OP_CHECKTEMPLATEVERIFY has as soon as once more develop into a focus within the dialog about enhancements to scale Bitcoin. This time round there are numerous extra different designs for covenants being proposed, and precise concrete designs that make use of CTV as scaling options (Timeout Bushes and Ark). The dialog has a a lot bigger depth of ideas to think about, each by way of options that may very well be adopted in addition to concrete proposals that CTV might allow.
One narrative circulating from the camp of individuals in opposition to CTV is that “CTV doesn’t scale Bitcoin.” Let’s charitably interpret that to imply that CTV itself doesn’t scale Bitcoin, issues you’ll be able to construct with it do. Properly, then that isn’t a coherent argument. Segregated Witness didn’t scale Bitcoin. CHECKLOCKTIMEVERIFY and CHECKSEQUENCEVERIFY didn’t scale Bitcoin. However the Lightning Community, which these three proposals enabled, do scale Bitcoin. They add a large quantity of overhead for transactional throughput to develop past the constraints of the blockchain itself.
Lightning actually couldn’t exist with out these base layer primitives. The issue with Lightning although, is it solely scales the variety of transactions that may be processed. It doesn’t in any method assist enhance the scalability of possession over UTXOs, or improve the variety of customers who can management one. Lightning is presently not able to doing that with its present design and the present set of consensus primitives out there in Bitcoin script.
CTV can change that.
UTXOs And Digital UTXOs
A part of the issue of Lightning’s shortcoming concerning scalability of Bitcoin possession is that to be able to open a channel, or management a UTXO, you really must transact on the bottom layer. After that Lightning can facilitate a really massive variety of transactions off-chain, however a person should nonetheless transact on-chain to onboard themselves to Lightning. It massively will increase the variety of transactions Bitcoin can course of, however it does nothing in any respect to extend the quantity of people that can personal bitcoin.
That is one other large drawback CTV can assist with. Burak coined the time period “digital UTXO” for his Ark proposal, however I believe this terminology is an ideal normal time period helpful far past the context of Ark. A digital UTXO is one dedicated to being created sooner or later, by mechanisms like a pre-signed transaction, however that hasn’t really been created on-chain but. Bitcoin doesn’t have the blockspace for everybody to create a single UTXO on the scale of the world inhabitants, however there’s undoubtedly potential for folks to have their very own unbiased digital UTXO if the method of committing to these might be made scalable.
Scaling the creation of commitments to vUTXOs is the issue. Proper now there isn’t any approach to create them besides by using pre-signed transactions, and this introduces a bottleneck that should be addressed. The variety of vUTXOs any actual UTXO can decide to is bounded by the scale of the multisig set signing these transactions. To trustlessly create vUTXOs, the proprietor of each vUTXO should be a part of the multisig key that’s signing the transactions that decide to creating them, in any other case they haven’t any assure that conflicting transactions is not going to be generated that voids their potential to say their vUTXO if needed. The issue of coordinating the signing of this between each member of the set introduces sensible issues that may finally severely restrict the scale any pool of vUTXOs can develop to. The one different different is to have some trusted celebration or events signal the transactions committing to everybody’s vUTXOs, and easily trusting them to not steal these funds from the rightful homeowners.
CTV presents an answer to each of those issues. By with the ability to non-interactively decide to a set of future transactions the identical method pre-signed transactions do, however with out requiring each proprietor of the vUTXOs these transactions create to coordinate signing, it solves the coordination drawback. On the similar time as a result of nobody must work together, a single particular person might take the function of funding the CTV output that commits to everybody’s vUTXOs unfurling on-chain, and nil belief in that particular person after the funding transaction is confirmed is required. As soon as that actual UTXO is confirmed in a block, the one who funded it has no potential to undo or double spend the longer term transactions it has dedicated to.
Remember that a vUTXO might be no matter you need it to be. It may be a Lightning channel, a multisig script for chilly storage, and many others. CTV does what the present type of Lightning doesn’t, it scales precise possession of Bitcoin, not simply the variety of transactions it might probably course of.
Reduce By The Shortcut
One of many different criticisms of CTV as “not scaling Bitcoin” is that by committing to future transactions you don’t escape the necessity to put them on-chain ultimately, and so subsequently CTV doesn’t really assist enhance scalability. I wish to name this “the OP_IF fallacy.” i.e. as soon as folks begin speaking about CTV they overlook OP_IF exists, and that scripts can even have a number of spending situations to select from.
Essentially the most highly effective issues about Taproot are the flexibility to assemble multisigs by simply including two public keys collectively and signal for them with a single combination signatures, and to solely selectively reveal a single “IF” department of a script that has a number of methods to be spent. Mixed with CTV, this presents a really highly effective approach to make use of vUTXO commitments. Reasonably than make a sequence of transactions utilizing purely CTV, they are often constructed with the CTV spending path buried inside a taproot tree. The tip of the chain of transactions are all the person vUTXOs every participant owns, locked to that person’s public key alone. As you go backwards in the direction of the foundation of the tree, every set of keys which can be under any node within the tree can merely be added collectively and used because the Schnorr multisig key that the CTV spend path is buried underneath.
Because of this at any level within the chain of transactions unfurling on-chain to really flip the vUTXOs into actual UTXOs the place you may get each participant in an intermediate UTXO to coordinate with one another, everybody can merely cooperatively signal a transaction transferring their cash the place they wish to go in a extra environment friendly method than merely letting the pre-defined transaction circulation unfurl all the best way to morph their vUTXOs into actual ones. This permits small sub teams to flee needing to really unfurl the complete set of transactions pre-committed to on-chain, with out introducing any trusted events to depend on or weakening the safety of every person’s declare to their very own vUTXOs.
These two easy realities provide a large achieve in scalability for Bitcoin with out compromising on particular person sovereignty or safety in doing so, and all we want to be able to notice them is CTV.
Acknowledgements: I want to thank everybody who participates on the Chicago Bitdevs for serving to me formulate these observations in a concise method by dialogue.
