Hi All,

I have a question about the often touted statement that "APO can emulate CTV". 
From what I have found in the specs and the inquisition codebase:

> BIP-118 ANYPREVOUTANYSCRIPT can constrain outputs of a spending transaction 
> by hardcoding a 65-byte signature and a 33-byte unknown public key type in a 
> script. Alternatively, BIP-119 CTV can directly constrain transaction outputs 
> to a template hash.

APO/AS SIGHASH does not commit to the number of inputs (nor obviously the other 
input outpoints themselves). This has some interesting consequences for Ark, 
which relies on TXID non-malleability for it's ATLCs.

Either one of these cases seem to be true depending on how the contracts are 

- APO only: Users can double spend the ASP (USER CAN STEAL)
- APO + ASP single sig: ASP can stop users from unilateral exit and sweep funds 
after 4 weeks (ASP CAN STEAL)
- n-of-n musig on the vTXO tree: trustless, APO however is not needed, full 
interactivity, analogous to key deletion covenant (NOBODY CAN STEAL)

APO/AS can also not be used for the ATLC itself, as it has to commit to the TX 
outpoint of the connector transaction.

OP_CTV however commits to the number of inputs explicitly, thus committing to a 
single input prevents TXID malleability and ensures the ATLC is going to be 

I would like to ask what the devs who are deeper into covenant research think 
about this, and if I'm missing something?
- moonsettler
bitcoin-dev mailing list

Reply via email to