We’re already beginning to see the seeds of second layer potential develop from the bottom layer primitives which were added or optimized within the first decade. Lightning, whereas nonetheless topic to some fairly huge limitations, is absolutely beginning to thrive. And that’s simply the restricted first model that’s at present specified and deployed. There are actually sidechains of varied sorts deployed: Liquid, RSK, and even token chains tied to Bitcoin developed by Commerceblock. That is simply the beginning.
Schnorr and Taproot
Simply over the horizon, we’ve the mix of Schnorr and Taproot. On the Schnorr aspect of issues, this can be a less expensive to confirm signature scheme in batches, in addition to the subsequent huge leap in optimizing the assemble of multi-signature scripts in Bitcoin. Multisig began out as simply stuffing all the general public keys and script for the multisig in a transaction output to ship to it, and having to incorporate all of that within the enter to spend it. P2SH optimized the output side, by together with a relentless size hash of the general public keys and scripts of the multisig, saving charges for anybody sending to a multisig handle and leaving an elevated value just for the sender. SegWit arguably “optimized” additional by making spending multisig UTXOs cheaper with the witness low cost. Schnorr takes all this incremental optimization to the acute. You mix the person public keys right into a single key, which everybody can collaborate to make a single signature for, and simply verify that. This creates large value financial savings for all use of multisig, together with second layers like Lightning and federated sidechains, and creates a privateness profit as nicely by making all of those multisig UTXOs indistinguishable from single signature ones.
Now that doesn’t simply magically make every thing fully non-public. Lightning channel states (transactions) nonetheless require separate key paths for his or her penalty transactions to react to submission of previous states. Meaning these must be within the output scripts which creates a fingerprint. Taproot solves this with its crypto-magic permitting you to commit a merkle tree of various spending situations, that require solely the situation used and merkle proof to the merkle root to spend, to a standard wanting Schnorr public key. Now you’ll be able to conceal that penalty script path with taproot. You possibly can conceal any conditional script path with Taproot, buried beneath a wonderfully regular wanting Schnorr key that enables all members to agree on one thing and make a wonderfully regular wanting transaction.
SIGHASH_ANYPREVOUTPUT
SIGHASH_ANYPREVOUTPUT (beforehand SIGHASH_NOINPUT) is hopefully the subsequent new primitive to come back down the pipeline. It’s a new public key format/sighash flag improve. Sighash flags specify which elements of a transaction a signature is committing to. This performance is there so as to do one thing like signal simply your enter and outputs, however enable different individuals so as to add their very own inputs and outputs to a transaction with out invalidating it. However at present, a signature has to decide to an precise UTXO from an precise transaction. SIGHASH_ANYPREVOUT, amongst different issues, would allow committing a signature to only a UTXO script, not an precise particular UTXO. This permits a brand new means (eltoo) to assemble Lightning channel states that doesn’t require a penalty key or take care of previous states by permitting the cheated social gathering to confiscate all the cash. As a substitute, the present channel state may merely re-spend the previous channel state if it misplaced the double spend race, guaranteeing everybody will get their present channel steadiness on chain versus a previous outdated steadiness. You accomplish that by simply re-using the identical script in the best place and utilizing SIGHASH_ANYPREVOUT.
This removes a variety of dangers concerning you shedding present channel states leading to a penalty transaction taking your funds for an sincere mistake. It additionally allows MUCH extra. Now we will have Lightning channels with greater than 2 members, and may even stack “sub-channels” on high of these. Additionally, SIGHASH_ANYPREVOUT and eltoo allow the creation of Statechains, a sort of federated channel assemble that enables new members to enter and exit fully off chain with the belief assumption that the federation won’t collude with previous members to defraud anybody. This opens a variety of potential for what I’ve been calling to myself “multi-party static UTXO protocols.”
OP_CHECKTEMPLATEVERIFY
OP_CTV is a proposal by Jeremy Rubin to allow a really fundamental kind of “covenant” on Bitcoin. A covenant is extra sophisticated restrictions to spending a coin past signatures from sure keys. The kind of covenant Rubin’s proposal would implement is a “template.” Primarily, this permits a UTXO’s script to require particular precise outputs to be created by the spending transaction. So as soon as a UTXO is created utilizing OP_CTV, it’s enforced by consensus that the UTXO must be spent to particular addresses within the particular quantities outlined in that UTXO’s script. You possibly can even chain these collectively in order that one in all these UTXOs is compelled to make a couple of extra of them, that are then compelled to make a couple of extra, on and on.
This has huge normal applicability all over. In excessive price environments, a single UTXO may be made by a custodial entity that 100% beneath consensus guidelines ensures all of their prospects funds will wind up beneath their prospects management, though they don’t have instant entry to them within the second. This has a variety of potential synergy with multi-party channels (channel factories), in {that a} mass “withdrawal” carried out like this will additionally concurrently create and be used as a channel manufacturing facility. OP_CTV can be utilized to create cost channels that at the very least work uni-directionally with out the receiving finish having to take part or have a key on-line to obtain funds (and keep in mind you’ll be able to stack channels on high of one another). It will probably even be used to permit a single channel to course of extra HTLCs at one time by bundling them along with the identical trick that first instance with custodial withdrawals makes use of. And would possibly even create some potential for brand new sorts of coinjoins.
Placing All the things Collectively
Assuming all of the above proposals are adopted and integrated into Bitcoin, I actually suppose that apart from the builders truly engaged on the forefront of these items, individuals don’t even have the faintest clue what sorts of protocols and providers might be constructed utilizing these primitives. Or the bizarre issues the place there is no such thing as a clear dividing line between service or protocol.
They will allow multi-party channels with theoretically unbounded participant numbers, that may stack sub-channels on high with smaller sub-groups of the members of the bottom channel. Channels may be constructed on high of those “channel factories” that enable individuals to obtain cash with out having keys on-line for a sizzling pockets. These multi-party channels can themselves be stacked on high of federated channels (statechains) that enable members to enter or exit with zero on-chain exercise! And the assemble of channel “splicing” will enable liquidity to maneuver comparatively seamlessly between completely different channels in methods that may allow all types of issues individuals haven’t even actually started fascinated by.
My final phrase on this part is: that is solely contemplating what may be carried out with issues I think about direct elements of the Bitcoin protocol stack itself. You are able to do much more in case you begin taking a look at centralized custodial providers, and what subset of Bitcoin’s properties these can present ignoring regulatory or authorized limitations from doing so.
That is simply Part 2 of 4, learn the subsequent half tomorrow.
