Author: ZmnSCPxj 2022-05-12 03:07:45
Published on: 2022-05-12T03:07:45+00:00
In a Bitcoin-dev email thread, ZmnSCPxj writes that the state of the art has advanced to the point where it is known that `OP_CAT` can enable non-recursive covenants in tapscript, but it is not yet clear whether `OP_CAT` can enable recursive covenants. A. Poelstra's blog post shows how to use CAT to get the signed transaction data onto the stack and apply introspect (using CAT) to build functionality similar to OP_CTV. The missing bits for enabling recursive covenants comes down to needing to transform a scriptpubkey into an taproot address, which involves some tweaking. Poelstra has suggested that it might be possible to hijack the ECDSA checksig operation from a parallel, legacy input, in order to perform the calculations for this tweaking. ZmnSCPxj also notes that the trick of linearity in Schnorr verification does not work for ECDSA. It seems this also works with `OP_SUBSTR`, simply by inverting it into "validate that the concatenation is correct" rather than "concatenate it ourselves". Finally, ZmnSCPxj raises the question of whether recursive covenants are good, and suggests that if they are, work should be done to make them cheap and private to avoid centralization and censorship.
Updated on: 2023-06-15T20:34:04.453591+00:00