Hi All,
I have a question about the often touted statement that "APO can emulate CTV".
From what I have found in the specs and the inquisition codebase:
> BIP-118 ANYPREVOUTANYSCRIPT can constrain outputs of a spending transaction
> by hardcoding a 65-byte signature and a 33-byte unknown public key type in a
> script. Alternatively, BIP-119 CTV can directly constrain transaction outputs
> to a template hash.
APO/AS SIGHASH does not commit to the number of inputs (nor obviously the other
input outpoints themselves). This has some interesting consequences for Ark,
which relies on TXID non-malleability for it's ATLCs.
Either one of these cases seem to be true depending on how the contracts are
constructed:
- APO only: Users can double spend the ASP (USER CAN STEAL)
- APO + ASP single sig: ASP can stop users from unilateral exit and sweep funds
after 4 weeks (ASP CAN STEAL)
- n-of-n musig on the vTXO tree: trustless, APO however is not needed, full
interactivity, analogous to key deletion covenant (NOBODY CAN STEAL)
APO/AS can also not be used for the ATLC itself, as it has to commit to the TX
outpoint of the connector transaction.
OP_CTV however commits to the number of inputs explicitly, thus committing to a
single input prevents TXID malleability and ensures the ATLC is going to be
enforceable.
I would like to ask what the devs who are deeper into covenant research think
about this, and if I'm missing something?
- moonsettler
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
