* [bitcoin-dev] Using OP_VAULT to improve DLCs
@ 2023-01-12 12:32 Ben Carman
2023-01-19 22:42 ` Billy Tetrud
0 siblings, 1 reply; 2+ messages in thread
From: Ben Carman @ 2023-01-12 12:32 UTC (permalink / raw)
To: bitcoin-dev, dlc-dev
[-- Attachment #1: Type: text/plain, Size: 2225 bytes --]
Hi list,
After reading through James's OP_VAULT proposal this week, I had a realization that this can be used for more than a deep cold storage wallet.
Instead of vaulting and unvaulting, we can just send to a OP_UNVAULT output.
When using OP_UNVAULT if we set the `recovery-spk-hash` to a burn address (ie OP_RETURN `<random value>`)
and the `delay-period` to `0` we can use it as a not-so simple covenant with the `unvault-target-hash` being
set to whatever output restrictions you want to create.
Given this we can recreate a lot of what CTV promises, one of my favorites being
[Lloyd's improvement to DLCs](https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-January/019808.html)
(I recommend reading that first)
A similiar construction could be done by creating a taproot tree similiar to LLoyd's construction with each leaf looking like:
`<hash-of-burn-spk> 0 <CET-hash_i> OP_UNVAULT <CET_i> CHECKSIG`
In the same as Lloyd's proposal: when the oracle(s) reveals their attestations either party can combine them to get the secret key corresponding to `CET_i` and spend the coins to the CET (whose `unvault-target-hash`
hash is `CET-hash`) which distributes the funds according to the contract.
## Comparison
Compared to the original CTV proposal, this should get all the same computational savings. However, it would use more blockchain space.
The main downside I see is our final spending script will be slightly larger.
Instead of just having `<hash> OP_CTV` it will be replaced with `<hash> 0 <hash> OP_UNVAULT` (34 bytes extra, not including the witness discount).
However, this may be negligible in the case of a DLC with many outcomes as a lot of the input size will be coming from the control block.
This also can always be skipped by doing a cooperative close of the DLC if the internal-key of the taproot tree can be spent using something like MuSig.
I imagine a lot of the other applications for CTV can be recreated with OP_VAULT using this same trick.
# Credits
- Lloyd Fournier for the original proposal
- James O'Beirne for the OP_VAULT proposal and giving me the idea to skip the intial OP_VAULT and just use OP_UNVAULT
Best,
benthecarman
[-- Attachment #2: Type: text/html, Size: 3088 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [bitcoin-dev] Using OP_VAULT to improve DLCs
2023-01-12 12:32 [bitcoin-dev] Using OP_VAULT to improve DLCs Ben Carman
@ 2023-01-19 22:42 ` Billy Tetrud
0 siblings, 0 replies; 2+ messages in thread
From: Billy Tetrud @ 2023-01-19 22:42 UTC (permalink / raw)
To: Ben Carman, Bitcoin Protocol Discussion; +Cc: dlc-dev
[-- Attachment #1: Type: text/plain, Size: 3765 bytes --]
That's an interesting mechanism. Since the goal of OP_VAULT was to avoid
being another general covenant proposal, that avenue could be blocked by
requiring that for a transaction spending a utxo with a script using
OP_UNVAULT, the script (or taproot tree) must *only* contain that one
opcode call (perhaps with an escape hatch that OP_UNVAULT turns into a NOOP
if that constraint isn't satisfied). If no other conditions can be placed
on the utxo, then the only relevant condition is the delay (and the
prescribed output targets).
Even with this restriction, it could be used for Jeremy Rubin's congestion
control transactions, which just commits to a list of future outputs, to be
sent when the fee environment is cheaper.
However, James mentioned adding <recovery-params> that includes a
scriptPubKey for authorizing recovery. With that addition, OP_UNVAULT can
be used to do more general covenants by making `unvault-target-hash`
unsatisfiable (set to some random number that isn't derived from a hash)
the delay wouldn't matter, but arbitrary conditions can be set on spending
the utxo to the "recovery address" which could be another OP_UNVAULT. It
seems like that could be used as a general CTV-like covenant.
On Fri, Jan 13, 2023 at 2:04 PM Ben Carman via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:
> Hi list,
>
> After reading through James's OP_VAULT proposal this week, I had a realization that this can be used for more than a deep cold storage wallet.
>
> Instead of vaulting and unvaulting, we can just send to a OP_UNVAULT output.
> When using OP_UNVAULT if we set the `recovery-spk-hash` to a burn address (ie OP_RETURN `<random value>`)
> and the `delay-period` to `0` we can use it as a not-so simple covenant with the `unvault-target-hash` being
> set to whatever output restrictions you want to create.
>
> Given this we can recreate a lot of what CTV promises, one of my favorites being
> [Lloyd's improvement to DLCs](https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-January/019808.html)
> (I recommend reading that first)
>
> A similiar construction could be done by creating a taproot tree similiar to LLoyd's construction with each leaf looking like:
>
> `<hash-of-burn-spk> 0 <CET-hash_i> OP_UNVAULT <CET_i> CHECKSIG`
>
> In the same as Lloyd's proposal: when the oracle(s) reveals their attestations either party can combine them to get the secret key corresponding to `CET_i` and spend the coins to the CET (whose `unvault-target-hash`
> hash is `CET-hash`) which distributes the funds according to the contract.
>
> ## Comparison
>
> Compared to the original CTV proposal, this *should *get all the same computational savings. However, it would use more blockchain space.
>
> The main downside I see is our final spending script will be slightly larger.
> Instead of just having `<hash> OP_CTV` it will be replaced with `<hash> 0 <hash> OP_UNVAULT` (34 bytes extra, not including the witness discount).
> However, this may be negligible in the case of a DLC with many outcomes as a lot of the input size will be coming from the control block.
> This also can always be skipped by doing a cooperative close of the DLC if the internal-key of the taproot tree can be spent using something like MuSig.
>
> I imagine a lot of the other applications for CTV can be recreated with OP_VAULT using this same trick.
>
> # Credits
>
> - Lloyd Fournier for the original proposal
> - James O'Beirne for the OP_VAULT proposal and giving me the idea to skip the intial OP_VAULT and just use OP_UNVAULT
>
>
>
> Best,
>
> benthecarman
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: Type: text/html, Size: 4842 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-01-19 22:43 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-12 12:32 [bitcoin-dev] Using OP_VAULT to improve DLCs Ben Carman
2023-01-19 22:42 ` Billy Tetrud
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox