Bitcoin Covenants: CHECKTEMPLATEVERIFY (BIP 119)

By / / 7 minutes of reading
Bitcoin Covenants: CHECKTEMPLATEVERIFY (BIP 119)

That is the primary article in a sequence deep diving into particular person covenant proposals which have reached some extent of maturity meriting an in depth breakdown. 

CHECKTEMPLATEVERIFY (CTV), put ahead by Jeremy Rubin with BIP 119, is probably the most mature and totally fleshed out covenant proposal, not solely out of the proposals we can be protecting, however out of all the covenant proposals of their entirety. As I discussed within the introduction article to this sequence, there are lots of considerations within the ecosystem concerning covenants which are too versatile enabling issues that wind up having very detrimental penalties for Bitcoin. 

CTV was designed particularly to constrain its capabilities tightly sufficient to keep away from any of these considerations. To first perceive how CTV features, we have to perceive the person elements of a Bitcoin transaction. 

It is a very excessive degree view of a Bitcoin transaction. It has inputs, or unspent cash (UTXOs), and outputs, the brand new unspent cash that the transaction will create when it’s confirmed in a block. There are much more items we are going to undergo, however that is the very best degree view of a transaction’s construction. 

Each transaction additionally has a model quantity subject for the entire transaction, indicating applicability of recent variations of guidelines or options. There’s additionally the marker and the flag, that are set to particular values to point the transaction makes use of Segwit. After that is the enter depend, the variety of inputs within the transaction. Then come the precise inputs. 

Every enter incorporates a TXID of the transaction that created the unspent coin being spent, a VOUT which marks what output in that transaction is being spent, the scale of the ScriptSig, and the ScriptSig, which is the unlocking script proving the enter being spent is permitted by its locking script guidelines, and at last a Sequence quantity which is used to make sure the enter being spent is following relative timelock guidelines. i.e. the enter has existed for a sure variety of blocks or size of time since its creation. 

The output depend is the subsequent piece of knowledge, the variety of outputs within the transaction. After this comes the precise outputs, which include an quantity of satoshis assigned to that output, the ScriptPubKey measurement, and the precise ScriptPubKey, which is the locking script for that output. Lastly the nLocktime subject applies a timelock worth in timestamp or block top that applies to your complete transaction. 

Every Segwit transaction additionally incorporates a Witness part, the place every enter has a corresponding witness containing a Stack Objects depend, what number of issues can be placed on the script stack, a Dimension subject for every merchandise, and the precise knowledge Merchandise to go on the stack. 

How CTV Works

CTV is an opcode that allows probably the most fundamental type of introspection and ahead knowledge finishing up of all of the covenant proposals. It permits a script to take a pre-defined 32 byte hash and examine that towards a hash of many of the fields of the spending transaction. If the hash derived from the precise spending transaction doesn’t match the pre-defined hash, the transaction is invalid. 

The fields it commits to are:

  • nVersion
  • nLocktime
  • Enter depend
  • A hash of all of the nSequence fields
  • Output depend
  • A hash of all of the outputs
  • Enter index (the place the enter has within the transaction, 1st enter, 2nd, and so on.)

These are all of the fields dedicated to by the CTV hash, of their entirety, and with no capacity to choose and select. That is the diploma of introspection CTV allows, “does the hash of these fields in the spending transaction match the hash in the locking script of the input being spent,” that’s it. The hash commits to basically your complete transaction besides the precise inputs. There’s a motive the hash doesn’t embody the inputs. With a view to lock an output to a 32 byte hash with CTV, it’s worthwhile to know the hash of the transaction that you’re making certain is the one means for it to be spent. The enter locked with CTV being spent should embody this hash as a way to be verified towards CTV. That necessitates having the hash of that transaction earlier than you create the whole transaction. That’s not doable. 

You may as well nest CTV scripts, i.e. have an preliminary CTV script decide to a transaction with outputs that additionally embody CTV scripts. That is what permits CTV to “carry forward” knowledge. All it carries ahead in observe although is no matter knowledge is contained within the chain of transactions. You are able to do this in concept to an infinite depth, however you’re restricted in observe to a finite depth as a result of the nesting should be generated backwards ranging from the tip. It’s because every degree, or “hop,”  should have the hash of the transaction shifting to the subsequent one, in any other case you possibly can’t create the locking script within the first place. Should you don’t already know the subsequent transaction, you possibly can’t generate the earlier one. 

What Is CTV Helpful For

CTV lets you prohibit an output in order that it could actually solely be spent, in keeping with consensus guidelines, by an actual pre-defined transaction. A few of you may be asking what the large deal is, we will already pre-sign transactions. If the extent of introspection is so restricted that it could actually solely accomplish one thing we will already just do pre-signing, what’s the worth add? 

First, pre-signed transactions all the time go away open the potential for the keyholder(s) signing new transactions and spending these cash another way. You must belief that the keyholder won’t do that, or will delete the important thing wanted to signal with (which you additionally need to belief them on). CTV removes that belief completely. As soon as the spending transaction is outlined and the output locked to that CTV hash is created, there isn’t a risk of being spent one other means, enforced by consensus. 

