A High-level Overview of Covenants - HackMD

<style> .reveal { font-size: 28px; } </style> ## A High-level Overview of Covenants ## (from a Layer2 Perspective) Jeffrey Hu, HashKey Capital Mar 2024 --- ## About Me - Head of Tech Research @ HashKey Capital - Contributor of Bitcoin Optech newsletter --- ## 主要内容 ## Contents - 限制条款概览 - L2 现状 - 限制条款对 L2 能带来哪些可能性？ - Covenants overview - L2 landscape - What covenants could bring to L2? --- # 限制条款 # Covenant --- ## 什么是限制条款 ## What is Covenant? > 比特币限制条款（covenants）是一种能够给未来的比特币交易设置条件的机制。 > Covenant is a mechanism to enforce conditions on future bitcoin transactions. --- ## 什么是限制条款 ## What is Covenant? - 对比： - 当前的脚本：只要能解锁，可以花到任意地方 - 限制条款：限制 UTXO 之后的花费 - 「专款专用」 - Comparison: - Current scripts: can spend to anywhere if it can be unlocked - Covenants: restrict on future spendings of the UTXO - “Earmarked funds” --- 限制条款使得交易的「内省」成为可能，检查交易的几乎任何内容（包括输出） Covenants allow “introspection” which the script can check any part of the transaction that spends it. ![image](https://hackmd.io/_uploads/ByjuF832T.png) --- ## 不同类型的限制条款实现方式 ## Different Ways to Implement Covenants 更像一个效果而非某种技术，因此有许多种实现的技术方式 - 类型：通用型、专用型 - 实现方式：基于 Opcode、基于签名 - 递归：递归、非递归 More like a feature, not a ~~bug~~ tech. So there're lots of ways to implement. - Type: Generalized, Restrictive - Design: Signature based, Opcode based - Recursive: Recursive, Non-recursive --- ## 递归 ## Recursive - 限制条款也可以通过限制下一笔输出来限制再下一笔的输出 - 限制（限制（限制……（限制（限制条款））……）），也就是递归限制条款 - By restricting the output of the next tx, covenants can restrict the output of the next next one. - That makes a Recursive Covenants. ![image](https://hackmd.io/_uploads/S1ceoI3hp.png) --- ## 一些主流的限制条款设计 ## Some Popular Covenants Designs ![image](https://hackmd.io/_uploads/By17gWza6.png =600x) - 一些较新的设计还包括：TLUV、OP_EVICT、CATT 等 - Some other new designs including: TLUV, OP_EVICT, CATT, etc. --- - 但为什么要做限制检查？因为不只是限制，更是设置了规则 - 可以更多按照预先设定的规则来执行交易 - 所以反直觉的，这可以解锁更多应用场景 - But why restrict? Setting rules! - Txs could be executed according to the preset rules. - Counterintuitively, this can unlock more use cases! --- ## L1 上的应用 —— 拥堵控制 ## Use Cases on L1 -- Congestion Control - 在 feerate（请别再管这个叫「gas」了！）高的时候先承诺到一个批量发送的交易上 - 等 feerate 低的时候再发送具体的交易 - commit & send a batched tx when feerate (for God's sake, stop calling it “gas”) is high - send the detailed txs when feerate is low --- ## L1 上的应用 —— 保管库 ## Use Cases on L1 -- Vault - 保证资金安全：即使账户被黑（丢失了私钥），也能限制资金去向（例如使用时间锁） - keep bitcoins safe: restrict to spend to your own address, even hacked (e.g. timelock) --- ## L1 上的应用 ## Use Cases on L1 - 使用 `OP_CAT`，实现[一个只能向自身付款的交易](https://twitter.com/rot13maxi/status/1757243788987093411) - a recursive covenant, by using `OP_CAT`, [which can only spend its bitcoin is by sending them back to itself](https://twitter.com/rot13maxi/status/1757243788987093411) --- # Bitcoin L2s --- ## 2023 年初的 Layer2 ## Layer2s (Early 2023) [“how it