Funny AJ mentions the multisig idea, because I know for a fact it's being used in certain permissioned systems in this exact way. Regulators will dream up these ideas with or without more useful covenants! On Mon, Jul 5, 2021 at 9:46 PM Matt Corallo via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > I find this point to be incredibly important. Indeed I, like several > others, have historically been concerned with > covenants in the unbounded form. However, as more and more research has > been done in what they can accomplish, the > weighting of such arguments naturally has to be reduced. More importantly, > AJ's point here neuters anti-covanent > arguments rather strongly. > > Matt > > On 7/5/21 01:04, Anthony Towns via bitcoin-dev wrote: > > On Sun, Jul 04, 2021 at 09:02:25PM -0400, Russell O'Connor via > bitcoin-dev wrote: > >> Bear in mind that when people are talking about enabling covenants, we > are > >> talking about whether OP_CAT should be allowed or not. > > > > In some sense multisig *alone* enables recursive covenants: a government > > that wants to enforce KYC can require that funds be deposited into > > a multisig of "2 2 CHECKMULTISIG", and that > > "recipient" has gone through KYC. Once deposited to such an address, > > the gov can refus to sign with gov_key unless the funds are being spent > > to a new address that follows the same rules. > > > > (That's also more efficient than an explicit covenant since it's all > > off-chain -- recipient/gov_key can jointly sign via taproot/MuSig at > > that point, so that full nodes are only validating a single pubkey and > > signature per spend, rather than having to do analysis of whatever the > > underlying covenant is supposed to be [0]) > > > > This is essentially what Liquid already does -- it locks bitcoins into > > a multisig and enforces an "off-chain" covenant that those bitcoins can > > only be redeemed after some valid set of signatures are entered into > > the Liquid blockchain. Likewise for the various BTC-on-Ethereum tokens. > > To some extent, likewise for coins held in exchanges/custodial wallets > > where funds can be transferred between customers off-chain. > > > > You can "escape" from that recursive covenant by having the government > > (or Liquid functionaries, or exchange admins) change their signing > > policy of course; but you could equally escape any consensus-enforced > > covenant by having a hard fork to stop doing consensus-enforcement (cf > > ETH Classic?). To me, that looks more like a difference of procedure > > and difficulty, rather than a fundamental difference in kind. > > > > Cheers, > > aj > > > > [0] https://twitter.com/pwuille/status/1411533549224693762 > > > > _______________________________________________ > > bitcoin-dev mailing list > > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >