This is an opinion piece about BIP119 (OP_CTV). If you prefer to to submit a counter argument, please email Bitcoin Magazine.
BIP119, or Check Template Verify (CTV), has been the middle of an absurd and ridiculous controversy within the final week or so. There are two elements of what is at the moment driving this controversy, the CTV performance itself and the floated concept of activating it within the quick time period using the controversial Speedy Trial mechanism that was profitable in activating Taproot. These two points have been conflated to the purpose that making an attempt to disentangle them and talk about both one individually has develop into, to put it frivolously, an extremely difficult endeavor.
As one of many individuals concerned in supporting a user-activated comfortable fork (UASF) consumer for Taproot activation that was appropriate with the Speedy Trial (ST) deployment, I can say wholeheartedly that I’m very a lot towards future use of ST as an activation mechanism. I see it as a horrendous mistake and one thing that socially places the notion of a veto mechanism and over-weighted affect within the consensus course of within the arms of miners. I imagine that activation of consensus adjustments ought to relaxation solely within the arms of customers, not builders and never miners. That mentioned, the difficulty of how to activate adjustments is solely tangentially associated to the CTV proposal, and far of the controversy facilities particularly across the BIP itself and the overall idea of covenants.
There is quite a lot of confusion round what CTV can and can’t accomplish. Much of the criticism towards the proposal itself that is not rooted in points with the proposed activation or activation mechanism is primarily based across the concept of degradations to fungibility, i.e., the potential for somebody to ship you cash and limit the place you are ready to spend them. This is not potential for 2 causes. Firstly, CTV restricts cash by EXACTLY defining the place they have to go, and the precise quantities. To do one thing like “create whitelists” to restrict the place your cash are spendable, you’ll have to precompute each potential handle somebody could be allowed to spend cash, however then additionally for every of these addresses, compute each potential quantity that may very well be conceivably spent to them down to the granularity of a satoshi. Secondly, the receiver is the one that gives an handle to the sender, and the one who decides what actual Bitcoin script one should fulfill so as to spend the acquired cash. If a sender alters that script in any method, it alters the “address,” and the receiver’s pockets won’t even acknowledge any funds as being acquired. It’s no totally different giving somebody an handle, and having them ship cash to another person’s pockets.
Presigned Transactions And Multisig
Presigned transactions are a vital part of constructing issues on high of Bitcoin. Lightning is constructed on presigned transactions, statechains are constructed on presigned transactions and discreet log contracts are constructed on presigned transactions. Combined with multisig scripts, it is potential to assure that an present UTXO encumbered by the multisig can solely be spent in sure predefined methods. This is the complete fundamental core of those second layers.
All the events concerned generate a multisig handle, then select which UTXOs to fund it with. Before signing the funding transaction, they craft the transaction(s) that spend(s) the multisig UTXO within the predefined method(s), then they signal and ensure the funding transaction. Now, with out all events agreeing to change the place to and underneath what circumstances the funds are spent, nothing may be modified. The vacation spot and circumstances underneath which the funds will transfer to the vacation spot are locked in. The main limitation of this primitive is that so as to assure these funds keep restricted in how they may be spent, everybody who has contributed cash or is depending on these spending limitations should be a participant within the multisig contract. If they are not, then they should belief the events truly concerned within the multisig contract, or at the least some threshold of them (for instance, within the case of a 3-of-5 multisig, they should belief at the least three individuals to be trustworthy). Without collaborating, they should belief individuals to solely signal actually and/or to delete non-public keys with out retaining copies.
What are the constraints of presigned transactions? You have to outline each element of the transaction: what it does, the place it spends funds to, any transaction stage timelocks, and so forth. You can by no means undo signing a transaction, you possibly can’t change what you’ve got already signed. This is why Lightning wants penalty keys, and other people need ANYPREVOUT and eltoo, as a result of you possibly can’t undo or “take back” the earlier signed transaction. All you are able to do is signal a brand new one and provides it the flexibility to replace or negate the earlier one if somebody tries to use it. Sometimes you might have considered trying to do that, generally you might have considered trying to make certain it is not potential, however that earlier signed transaction is locked in, and all the time potential to use so long as somebody retains it. You can by no means take it again.