At the moment the one means round that belief is to be concerned in pre-signing transactions your self utilizing multisig. Then you definately may be utterly sure that except you select to signal one your self, no different legitimate transaction spending a coin another way may be created. The issue is the extra persons are concerned, the harder and unreliable coordinating everybody to pre-sign a transaction on the identical time turns into. Previous small sizes it turns into a very impractical downside to resolve reliably. 

CTV offers a means for folks to know a set of transactions is dedicated with out everybody having to get on-line on the identical time to signal them. It drastically simplifies the coordination course of by permitting everybody to get the wanted info to anybody else at any time when they will, and as soon as that individual has everybody’s info they will create the chain of CTV transactions with out anybody else’s involvement, and everybody can confirm and make certain that the right final result is the one doable one. 

That’s extremely worthwhile by itself, however CTV may also allow much more worthwhile issues together with different opcodes, which we’ll see within the subsequent article. 

Closing Ideas

CTV is a tightly restricted covenant that allows a level of introspection and ahead knowledge carrying that’s so restricted it doesn’t exceed the precise performance of something that may be finished with pre-signed transactions. The worth proposition is just not in enabling new performance in its personal proper, however drastically enhancing the effectivity, scalability, and safety ensures of what may be constructed presently utilizing pre-signed transactions. This alone is an enormous profit to virtually each presently deployed protocol utilizing pre-signed transactions.

Listed below are among the tasks demonstrating how totally fleshed out and explored this specific covenant is in comparison with the others:

  • A fundamental cost pool instance by stutxo. 
  • A CTV vault implementation by James O’Beirne, who went on to suggest OP_VAULT (which nonetheless makes use of CTV). 
  • A proof-of-concept port of the pre-signed transaction based mostly Ark implementation from Second by Steven Roose to make use of CTV as a substitute.
  • The Sapio Language by Jeremy Rubin himself, the next degree language for constructing contracts with CTV (additionally supporting the usage of pre-signed transactions as a substitute). 
  • Timeout Bushes, a proposal for a really fundamental coinpool design by John Legislation.
  • Quite a few different doable protocols, resembling optimized Discreet Log Contracts (DLCs), non-interactive Lightning channels one get together may open with out the opposite, and even decentralized methods for miners to pool collectively. 

CTV is an extremely mature proposal at this level, with a excessive worth add, and no threat of enabling something driving the considerations round covenants. This could not solely be very severely thought of, however in my private opinion ought to have been activated years in the past. 

