI agents to hunt for vulnerabilities, shifting security work from finding bugs to proving which on...
Crypto News, July 10: Regulation Overtakes Geopolitics as Bitcoin and Ethereum Price Hold Firm
For us, who spent the past month glued to oil charts, the screens have changed. Now we’re refreshing congressional calendars inste...