started”](https://twitter.com/hu_zhiwei/status/1651876214502752258) ![](https://pbs.twimg.com/media/FuyA9PsaIAAIKQh?format=png =400x) --- ## 2024 年初的 Layer2 ## Layer2s (Early 2024) [“how its going”](https://twitter.com/HouseofChimera/status/1763883253528739841) ![image](https://hackmd.io/_uploads/rkH5khgaa.png =700x) --- ## Covenants 对 L2 的作用 —— 闪电网络 ## Covenants Use Cases for L2 -- LN - 简化 LN 的实现并提高用户体验： - 通道工厂 - 免交互的建立通道 - Eltoo - 更安全的 HTLC - [Timeout tree —— 提高可扩展性](https://bitcoinops.org/en/newsletters/2023/09/27/#using-covenants-to-improve-ln-scalability) - Simplify LN and enhancing UX: - Channel factories - Opening channels non-interactively - Eltoo - Safer HTLC - [Timeout tree -- improve LN scalability](https://bitcoinops.org/en/newsletters/2023/09/27/#using-covenants-to-improve-ln-scalability) --- ## 其他（例如「rollups」）主要技术路线 ## Other (e.g. “rollups”) Popular Designs - 侧链：L1 + 跨链 + 共享安全（可选） - Rollups：仿照以太坊架构，在侧链基础上增加了验证环节、写 DA 等步骤 - BitVM：在 Rollup 验证或跨链中，采用 BitVM 来验证；但依赖于 BitVM 未来可实现 - Sidechain：L1 + bridge + shared security (optional) - Rollups: Modeled after the Ethereum L2s, adding verification, DAs, and other steps on top of the sidechain - BitVM: Used In Rollup verification or bridging; however, it is dependent on BitVM to be delivered in the future. --- ## 当前「rollup」的共识安全 ## The Consensus Security of Current “Rollups” - PoS： - 很多使用 PoS 共识，和主链基本独立 - 还有一些是利用 Babylon 等 restaking 来借用主链的资产安全（非算力安全） - PoS: - Many rollups just use PoS consensus, which is independent with Bitcoin main chain - Some others use restaking protocol like Babylon to borrow security based on assets (not computing power) --- ## 当前「rollup」的共识安全 ## Consensus Security of the Current “Rollups” - PoW： - 合并挖矿，一般需要客户端软分叉（Rootstock）或硬分叉（Drivechain） - 或者依赖于 BitVM 在未来能实现 OptiMine（BoB） - PoW: - Merge mining, soft-fork(like Rootstock) or hard-fork(like Drivechain) is usually needed - Or rely on BitVM can implement OptiMine(BoB) in the future --- ## Covenants 对 L2 的作用 —— 安全性 ## Covenants Use Cases for L2 -- Security - Spacechain 使用 [APO/CTV 实现盲化合并挖矿](https://gist.github.com/RubenSomsen/5e4be6d18e5fa526b17d8b34906b16a5) - 使用 APO 来实现一个一系列（上一笔只能由下一笔花费）交易 - 侧链可以付款（在这系列交易中增加输入），来获得矿工对侧链哈希的承诺 - 矿工通过竞争算力，来获取这部分挖矿以外的奖励 - Spacechain uses [APO/CTV to achieve blinded merge mining](https://gist.github.com/RubenSomsen/5e4be6d18e5fa526b17d8b34906b16a5) - Achieved by a string of txs, each only spendable by the next, by using APO - Sidechain can pay (by adding inputs in the serial), to let miners decide and commit (hash) to the sidechain - Miners compete for the extra rewards besides the Coinbase rewards --- ## Covenants 对 L2 的作用 —— 安全性 ## Covenants Use Cases for L2 -- Security - CTV 也可以实现类似 [Drivechain](https://utxos.org/uses/drivechains/) 的双向锚定 - CTV can also implement 2-way peg like [Drivechain](https://utxos.org/uses/drivechains/) --- ## Covenants 对 L2 的作用 —— 安全性 ## Covenants Use Cases for L2 -- Security - Babylon staking 合约也需要某种限制条款功能：限制被 