Supply hyperlink

Related Posts

bitcoin
Bitcoin (BTC) $ 93,725.11 5.72%
ethereum
Ethereum (ETH) $ 1,810.02 10.87%
tether
Tether (USDT) $ 1.00 0.02%
xrp
XRP (XRP) $ 2.27 8.11%
bnb
BNB (BNB) $ 612.06 1.04%
solana
Solana (SOL) $ 152.23 8.47%
usd-coin
USDC (USDC) $ 1.00 0.00%
dogecoin
Dogecoin (DOGE) $ 0.183127 11.44%
cardano
Cardano (ADA) $ 0.704628 10.18%
tron
TRON (TRX) $ 0.246174 0.89%
staked-ether
Lido Staked Ether (STETH) $ 1,811.81 11.06%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 93,510.05 5.69%
chainlink
Chainlink (LINK) $ 15.05 11.97%
avalanche-2
Avalanche (AVAX) $ 22.77 11.60%
sui
Sui (SUI) $ 2.89 24.25%
leo-token
LEO Token (LEO) $ 9.08 2.99%
stellar
Stellar (XLM) $ 0.271861 8.85%
shiba-inu
Shiba Inu (SHIB) $ 0.000014 8.65%
the-open-network
Toncoin (TON) $ 3.13 7.65%
hedera-hashgraph
Hedera (HBAR) $ 0.186095 7.40%
wrapped-steth
Wrapped stETH (WSTETH) $ 2,162.59 10.60%
usds
USDS (USDS) $ 1.00 0.01%
bitcoin-cash
Bitcoin Cash (BCH) $ 359.62 3.75%
litecoin
Litecoin (LTC) $ 84.40 5.70%
hyperliquid
Hyperliquid (HYPE) $ 18.92 2.15%
polkadot
Polkadot (DOT) $ 4.13 9.26%
bitget-token
Bitget Token (BGB) $ 4.59 2.90%
binance-bridged-usdt-bnb-smart-chain
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 1.00 0.11%
weth
WETH (WETH) $ 1,802.32 10.61%
ethena-usde
Ethena USDe (USDE) $ 0.998357 0.14%
pi-network
Pi Network (PI) $ 0.668206 4.88%
monero
Monero (XMR) $ 228.58 5.00%
whitebit
WhiteBIT Coin (WBT) $ 28.53 0.33%
wrapped-eeth
Wrapped eETH (WEETH) $ 1,922.52 10.73%
pepe
Pepe (PEPE) $ 0.000009 12.77%
coinbase-wrapped-btc
Coinbase Wrapped BTC (CBBTC) $ 93,596.08 5.54%
uniswap
Uniswap (UNI) $ 6.05 11.36%
aptos
Aptos (APT) $ 5.38 8.41%
dai
Dai (DAI) $ 1.00 0.06%
okb
OKB (OKB) $ 52.34 2.22%
near
NEAR Protocol (NEAR) $ 2.49 11.52%
ondo-finance
Ondo (ONDO) $ 0.938428 8.69%
gatechain-token
Gate (GT) $ 23.73 2.33%
bittensor
Bittensor (TAO) $ 334.34 1.31%
internet-computer
Internet Computer (ICP) $ 5.21 10.03%
tokenize-xchange
Tokenize Xchange (TKX) $ 33.05 3.43%
ethereum-classic
Ethereum Classic (ETC) $ 16.97 8.12%
crypto-com-chain
Cronos (CRO) $ 0.091575 10.18%
susds
sUSDS (SUSDS) $ 1.05 0.01%
aave
Aave (AAVE) $ 166.65 12.21%
blackrock-usd-institutional-digital-liquidity-fund
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00 0.00%
kaspa
Kaspa (KAS) $ 0.095095 3.09%
render-token
Render (RENDER) $ 4.64 4.93%
mantle
Mantle (MNT) $ 0.709053 3.74%
vechain
VeChain (VET) $ 0.026112 9.89%
ethena-staked-usde
Ethena Staked USDe (SUSDE) $ 1.16 0.13%
cosmos
Cosmos Hub (ATOM) $ 4.39 6.46%
polygon-ecosystem-token
POL (ex-MATIC) (POL) $ 0.222901 3.31%
lombard-staked-btc
Lombard Staked BTC (LBTC) $ 93,357.01 5.63%
ethena
Ethena (ENA) $ 0.351719 18.36%
official-trump
Official Trump (TRUMP) $ 9.37 9.96%
algorand
Algorand (ALGO) $ 0.218858 11.94%
fasttoken
Fasttoken (FTN) $ 4.23 0.10%
filecoin
Filecoin (FIL) $ 2.76 9.26%
celestia
Celestia (TIA) $ 2.82 11.26%
sonic-3
Sonic (prev. FTM) (S) $ 0.522575 9.34%
fetch-ai
Artificial Superintelligence Alliance (FET) $ 0.628664 5.51%
arbitrum
Arbitrum (ARB) $ 0.331627 9.63%
first-digital-usd
First Digital USD (FDUSD) $ 0.999425 0.08%
jupiter-perpetuals-liquidity-provider-token
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.14 5.10%
solv-btc
Solv Protocol SolvBTC (SOLVBTC) $ 93,209.97 5.31%
kucoin-shares
KuCoin (KCS) $ 10.29 4.36%
jupiter-exchange-solana
Jupiter (JUP) $ 0.455159 11.06%
maker
Maker (MKR) $ 1,521.15 9.53%
binance-staked-sol
Binance Staked SOL (BNSOL) $ 159.17 8.31%
optimism
Optimism (OP) $ 0.760427 8.77%
bonk
Bonk (BONK) $ 0.000016 21.90%
xdce-crowd-sale
XDC Network (XDC) $ 0.078299 8.71%
blockstack
Stacks (STX) $ 0.8056 5.91%
immutable-x
Immutable (IMX) $ 0.65462 31.69%
fartcoin
Fartcoin (FARTCOIN) $ 1.17 10.12%
worldcoin-wld
Worldcoin (WLD) $ 0.86986 9.87%
binance-peg-weth
Binance-Peg WETH (WETH) $ 1,815.10 11.19%
nexo
NEXO (NEXO) $ 1.07 1.82%
flare-networks
Flare (FLR) $ 0.016792 3.60%
kelp-dao-restaked-eth
Kelp DAO Restaked ETH (RSETH) $ 1,878.26 10.61%
quant-network
Quant (QNT) $ 71.65 5.90%
story-2
Story (IP) $ 3.84 6.37%
eos
EOS (EOS) $ 0.673244 6.42%
sei-network
Sei (SEI) $ 0.195543 7.59%
usdt0
USDT0 (USDT0) $ 1.00 0.05%
injective-protocol
Injective (INJ) $ 9.49 9.74%
dexe
DeXe (DEXE) $ 15.83 6.46%
curve-dao-token
Curve DAO (CRV) $ 0.683319 8.80%
the-graph
The Graph (GRT) $ 0.092299 8.64%
paypal-usd
PayPal USD (PYUSD) $ 1.00 0.01%
rocket-pool-eth
Rocket Pool ETH (RETH) $ 2,032.33 10.67%
binance-bridged-usdc-bnb-smart-chain
Binance Bridged USDC (BNB Smart Chain) (USDC) $ 1.00 0.02%
tether-gold
Tether Gold (XAUT) $ 3,335.98 4.15%
polygon-bridged-usdt-polygon
Polygon Bridged USDT (Polygon) (USDT) $ 1.00 0.04%
Scroll to Top