Published on: 2016-11-07T19:30:26+00:00
Russell O'Connor has provided a detailed explanation on how to implement covenants using the OP_CAT and OP_CHECKSIGFROMSTACKVERIFY op codes in the Elements Alpha sidechain. These op codes allow for the construction of covenants in Elements Alpha currently. O'Connor has also demonstrated the construction of the Moeser-Eyal-Sirer vault as an example. The implementation involves creating an output that can be spent by anyone if it is double-spent with two different transactions. This is achieved by adding a case to the script that allows spending when two valid signatures on different messages under the public key of the output are given.The "opt-in miner takes double-spend" functionality can be implemented using either OP_CAT or OP_CHECKSIGFROMSTACKVERIFY. By creating an output that is spendable by everyone if it is double-spent, the next miner who mines the double-spent transaction will receive all the money. The recipient can accept zero-conf transactions, knowing that the sender will lose the money upon attempting to double-spend. In the case of OP_CHECKSIGFROMSTACKVERIFY, spending is allowed if two valid signatures on different messages under the public key of the output are provided. OP_CAT offers a simpler way to achieve the same functionality by converting Bitcoin's ECDSA into an opt-in one-time signature scheme.During the discussion on the bitcoin-dev mailing list, Daniel Robinson and Russell O'Connor explored the possibility of implementing "poison transactions" using OP_CHECKSIGFROMSTACKVERIFY. O'Connor mentioned that while he had not extensively studied poison transactions, adding transaction introspection operations could save a significant amount of work as the transaction data is easily recoverable. Although there are no immediate plans to include transaction introspection opcodes in Elements, it remains a possibility in the future.Johnson Lau also joined the conversation, sharing his alternative implementation of OP_CHECKSIGFROMSTACKVERIFY. Instead of hashing the data on stack, he directly puts the 32 byte hash onto the stack. Lau believes that this approach offers more flexibility as not all systems use double-SHA256.The discussion prompted Russell O'Connor to encourage the collection and implementation of other useful covenants. A business case example was presented, demonstrating the usage of multisig with an oracle determination to protect against renegotiation or unforeseen circumstances. The terms of the transaction included a CLTV lasting several years, and both parties could mutually select and sign one of the payout distributions for early exit. The desired features were the ability for one party to sell their participation before the CLTV becomes valid and the mutual revocation of rogue oracle-entities without affecting other terms.Overall, the implementation of covenants using OP_CAT and OP_CHECKSIGFROMSTACKVERIFY in the Elements Alpha sidechain has been detailed by Russell O'Connor. The construction process is already available and can be used to create various types of covenants. Johnson Lau has also provided an alternative implementation of OP_CHECKSIGFROMSTACKVERIFY. O'Connor welcomes suggestions for implementing other useful covenants and encourages the community to share their ideas.
Updated on: 2023-08-01T19:12:07.382820+00:00