moonsettler [ARCHIVE] on Nostr: 📅 Original date posted:2023-06-11 🗒️ Summary of this message: The author ...
📅 Original date posted:2023-06-11
🗒️ Summary of this message: The author questions the statement that "APO can emulate CTV" and discusses the consequences for Ark's ATLCs, suggesting that OP_CTV is more enforceable.
📝 Original message:
Hi All,
I have a question about the often touted statement that "APO can emulate CTV". From what I have found in the specs and the inquisition codebase:
> BIP-118 ANYPREVOUTANYSCRIPT can constrain outputs of a spending transaction by hardcoding a 65-byte signature and a 33-byte unknown public key type in a script. Alternatively, BIP-119 CTV can directly constrain transaction outputs to a template hash.
APO/AS SIGHASH does not commit to the number of inputs (nor obviously the other input outpoints themselves). This has some interesting consequences for Ark, which relies on TXID non-malleability for it's ATLCs.
Either one of these cases seem to be true depending on how the contracts are constructed:
- APO only: Users can double spend the ASP (USER CAN STEAL)
- APO + ASP single sig: ASP can stop users from unilateral exit and sweep funds after 4 weeks (ASP CAN STEAL)
- n-of-n musig on the vTXO tree: trustless, APO however is not needed, full interactivity, analogous to key deletion covenant (NOBODY CAN STEAL)
APO/AS can also not be used for the ATLC itself, as it has to commit to the TX outpoint of the connector transaction.
OP_CTV however commits to the number of inputs explicitly, thus committing to a single input prevents TXID malleability and ensures the ATLC is going to be enforceable.
I would like to ask what the devs who are deeper into covenant research think about this, and if I'm missing something?
- moonsettler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230611/a036b05f/attachment.html>;
🗒️ Summary of this message: The author questions the statement that "APO can emulate CTV" and discusses the consequences for Ark's ATLCs, suggesting that OP_CTV is more enforceable.
📝 Original message:
Hi All,
I have a question about the often touted statement that "APO can emulate CTV". From what I have found in the specs and the inquisition codebase:
> BIP-118 ANYPREVOUTANYSCRIPT can constrain outputs of a spending transaction by hardcoding a 65-byte signature and a 33-byte unknown public key type in a script. Alternatively, BIP-119 CTV can directly constrain transaction outputs to a template hash.
APO/AS SIGHASH does not commit to the number of inputs (nor obviously the other input outpoints themselves). This has some interesting consequences for Ark, which relies on TXID non-malleability for it's ATLCs.
Either one of these cases seem to be true depending on how the contracts are constructed:
- APO only: Users can double spend the ASP (USER CAN STEAL)
- APO + ASP single sig: ASP can stop users from unilateral exit and sweep funds after 4 weeks (ASP CAN STEAL)
- n-of-n musig on the vTXO tree: trustless, APO however is not needed, full interactivity, analogous to key deletion covenant (NOBODY CAN STEAL)
APO/AS can also not be used for the ATLC itself, as it has to commit to the TX outpoint of the connector transaction.
OP_CTV however commits to the number of inputs explicitly, thus committing to a single input prevents TXID malleability and ensures the ATLC is going to be enforceable.
I would like to ask what the devs who are deeper into covenant research think about this, and if I'm missing something?
- moonsettler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230611/a036b05f/attachment.html>;