Author: Swambo, Jacob 2022-04-29 13:22:14
Published on: 2022-04-29T13:22:14+00:00
The author acknowledges the benefits of using (optional ANYONECANPAY) APOAS instead of CTV in the short-term, as it enables Eltoo. However, they argue that there is a point in favor of CTV in the long-term beyond optimization. With APOAS-based covenants, the signature message algorithm is tied to both the covenant commitment and transaction validation, which introduces a trade-off between safety and flexibility with covenant-based applications. The maximally safe and restricted covenant commits to all inputs and outputs of the transaction (using SIGHASH ALL), while a less restricted covenant commits to a single input and a single output (using ANYONECANPAY|SINGLE) but opens itself up to attacks making use of transaction malleability and signature replay. To bypass this trade-off, the author suggests separating the covenant commitment from the signatures to validate transactions (as with CTV and TXHASH + CHECKSIGFROMSTACK). This separation provides additional flexibility for new templates with new CTV versions or with the TXHASH primitive, which can enable significantly more utility for covenant-based applications.
Updated on: 2023-06-15T19:25:00.318010+00:00