CHECKTEMPLATEVERIFY / BIP119
The core performance of CHECKTEMPLATEVERIFY (CTV) is to present stronger ensures within the scenario the place you need to guarantee it is not potential to exchange the initially signed transaction. Instead of getting to belief multisig individuals to behave actually or key mills to delete non-public keys, CTV ensures that spending a coin within the predefined method is actually enforced by consensus guidelines. This is completed by together with the hash of the predefined transaction you need to spend that UTXO, and together with it within the locking script for that UTXO when it is created. When you go to spend that coin, the script interpreter ensures that the spending transaction’s hash matches what was within the enter’s script, and if the hash doesn’t match it fails the transaction as invalid by consensus.
This supplies the identical performance as multisig and presigned transactions within the use circumstances the place you need to assure the preliminary transaction set can’t be changed, besides it fully removes the requirement to belief individuals within the multisig quorum to act actually or somebody to delete non-public keys after signing transactions. It doesn’t open any new doorways, it doesn’t allow something that can’t already be completed with presigned transactions and multisig; it merely removes the necessity to take part instantly within the multisig script so as to not have to depend on trusting third events to implement the right execution of the contract.
CTV does no extra to allow compelled implementation of “whitelisting restrictions” in order that cash can solely be spent to authorised addresses than presigned transactions do. The variety of totally different mixtures of quantities, vacation spot addresses and particular variables that may differ in spending transactions which have to be precomputed and signed forward of time to do one thing like this is absurdly burdensome and impractical to do for each withdrawing person forward of time. That is additionally fully ignoring the truth that every change output of every precomputed transaction would have to to be equally encumbered with an virtually infinite variety of these mixtures, and the change outputs from the subsequent set of transactions, and so forth, and so forth, into what is successfully infinity. The solely optimization CTV presents is not having to spend the CPU cycles signing issues, which does nothing to change the truth that this in follow is simply fully intractable. Why cope with all this complexity and precomputation as an alternative of simply refusing to let customers withdraw besides to a 2-of-2 multisig the place the trade holds a key so they can refuse to authorize “bad transactions?” Or simply not let customers withdraw in any respect?
Ultimately the selection of what to activate or implement comes down to what every particular person person chooses to do with their node and the cumulative results of that throughout the complete community that every of these particular person selections provides up to. That is how Bitcoin works, and nothing will change that — in need of a whole breakdown of unbiased thought and decision-making amongst customers. That mentioned, it could be an actual disgrace, in my view, for a proposed improve to be torpedoed and shot down primarily based on a whole misunderstanding of what it might probably and can’t do, as opposed to reasoned and rational criticisms of potential downsides, inefficiencies or dangers it presents to the community. In my opinion, that will not be a show of customers’ self sovereignty or unbiased verification of details asserted by public figures, however a show of outright stupidity and ignorance.
I hope going ahead that this dialog may be correctly separated into the 2 points being at the moment conflated — the proposal itself and the activation mechanisms that may very well be used to implement it — as an alternative of the present scenario the place these two issues are being wildly conflated and never acknowledged for the separate points they are. At the top of the day it is a superbly rational and affordable factor to not assist a change primarily based on the dangers of sentimental fork activation itself or due to official shortcomings or dangers a person proposal presents to the community. However, I don’t suppose it is affordable to voice a scarcity of assist rooted in fully nonfactual assertions a couple of proposal and what it might probably truly do, whereas within the course of, spreading misinformation concerning the proposal itself to individuals who are at the moment trying to find out about and perceive the proposal to make their personal determination. That is one thing I’d name an assault on the consensus course of.
Bitcoiners mustn’t really feel the necessity to unfold lies and misinformation so as to persuade individuals to take the identical positions or act in the identical method as themselves.
This is a visitor submit by Shinobi. Opinions expressed are completely their personal and don’t essentially mirror these of BTC Inc. or Bitcoin Magazine.