Analyzing BIP119 And The Controversy Surrounding It

This is an sentiment portion astir BIP119 (OP_CTV). If you would similar to taxable a antagonistic argument, delight email Bitcoin Magazine.

BIP119, oregon Check Template Verify (CTV), has been the halfway of an absurd and ridiculous contention successful the past week oregon so. There are 2 aspects of what is presently driving this controversy, the CTV functionality itself and the floated thought of activating it successful the abbreviated word utilizing the controversial Speedy Trial mechanics that was palmy successful activating Taproot. These 2 issues person been conflated to the constituent that trying to disentangle them and sermon either 1 separately has become, to enactment it lightly, an incredibly challenging endeavor.

As 1 of the radical progressive successful supporting a user-activated brushed fork (UASF) lawsuit for Taproot activation that was compatible with the Speedy Trial (ST) deployment, I tin accidental wholeheartedly that I americium precise overmuch against aboriginal usage of ST arsenic an activation mechanism. I spot it arsenic a horrendous mistake and thing that socially puts the cognition of a veto mechanics and over-weighted power successful the statement process successful the hands of miners. I judge that activation of statement changes should remainder solely successful the hands of users, not developers and not miners. That said, the contented of however to activate changes is lone tangentially related to the CTV proposal, and overmuch of the contention centers specifically astir the BIP itself and the wide conception of covenants.

There is simply a large woody of disorder astir what CTV tin and cannot accomplish. Much of the disapproval against the connection itself that is not rooted successful issues with the projected activation oregon activation mechanics is based astir the thought of degradations to fungibility, i.e., the imaginable for idiosyncratic to nonstop you coins and restrict wherever you are capable to walk them. This is not imaginable for 2 reasons. Firstly, CTV restricts coins by EXACTLY defining wherever they person to go, and the nonstop amounts. To bash thing similar “create whitelists” to bounds wherever your coins are spendable, you would person to precompute each imaginable code idiosyncratic would beryllium allowed to walk coins, but past besides for each of those addresses, compute each imaginable magnitude that could beryllium conceivably spent to them down to the granularity of a satoshi. Secondly, the receiver is the 1 that provides an code to the sender, and the 1 who decides what nonstop Bitcoin publication 1 indispensable fulfill successful bid to walk the received coins. If a sender alters that publication successful immoderate way, it alters the “address,” and the receiver's wallet volition not adjacent admit immoderate funds arsenic being received. It's nary antithetic giving idiosyncratic an address, and having them nonstop wealth to idiosyncratic else's wallet. 

Presigned Transactions And Multisig

Presigned transactions are a precise important constituent of gathering things connected apical of Bitcoin. Lightning is built connected presigned transactions, statechains are built connected presigned transactions and discreet log contracts are built connected presigned transactions. Combined with multisig scripts, it is imaginable to warrant that an existing UTXO encumbered by the multisig tin lone beryllium spent successful definite predefined ways. This is the full basal halfway of these 2nd layers.

All the parties progressive make a multisig address, past take which UTXOs to money it with. Before signing the backing transaction, they trade the transaction(s) that spend(s) the multisig UTXO successful the predefined way(s), past they motion and corroborate the backing transaction. Now, without each parties agreeing to alteration wherever to and nether what conditions the funds are spent, thing tin beryllium changed. The destination and conditions nether which the funds volition determination to the destination are locked in. The large regulation of this primitive is that successful bid to warrant those funds enactment constricted successful however they tin beryllium spent, everyone who has contributed wealth oregon is babelike connected those spending limitations indispensable beryllium a subordinate successful the multisig contract. If they are not, past they indispensable spot the parties really progressive successful the multisig contract, oregon astatine slightest immoderate threshold of them (for example, successful the lawsuit of a 3-of-5 multisig, they indispensable spot astatine slightest 3 participants to beryllium honest). Without participating, they indispensable spot participants to lone motion honestly and/or to delete backstage keys without retaining copies.

What are the limitations of presigned transactions? You person to specify each item of the transaction: what it does, wherever it spends funds to, immoderate transaction level timelocks, etc. You tin ne'er undo signing a transaction, you can't alteration what you've already signed. This is wherefore Lightning needs punishment keys, and radical privation ANYPREVOUT and eltoo, due to the fact that you can't undo oregon “take back” the erstwhile signed transaction. All you tin bash is motion a caller 1 and springiness it the quality to update oregon negate the erstwhile 1 if idiosyncratic tries to usage it. Sometimes you whitethorn privation to bash this, sometimes you whitethorn privation to marque definite it's not possible, but that erstwhile signed transaction is locked in, and ever imaginable to usage arsenic agelong arsenic idiosyncratic keeps it. You tin ne'er instrumentality it back.

