Author: Jeremy Rubin 2022-06-24 18:05:50
Published on: 2022-06-24T18:05:50+00:00
In a discussion on the bitcoin-dev mailing list, the topic of using a merkle tree for Commitment Transaction Verification (CTV) was brought up. While it was acknowledged that a merkle tree could be superior for CTV from an API perspective, the main reason not to use one was validation performance. It was explained that the merkle tree would be extra work for just CTV and that it only adds value when there are many outputs and a random-index insertion is needed. For applications where editing the last output is common, SHA-STREAM would allow for O(1) editing of the tail. The discussion also touched on the OPTX_SEPARATELY and OPTX_UNHASHED fields, as well as the OPTX_SELECT_OUTPUT_AMOUNT32x2* and OPTX_SELECT_OUTPUT_SCRIPTPUBKEY* fields. The issue of upgradability was raised in relation to committing to specific outputs, as it can be awkward with the current approach used by both OP_TX and CTV. A merkle path was suggested as a potential solution for proving that an entire output has been taken. Overall, the discussion focused on the tradeoffs between using a merkle tree versus other methods for CTV.
Updated on: 2023-06-15T20:41:20.210143+00:00