That is the primary article in a collection deep diving into particular person covenant proposals which have reached some extent of maturity meriting an in depth breakdown.
CHECKTEMPLATEVERIFY (CTV), put ahead by Jeremy Rubin with BIP 119, is probably the most mature and absolutely fleshed out covenant proposal, not solely out of the proposals we might be protecting, however out of the entire covenant proposals of their entirety. As I discussed within the introduction article to this collection, there are a lot of issues within the ecosystem relating to covenants which are too versatile enabling issues that wind up having very detrimental penalties for Bitcoin.
CTV was designed particularly to constrain its capabilities tightly sufficient to keep away from any of these issues. To first perceive how CTV capabilities, we have to perceive the person elements of a Bitcoin transaction.
This can be a very excessive stage view of a Bitcoin transaction. It has inputs, or unspent cash (UTXOs), and outputs, the brand new unspent cash that the transaction will create when it’s confirmed in a block. There are much more items we are going to undergo, however that is the best stage view of a transaction’s construction.
Each transaction additionally has a model quantity discipline for the entire transaction, indicating applicability of recent variations of guidelines or options. There may be additionally the marker and the flag, that are set to particular values to point the transaction makes use of Segwit. After that is the enter depend, the variety of inputs within the transaction. Then come the precise inputs.
Every enter incorporates a TXID of the transaction that created the unspent coin being spent, a VOUT which marks what output in that transaction is being spent, the scale of the ScriptSig, and the ScriptSig, which is the unlocking script proving the enter being spent is allowed by its locking script guidelines, and at last a Sequence quantity which is used to make sure the enter being spent is following relative timelock guidelines. i.e. the enter has existed for a sure variety of blocks or size of time since its creation.
The output depend is the subsequent piece of information, the variety of outputs within the transaction. After this comes the precise outputs, which include an quantity of satoshis assigned to that output, the ScriptPubKey dimension, and the precise ScriptPubKey, which is the locking script for that output. Lastly the nLocktime discipline applies a timelock worth in timestamp or block top that applies to your complete transaction.
Every Segwit transaction additionally incorporates a Witness part, the place every enter has a corresponding witness containing a Stack Gadgets depend, what number of issues might be placed on the script stack, a Dimension discipline for every merchandise, and the precise information Merchandise to go on the stack.
How CTV Works
CTV is an opcode that allows probably the most primary type of introspection and ahead information finishing up of all of the covenant proposals. It permits a script to take a pre-defined 32 byte hash and examine that towards a hash of a lot of the fields of the spending transaction. If the hash derived from the precise spending transaction doesn’t match the pre-defined hash, the transaction is invalid.
The fields it commits to are:
nVersion nLocktime Enter depend A hash of all of the nSequence fields Output depend A hash of all of the outputs Enter index (the place the enter has within the transaction, 1st enter, 2nd, and many others.)
These are all of the fields dedicated to by the CTV hash, of their entirety, and with no capacity to choose and select. That is the diploma of introspection CTV permits, “does the hash of those fields within the spending transaction match the hash within the locking script of the enter being spent,” that’s it. The hash commits to basically your complete transaction besides the precise inputs. There’s a motive the hash doesn’t embrace the inputs. So as to lock an output to a 32 byte hash with CTV, it is advisable know the hash of the transaction that you’re making certain is the one approach for it to be spent. The enter locked with CTV being spent should embrace this hash so as to be verified towards CTV. That necessitates having the hash of that transaction earlier than you create the entire transaction. That’s not potential.
You can even nest CTV scripts, i.e. have an preliminary CTV script decide to a transaction with outputs that additionally embrace CTV scripts. That is what permits CTV to “carry ahead” information. All it carries ahead in follow although is no matter information is contained within the chain of transactions. You are able to do this in idea to an infinite depth, however you’re restricted in follow to a finite depth as a result of the nesting should be generated backwards ranging from the top. It’s because every stage, or “hop,” should have the hash of the transaction shifting to the subsequent one, in any other case you possibly can’t create the locking script within the first place. Should you don’t already know the subsequent transaction, you possibly can’t generate the earlier one.
What Is CTV Helpful For
CTV means that you can limit an output in order that it could solely be spent, based on consensus guidelines, by a precise pre-defined transaction. A few of you is likely to be asking what the large deal is, we will already pre-sign transactions. If the extent of introspection is so restricted that it could solely accomplish one thing we will already just do pre-signing, what’s the worth add?
First, pre-signed transactions all the time go away open the opportunity of the keyholder(s) signing new transactions and spending these cash differently. It’s important to belief that the keyholder is not going to do that, or will delete the important thing wanted to signal with (which you additionally should belief them on). CTV removes that belief completely. As soon as the spending transaction is outlined and the output locked to that CTV hash is created, there isn’t any risk of being spent one other approach, enforced by consensus.
Presently the one approach round that belief is to be concerned in pre-signing transactions your self utilizing multisig. Then you definately will be fully sure that except you select to signal one your self, no different legitimate transaction spending a coin differently will be created. The issue is the extra individuals are concerned, the tougher and unreliable coordinating everybody to pre-sign a transaction on the identical time turns into. Previous small sizes it turns into a very impractical drawback to resolve reliably.
CTV provides a approach for folks to know a set of transactions is dedicated with out everybody having to get on-line on the identical time to signal them. It tremendously simplifies the coordination course of by permitting everybody to get the wanted info to anybody else at any time when they’ll, and as soon as that individual has everybody’s info they’ll create the chain of CTV transactions with out anybody else’s involvement, and everybody can confirm and make sure that the right consequence is the one potential one.
That’s extremely invaluable by itself, however CTV may allow much more invaluable issues together with different opcodes, which we’ll see within the subsequent article.
Closing Ideas
CTV is a tightly restricted covenant that allows a level of introspection and ahead information carrying that’s so restricted it doesn’t exceed the precise performance of something that may be completed with pre-signed transactions. The worth proposition just isn’t in enabling new performance in its personal proper, however drastically bettering the effectivity, scalability, and safety ensures of what will be constructed at present utilizing pre-signed transactions. This alone is an enormous profit to virtually each at present deployed protocol utilizing pre-signed transactions.
Listed here are among the tasks demonstrating how completely fleshed out and explored this specific covenant is in comparison with the others:
A primary fee pool instance by stutxo. A CTV vault implementation by James O’Beirne, who went on to suggest OP_VAULT (which nonetheless makes use of CTV). A proof-of-concept port of the pre-signed transaction primarily based Ark implementation from Second by Steven Roose to make use of CTV as a substitute. The Sapio Language by Jeremy Rubin himself, the next stage language for constructing contracts with CTV (additionally supporting using pre-signed transactions as a substitute). Timeout Timber, a proposal for a really primary coinpool design by John Legislation. Quite a few different potential protocols, reminiscent of optimized Discreet Log Contracts (DLCs), non-interactive Lightning channels one social gathering might open with out the opposite, and even decentralized methods for miners to pool collectively.
CTV is an extremely mature proposal at this level, with a excessive worth add, and no danger of enabling something driving the issues round covenants. This could not solely be very severely thought of, however in my private opinion ought to have been activated years in the past.
