That is an opinion piece about BIP119 (OP_CTV). If you want to submit a counter argument, please email Bitcoin Journal.
BIP119, or Examine Template Confirm (CTV), has been the middle of an absurd and ridiculous controversy within the final week or so. There are two facets of what’s presently driving this controversy, the CTV performance itself and the floated thought of activating it within the quick time period using the controversial Speedy Trial mechanism that was profitable in activating Taproot. These two points have been conflated to the purpose that attempting to disentangle them and talk about both one individually has grow to be, to place it flippantly, an extremely difficult endeavor.
As one of many individuals concerned in supporting a user-activated delicate fork (UASF) consumer for Taproot activation that was suitable with the Speedy Trial (ST) deployment, I can say wholeheartedly that I’m very a lot in opposition to future use of ST as an activation mechanism. I see it as a horrendous mistake and one thing that socially places the notion of a veto mechanism and over-weighted affect within the consensus course of within the arms of miners. I consider that activation of consensus modifications ought to relaxation solely within the arms of customers, not builders and never miners. That mentioned, the problem of the best way to activate modifications is simply tangentially associated to the CTV proposal, and far of the controversy facilities particularly across the BIP itself and the final idea of covenants.
There may be a substantial amount of confusion round what CTV can and can’t accomplish. A lot of the criticism in opposition to the proposal itself that’s not rooted in points with the proposed activation or activation mechanism relies across the thought of degradations to fungibility, i.e., the potential for somebody to ship you cash and limit the place you’ll be able to spend them. This isn’t attainable for 2 causes. Firstly, CTV restricts cash by EXACTLY defining the place they should go, and the precise quantities. To do one thing like “create whitelists” to restrict the place your cash are spendable, you would need to precompute each attainable tackle somebody can be allowed to spend cash, however then additionally for every of these addresses, compute each attainable quantity that could possibly be conceivably spent to them right down to the granularity of a satoshi. Secondly, the receiver is the one that gives an tackle to the sender, and the one who decides what precise Bitcoin script one should fulfill to be able to spend the obtained cash. If a sender alters that script in any method, it alters the “tackle,” and the receiver’s pockets won’t even acknowledge any funds as being obtained. It is no completely different giving somebody an tackle, and having them ship cash to another person’s pockets.
Presigned Transactions And Multisig
Presigned transactions are an important element of constructing issues on prime of Bitcoin. Lightning is constructed on presigned transactions, statechains are constructed on presigned transactions and discreet log contracts are constructed on presigned transactions. Mixed with multisig scripts, it’s attainable to ensure that an present UTXO encumbered by the multisig can solely be spent in sure predefined methods. That is the complete fundamental core of those second layers.
All of the events concerned generate a multisig tackle, then select which UTXOs to fund it with. Earlier than signing the funding transaction, they craft the transaction(s) that spend(s) the multisig UTXO within the predefined method(s), then they signal and make sure the funding transaction. Now, with out all events agreeing to vary the place to and beneath what situations the funds are spent, nothing will be modified. The vacation spot and situations beneath which the funds will transfer to the vacation spot are locked in. The most important limitation of this primitive is that to be able to assure these funds keep restricted in how they are often spent, everybody who has contributed cash or relies on these spending limitations should be a participant within the multisig contract. If they aren’t, then they have to belief the events truly concerned within the multisig contract, or a minimum of some threshold of them (for instance, within the case of a 3-of-5 multisig, they have to belief a minimum of three individuals to be trustworthy). With out collaborating, they have to belief individuals to solely signal truthfully and/or to delete personal keys with out retaining copies.
What are the constraints of presigned transactions? It’s important to outline each element of the transaction: what it does, the place it spends funds to, any transaction stage timelocks, and so on. You may by no means undo signing a transaction, you’ll be able to’t change what you’ve got already signed. This is the reason Lightning wants penalty keys, and folks need ANYPREVOUT and eltoo, as a result of you’ll be able to’t undo or “take again” the earlier signed transaction. All you are able to do is signal a brand new one and provides it the power to replace or negate the earlier one if somebody tries to make use of it. Generally it’s possible you’ll need to do that, generally it’s possible you’ll need to be sure that it is not attainable, however that earlier signed transaction is locked in, and all the time attainable to make use of so long as somebody retains it. You may by no means take it again.
