Does bitcoin need covenants?
Does bitcoin need to change?
Who am I?
Long time bitcoiner and coder
Occasional BIP contributor
Former
MuSig2 fanboy
Contents
What is a covenant?
From Dictionary.com:� Covenant, n: a usually formal, solemn, and binding agreement
From Investopedia:� Covenants can either promote activity to occur (positive covenant) or disallow an event or condition (negative covenant).
For bitcoin:� Covenants restrict the context in which bitcoin is spent by reference to data outside of its locking and unlocking scripts. This contrasts with cryptographic signature verifications which restrict who can spend bitcoin.
Does bitcoin need covenants?
Bitcoin already has covenants.
OP_CHECKSEQUENCEVERIFY and OP_CHECKLOCKTIMEVERIFY are covenants.
These covenants enabled the lightning network� and other improvements for bitcoin users.
Does bitcoin need more covenants?
Covenants scale bitcoin.
Covenants enable holders to protect their bitcoin from theft or loss.
Covenants enable holders to share UTXOs and on chain transactions.
Doesn’t lightning scale bitcoin?
Yes (thanks to covenants), but only to ~100 million users with 1 channel each.
If bitcoin is going to serve the world’s financial needs, it needs more covenants.
Bitcoin needs more covenants.
But covenants are scary!
Let’s talk about it.
How are covenants applied?
To receive bitcoin you create an address and provide it to the sender.
Most addresses lock bitcoin until a signature matching a public key is provided. Roughly, this corresponds to a locking script script like:�<public_key> OP_CHECKSIG
You can apply a time lock covenant by providing an address for a script like:�<public_key> OP_CHECKSIGVERIFY <time> OP_CHECKLOCKTIMEVERIFY
Only you can apply a covenant to your address.
Only you can apply a
covenant
to your address.
What are they good for?
Possible covenant features
Let’s get specific.
Types of covenant
More specific?
OP_CHECKTEMPLATEVERIFY (BIP-119)
Hash
SIGHASH_ANYPREVOUT(/ANYSCRIPT) (BIP-118)
Hash
OP_UNVAULT/OP_VAULTRECOVER (BIP-345)
Deferred,
Transformation
OP_TXHASH(VERIFY)
Hash
Template Key
Hash
OP_CAT
Hash+Introspection
Proposal Relationships
CHECKTEMPLATEVERIFY
Template Key
UNVAULT
TXHASH(VERIFY)
Replaces / Upgrades
Upgrades
CHECKSIGFROMSTACK
Emulates
SIGHASH_ANYPREVOUT(/ANYSCRIPT)
VAULTRECOVER
OP_CAT
Recursive
Replaces
Emulates
Uses
Opinions
Bitcoin needs to change!
OP_CHECKTEMPLATEVERIFY (BIP-119) belongs in bitcoin.
SIGHASH_ANYPREVOUT(/ANYSCRIPT) (BIP-118) is uninspiring and harmless.
OP_UNVAULT and OP_VAULTRECOVER (BIP-345) probably belongs in bitcoin.
OP_TXHASH(VERIFY) might belong in bitcoin.
Template Key might belong in bitcoin.
OP_CAT might belong (back) in bitcoin.
OP_CHECKTEMPLATEVERIFY
(BIP-119)�belongs in bitcoin.
Questions?
@reardencode (𝕏 and elsewhere)
freedom@reardencode.com