Hi James,<br /><br />&gt; As with everything in bitcoin, the chain is insulated from stupidity like that<br />&gt; by fees, the UTXO model, and block cadence, so what's the problem?<br /><br />See my novel answer to AJ that by extending bitcoin script, I think you might *actually*<br />diluting the UTXO model as you can now on cross-inspect the status of an outpoint.<br />This might amplify tx-withhold style risk for bitcoin contracting protocols, e.g vaults.<br /><br />&gt; Probably worth noting that CSFS and many advanced introspection opcodes (which allow synthesizing<br />&gt; CTV) have been live for almost *four years now* on Liquid (https://github.com/ElementsProject/elements/blob/master/doc/tapscript_opcodes.md#new-opcodes-for-additional-functionality).<br /><br />Live != Deployed use-cases built on top of those advanced introspection opcodes.<br /><br />I've not verified this by myself, though from what is available from public data<br />L-BTC is &lt;= to LN today in terms of locked coins. In terms of decentralization,<br />a federated side-chain is not even like a network of payment channels, where<br />everyone can join by confirming a 2-of-2 in the chain. So have skilled dev really<br />try do "wrong things" with L-BTC and all those shiny introspection opcodes ? I'm<br />not sure, and please accept my skepticism here.<br /><br />&gt; Sorry to tell you, but given that changing consensus requires soliciting buy-in from a<br />&gt; wide variety of people across the Bitcoin ecosystem with varying levels of technical<br />&gt; ability, it is inherently a political process.<br /><br />No -- Apologies to tell you that science / engineering != politics.<br /><br />Somehow, if one has taste and familiarity with all postmodernism sociology,<br />there is well one domain where it completely failed to demonstrate that things<br />are following a "political process", this is indeed the domain of science. In<br />science, mathematical or physical truth always prevails, no matter what.<br /><br />Don't get me wrong -- This doesn't mean I cannot share the opinion that current<br />consensus changes process is a complete conoundrum. Sadly it might have devolved<br />in the view of numerous segments of the Bitcoin ecosystem that what matters w.r.t<br />consensus build-up is who is sitting on a bunch of surreanous github repository<br />permissions, and not necessarily if the consensus change is benefitful in an<br />objective fashion for bitcoin, not even if such _consensus change_ might be<br />required for the long-term flourishing of bitcoin (at least fixing the technical<br />debt).<br /><br />There is difference in saying what makes you socially popular to be vetted with<br />empty github permissions and let you vegetate on them by a weak social consensus<br />and there is a difference in saying unpopular truth to nurture real changes on<br />the long-term. I won't open the conversation more on that subject.<br /><br />Now, back to the more technical analysis of covenant, personally my position<br />is still the same than it was discussed on Bitcoin Core #28550. The communication<br />tone was rude, for sure, though I still share the same belief we shouldn't be<br />careful in designing contracting primitives and be completely $YOLO if said<br />primitives works well for a second-layer.<br /><br />On concerning CheckTemplateVerify itself, which is itself simpler than any<br />other proposed soft-forks due to the non-malleable templating, as I said 18<br />months ago I'm still open in my free time to review/test a CTV-based vault<br />(https://github.com/jamesob/simple-ctv-vault), the same way I did for Eltoo-based<br />LN channels in the past. This is one thing to come with a proof-of-concept<br />working on a single workstation, this is another thing to have tested it<br />under real operational guidelines, where dynamic fees and keys ceremonies<br />have to be deal with.<br /><br />I don't think CTV is altering the UTXO model significantly, though pleasure<br />to be proven wrong here. On the other hand CTV is bringing this idea of<br />immutability in a chain of transactions, that we cannot do currently with<br />sigs-based covenant. That immutability in theory has consequential value<br />for anyone building cold wallet or vault, that is clear as once the funding<br />utxo is confirmed, the UTXO signing keys leaks are void.<br /><br />Now, I might be the last guy in the ecosystem to think that CTV is not<br />the promised silver-bullet by its author all over the world to design<br />and deploy vaults. Fine.<br /><br />&gt; Beyond that, "Overton window" is an appropriate device in the sense that roasbeef<br />&gt; is using it because the more substantial a proposed change is, the more time is<br />&gt; needed by the technical ecosystem to digest it, both in terms of tooling and safety<br />&gt; analysis. Introducing an entirely new script interpreter on the basis of a Lisp (or<br />&gt; combinator calculus, or whatever Simplicity's claim is) is indeed far outside of<br />&gt; that "Overton" window - much farther than tacking on what is essentially just a<br />&gt; new SIGHASH mode to the existing interpreter.<br /><br />I do not wish to be overly pessimitic, though I think whatever "just-drop-a-new<br />script-interpreter" approach is just the wrong design approach, if we do not go<br />to fix first all the dynamic fees issues grieving all the contracting protocols<br />and bitcoin second-layers.