CHECKTEMPLATEVERIFY / BIP119

The halfway functionality of CHECKTEMPLATEVERIFY (CTV) is to supply stronger guarantees successful the concern wherever you privation to guarantee it is not imaginable to regenerate the initially signed transaction. Instead of having to spot multisig participants to behave honestly oregon cardinal generators to delete backstage keys, CTV guarantees that spending a coin successful the predefined mode is virtually enforced by statement rules. This is accomplished by including the hash of the predefined transaction you privation to walk that UTXO, and including it successful the locking publication for that UTXO erstwhile it is created. When you spell to walk that coin, the publication interpreter ensures that the spending transaction's hash matches what was successful the input's script, and if the hash does not lucifer it fails the transaction arsenic invalid by consensus.

This provides the aforesaid functionality arsenic multisig and presigned transactions successful the usage cases wherever you privation to warrant the archetypal transaction acceptable cannot beryllium replaced, but it wholly removes the request to spot participants successful the multisig quorum to enactment honestly oregon idiosyncratic to delete backstage keys aft signing transactions. It does not unfastened immoderate caller doors, it does not alteration thing that cannot already beryllium done with presigned transactions and multisig; it simply removes the request to enactment straight successful the multisig publication successful bid to not person to trust connected trusting 3rd parties to enforce the close execution of the contract.

CTV does nary much to alteration forced implementation of “whitelisting restrictions” truthful that coins tin lone beryllium spent to approved addresses than presigned transactions do. The fig of antithetic combinations of amounts, destination addresses and circumstantial variables that tin disagree successful spending transactions that person to beryllium precomputed and signed up of clip to bash thing similar this is absurdly burdensome and impractical to bash for each withdrawing idiosyncratic up of time. That is besides wholly ignoring the information that each alteration output of each precomputed transaction would person to to beryllium likewise encumbered with an astir infinite fig of these combinations, and the alteration outputs from the adjacent acceptable of transactions, and truthful on, and truthful forth, into what is efficaciously infinity. The lone optimization CTV offers is not having to walk the CPU cycles signing things, which does thing to alteration the information that this successful signifier is conscionable wholly intractable. Why woody with each this complexity and precomputation alternatively of conscionable refusing to fto users retreat but to a 2-of-2 multisig wherever the speech holds a cardinal truthful they tin garbage to authorize “bad transactions?” Or conscionable not fto users retreat astatine all? 

The Choice

Ultimately the prime of what to activate oregon enforce comes down to what each idiosyncratic individual chooses to bash with their node and the cumulative effect of that crossed the full web that each of those idiosyncratic choices adds up to. That is however Bitcoin works, and thing volition alteration that — abbreviated of a implicit breakdown of autarkic thought and decision-making among users. That said, it would beryllium a existent shame, successful my opinion, for a projected upgrade to beryllium torpedoed and changeable down based connected a implicit misunderstanding of what it tin and cannot do, arsenic opposed to reasoned and rational criticisms of imaginable downsides, inefficiencies oregon risks it presents to the network. In my opinion, that would not beryllium a show of users’ aforesaid sovereignty oregon autarkic verification of facts asserted by nationalist figures, but a show of outright stupidity and ignorance.

I anticipation going guardant that this speech tin beryllium decently separated into the 2 issues being presently conflated — the connection itself and the activation mechanisms that could beryllium utilized to instrumentality it — alternatively of the existent concern wherever these 2 things are being wildly conflated and not recognized for the abstracted issues they are. At the extremity of the time it is simply a perfectly rational and tenable happening to not enactment a alteration based connected the risks of brushed fork activation itself oregon due to the fact that of morganatic shortcomings oregon risks an idiosyncratic connection presents to the network. However, I bash not deliberation it is tenable to dependable a deficiency of enactment rooted successful wholly nonfactual assertions astir a connection and what it tin really do, portion successful the process, spreading misinformation astir the connection itself to radical who are presently attempting to larn astir and recognize the connection to marque their ain decision. That is thing I would telephone an onslaught connected the statement process.

Bitcoiners should not consciousness the request to dispersed lies and misinformation successful bid to person radical to instrumentality the aforesaid positions oregon enactment successful the aforesaid mode arsenic themselves.

This is simply a impermanent station by Shinobi. Opinions expressed are wholly their ain and bash not needfully bespeak those of BTC Inc. oregon Bitcoin Magazine.