Author: Lloyd Fournier 2022-01-24 08:01:17
Published on: 2022-01-24T08:01:17+00:00
The proposed upgrade to Bitcoin, OP_CTV or BIP119, simplifies Discreet Log Contracts (DLC) and improves their performance by a significant factor. DLC is an umbrella term for Bitcoin protocols that map oracle secret revelation to an on-chain transaction which apportions coins accordingly. The current DLC protocol uses adaptor signatures to condition each possible payout. However, this creates performance issues such as the need for two users to compute E * N attestation points where E is the number of events being combined and N is the number of outcomes per event. To address these performance issues, OP_CTV can be used in DLCs. Instead of creating an adaptor signature for every CET, the CET is committed to with OP_CTV in a tapleaf. This replaces all the multiplications needed for the adaptor signature with a few hashes, reducing computational cost significantly from hundreds of microseconds to around 5 per party. Additionally, the use of script makes it easy to do a threshold along with the script, which further reduces computational and communication complexity. Another improvement is getting rid of the attestation point multiplication. An alternative method is proposed to replace hashing in the attestation point computation, which also helps remove the EC multiplications. In summary, using OP_CTV in DLCs improves performance by around 30x compared to using MuSig2 adaptor signatures in the worst case scenario. Depending on the kind of event, removing the attestation point multiplication will also help. Communication complexity also becomes constant. In the un-cooperative case, the size of the witness is bigger and the transaction is distinguishable from other protocols.
Updated on: 2023-06-15T15:22:40.961141+00:00