CHECKTEMPLATEVERIFY / BIP119
The core performance of CHECKTEMPLATEVERIFY (CTV) is to offer stronger ensures within the state of affairs the place you need to guarantee it isn’t attainable to switch the initially signed transaction. As a substitute of getting to belief multisig individuals to behave truthfully or key turbines to delete personal keys, CTV ensures that spending a coin within the predefined method is actually enforced by consensus guidelines. That is completed by together with the hash of the predefined transaction you need to spend that UTXO, and together with it within the locking script for that UTXO when it’s created. Once you go to spend that coin, the script interpreter ensures that the spending transaction’s hash matches what was within the enter’s script, and if the hash doesn’t match it fails the transaction as invalid by consensus.
This offers the identical performance as multisig and presigned transactions within the use circumstances the place you need to assure the preliminary transaction set can’t be changed, besides it fully removes the requirement to belief individuals within the multisig quorum to behave truthfully or somebody to delete personal keys after signing transactions. It doesn’t open any new doorways, it doesn’t allow something that can’t already be executed with presigned transactions and multisig; it merely removes the necessity to take part instantly within the multisig script to be able to not should depend on trusting third events to implement the proper execution of the contract.
CTV does no extra to allow pressured implementation of “whitelisting restrictions” in order that cash can solely be spent to permitted addresses than presigned transactions do. The variety of completely different combos of quantities, vacation spot addresses and particular variables that may differ in spending transactions that should be precomputed and signed forward of time to do one thing like that is absurdly burdensome and impractical to do for each withdrawing person forward of time. That can be fully ignoring the truth that every change output of every precomputed transaction must to be equally encumbered with an virtually infinite variety of these combos, and the change outputs from the subsequent set of transactions, and so forth, and so forth, into what’s successfully infinity. The one optimization CTV presents isn’t having to spend the CPU cycles signing issues, which does nothing to vary the truth that this in observe is simply fully intractable. Why cope with all this complexity and precomputation as an alternative of simply refusing to let customers withdraw besides to a 2-of-2 multisig the place the change holds a key to allow them to refuse to authorize “unhealthy transactions?” Or simply not let customers withdraw in any respect?
In the end the selection of what to activate or implement comes right down to what every particular person person chooses to do with their node and the cumulative results of that throughout the complete community that every of these particular person selections provides as much as. That’s how Bitcoin works, and nothing will change that — wanting a whole breakdown of unbiased thought and decision-making amongst customers. That mentioned, it could be an actual disgrace, in my view, for a proposed improve to be torpedoed and shot down based mostly on a whole misunderstanding of what it will probably and can’t do, versus reasoned and rational criticisms of potential downsides, inefficiencies or dangers it presents to the community. For my part, that will not be a show of customers’ self sovereignty or unbiased verification of details asserted by public figures, however a show of outright stupidity and ignorance.
I hope going ahead that this dialog will be correctly separated into the 2 points being presently conflated — the proposal itself and the activation mechanisms that could possibly be used to implement it — as an alternative of the present state of affairs the place these two issues are being wildly conflated and never acknowledged for the separate points they’re. On the finish of the day it’s a completely rational and affordable factor to not assist a change based mostly on the dangers of sentimental fork activation itself or due to legit shortcomings or dangers a person proposal presents to the community. Nevertheless, I don’t suppose it’s affordable to voice an absence of assist rooted in fully nonfactual assertions a couple of proposal and what it will probably truly do, whereas within the course of, spreading misinformation in regards to the proposal itself to people who find themselves presently making an attempt to find out about and perceive the proposal to make their very own resolution. That’s one thing I’d name an assault on the consensus course of.
Bitcoiners shouldn’t really feel the necessity to unfold lies and misinformation to be able to persuade individuals to take the identical positions or act in the identical method as themselves.
This can be a visitor publish by Shinobi. Opinions expressed are solely their very own and don’t essentially replicate these of BTC Inc. or Bitcoin Journal.