<br /><br />Side-note: if you're used with playing with your compiler to target exotic<br />ISAs, one could build the equivalent for any Lisp interpreter where there is<br />an IR and in function of the target you compile to current supported bitcoin<br />opcodes, disabling interpreter syntax that are not (currently) supported or<br />that cannot be translated. I think this would be already a formal verification<br />gain for any smart-contract toolchain using it, even if it's a subset.<br /><br />&gt; Let's not be petty here - it's clear he's talking about LoC within the script<br />&gt;interpreter, which is a different context than the codebase as a whole. Within<br />&gt; the context of the interpreter, LoC is indeed a decent heuristic for marginal risk. Of course, nobody's saying it's perfect.<br /><br />I agree that LoC is a decent heuristic for marginal risk.<br /><br />Best,<br />Antoine<br />OTS hash: 7f00760799b4defd9fe551673a7926c01704274e522d44f3dc8e701b320243de<br /><div class="gmail_quote"><div dir="auto" class="gmail_attr">Le samedi 8 mars 2025 à 16:39:34 UTC, James O&#39;Beirne a écrit :<br/></div><blockquote class="gmail_quote" style="margin: 0 0 0 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div><div dir="auto">On Friday, March 7, 2025 at 4:26:36 PM UTC-5 Anthony Towns wrote:</div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">If you instead did not delete the CSFS private key would allow you to
<br>swap in another hash H or signature S in future. That would perhaps
<br>allow designing an unbounded state machine where a master key can add
<br>new states in future.</blockquote><div><br></div></div><div><div>I&#39;m not sure what your point here is - that we can do stupid things with CTV + CSFS? That&#39;s universally true in bitcoin; I can have an &quot;unbounded state machine&quot; by sending myself the same UTXO back and forth indefinitely with CHECKSIG.</div><div><br></div><div>As with everything in bitcoin, the chain is insulated from stupidity like that by fees, the UTXO model, and block cadence, so what&#39;s the problem?</div></div><div><div> </div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><a href="https://github.com/ElementsProject/elements/pull/1427" rel="nofollow" target="_blank" data-saferedirecturl="https://www.google.com/url?hl=fr&amp;q=https://github.com/ElementsProject/elements/pull/1427&amp;source=gmail&amp;ust=1741741494289000&amp;usg=AOvVaw1jHoC8rkBPJD7XOew-maF5">https://github.com/ElementsProject/elements/pull/1427</a> suggests
<br>Simplicity&#39;s potentially going live on Liquid any day now.<br></blockquote><div><br></div></div><div><div>Probably worth noting that CSFS and many advanced introspection opcodes (which allow synthesizing CTV) have been live for almost *four years now* on Liquid (<a href="https://github.com/ElementsProject/elements/blob/master/doc/tapscript_opcodes.md#new-opcodes-for-additional-functionality" target="_blank" rel="nofollow" data-saferedirecturl="https://www.google.com/url?hl=fr&amp;q=https://github.com/ElementsProject/elements/blob/master/doc/tapscript_opcodes.md%23new-opcodes-for-additional-functionality&amp;source=gmail&amp;ust=1741741494289000&amp;usg=AOvVaw1a3mRfobRQE2xI2islu8ZG">https://github.com/ElementsProject/elements/blob/master/doc/tapscript_opcodes.md#new-opcodes-for-additional-functionality</a>).</div></div><div><div> </div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">The concept of an &quot;Overton window&quot; is a political one, used for when
<br>there has been successful political pressure to exclude some subjects
<br>from discussion for reasons other than their underlying merits. That&#39;s
<br>not a good idea if you want to maintain high quality, and it&#39;s probably
<br>not compatible at all with a project that aims to be decentralised in
<br>any meaningful way.</blockquote><div><br></div></div><div><div>Sorry to tell you, but given that changing consensus requires soliciting buy-in from a wide variety of people across the Bitcoin ecosystem with varying levels of technical ability, it is inherently a political process.</div><div><br></div><div>Beyond that, &quot;Overton window&quot; is an appropriate device in the sense that roasbeef is using it because the more substantial a proposed change is, the more time is needed by the technical ecosystem to digest it, both in terms of tooling and safety analysis. Introducing an entirely new script interpreter on the basis of a Lisp (or combinator calculus, or whatever Simplicity&#39;s claim is) is indeed far outside of that &quot;Overton&quot; window - much farther than tacking on what is essentially just a new SIGHASH mode to the existing interpreter.</div></div><div><div> </div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Certainly a small change (though LoC is a bad measure of that -- how
<br>many LoC does it take to drop the 21M limit, or to drop the subsidy from
<br>3.125 BTC to 0 BTC?) is better than a large change all else being equal;
<br>but all else isn&#39;t equal: different changes enable different feature
<br>sets. The question you should be asking is whether we&#39;re getting useful
<br>feature sets from the small changes being proposed.</blockquote><div><br></div></div><div><div>Let&#39;s not be petty here - it&#39;s clear he&#39;s talking about LoC within the script interpreter, which is a different context than the codebase as a whole. Within the context of the interpreter, LoC is indeed a decent heuristic for marginal risk. Of course, nobody&#39;s saying it&#39;s perfect.</div><div><br></div><div>James</div></div></blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoindev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href="https://groups.google.com/d/msgid/bitcoindev/5610731e-b4a3-448d-bf4b-508739d51198n%40googlegroups.com?utm_medium=email&utm_source=footer">https://groups.google.com/d/msgid/bitcoindev/5610731e-b4a3-448d-bf4b-508739d51198n%40googlegroups.com</a>.<br />