slash（泄露私钥后）只能去 burn 掉而不是转走 - 在 CTV 等限制条款启用前，只能用 [emulator 委员会](https://github.com/babylonchain/covenant-emulator)来替代实现 - 如果有 CTV，那么可以直接在链上实现 - Babylon staking contract also need some covenants feature: restrict assets which be slashed can only be burned but not to be transferred to any other address - Before CTV is enabled, covenants will only be achieved by an [emulator committee](https://github.com/babylonchain/covenant-emulator) - The feature could be implemented if CTV is enabled --- ## 当前「rollup」的跨链 ## Bridges of the Current “Rollups” - 轻客户端或 ZK 桥。但因为比特币没法反向验证，这个方向上会退化成多签方式 - DLC，虽然侧链验证人作为一个「oracle」来加入，但 2-3 多签中有 2 席由项目方控制，仍然属于（中心化）多签范畴 - Light client or ZK bridge. But because Bitcoin cannot verify proof on other chains, so it will deteriorate to multisig in this direction - DLC, altough validators on the sidechain joined in as an “oracle”, but 2 seats in the 2-3 multisig are controlled by the dev team, so it should still be considered as a (centralized) multisig solution --- ## 当前「rollup」的跨链 ## Bridges of the Current “Rollups” - 多签验证人集合尽量扩大：利用 Tapscript 和 Schnorr 签名等技术（Nomic） - 多签验证人动态组合（Spiderchain） - Bigger multisig set: using Tapscript and Schnorr signature (Nomic) - Dynamic pick multisig participants (Spiderchain) --- ## Covenants 对 L2 的作用 —— 跨链 ## Covenants Use Cases for L2 -- Bridging - [使用递归限制条款](https://tr3y.io/articles/crypto/bitcoin-zk-rollups.html)来保管 rollups 在主链上的资金 - 根据 rollup 状态更新来对应操作（例如提款） - Deposit for rollups on L1 [using recursive covenants](https://tr3y.io/articles/crypto/bitcoin-zk-rollups.html) - Operate according to rollup state updates (e.g. withdraw) --- ## 当前「rollup」的验证 ## Verification of the Current “Rollups” - 侧链上生成一个 ZK proof 或 fraud proof，提交到 DA（比特币主链或其他 DA） - 由验证者/挑战者来挑战，通过经济激励和博弈来保证状态转换和执行的正确性 - ZK proof or fraud proof is generated on the side chain, and is submitted to DA (Bitcoin main chain or other DAs) - Challenge is performed by a verifier/challenger; State transition is guaranteed by the economy and game theory. --- ## Covenants 对 L2 的作用 —— 验证机制 ## Covenants Use Cases for L2 -- Verification - Spiderchain： - 可使用限制条款（例如 CTV）来增加经济方面的安全性 - 因为可实现 zk proof 或 fraud proof，所以最少只需要 1 个诚实参与者即可（保证 liveness） - [使用 MATT](https://bitcoin.stackexchange.com/questions/119239/what-are-matt-opcodes/) 来实现一种 fraud proof - Spiderchain: - Can use covenants (like CTV) to ensure economic security - Because zk proof or fraud proof is possible, only 1 participant is needed at minimal - Fraud proof by [using MATT](https://bitcoin.stackexchange.com/questions/119239/what-are-matt-opcodes/) --- ## 最后 ## At Last 虽然现在各种 L2 方案比较吸引人，并且为了赶上减半周期使用了各种简化或折中之后的方案快速上线，但具体加固的方案还需要包括限制条款在内的各种底层技术方案来不断优化。 Although L2 solutions got lots of traction, which uses many simplified and trade-offs designs for a quick-launch to meet the Halving in April, solid infra designs including Covenants are still needed to improve L2s. --- ## 谢谢 ## Thank you contact: https://linktr.ee/hzw