6. Alternative design primitives
In Bitcoin smart contract design, the tools restricting the ways a UTXO could be spent are called covenants. These tools, among other things, enable new off-chain protocols, including CoinPool. Even though different covenant constructions have been discussed for years, none were activated on Bitcoin mainnet.
CoinPool requires one of the following covenants:
-
TAPROOT_LEAF_UPDATE_VERIFY enables dynamic editing of the Taproot tree. For CoinPool, it allows non-interactive withdrawals: a user prunes their own balance from the pool while being unable to touch other users’ balances.
-
MERKELSUB is a more restrictive alternative to TLUV. It allows slightly more straightforward CoinPool design, although the opcode itself could be less powerful for other use-cases.
We encourage the community to continue the exploration of constructions enabling CoinPool.
Additionally, CoinPool requires the following modifications to Bitcoin Script:
-
SIGHASH_ANYPREVOUT is a new sighash flag to omit the spent outpoints from the inputs and thus allowing dynamic rebinding of transactions. It enables Eltoo, an off-chain update mechanism.
-
SIGHASH_GROUP is a new sighash malleability to outputs in an arbitrary way..
-
SIGHASH_ANYPUBKEY and SIGHASH_ANYAMOUNT are new sighash flags to remove the commitment to the outputs amounts and scriptPubkey in the transaction digest. For CoinPools, they allow linking the exact value to be a function of previous pool withdrawals.