6. Alternative design primitives

In Bitcoin smart contract design, the tools restricting the ways a UTXO could be spent are called covenants. These tools, among other things, enable new off-chain protocols, including CoinPool. Even though different covenant constructions have been discussed for years, none were activated on Bitcoin mainnet.

CoinPool requires one of the following covenants:

  • TAPROOT_LEAF_UPDATE_VERIFY enables dynamic editing of the Taproot tree. For CoinPool, it allows non-interactive withdrawals: a user prunes their own balance from the pool while being unable to touch other users’ balances.

  • MERKELSUB is a more restrictive alternative to TLUV. It allows slightly more straightforward CoinPool design, although the opcode itself could be less powerful for other use-cases.

We encourage the community to continue the exploration of constructions enabling CoinPool.

Additionally, CoinPool requires the following modifications to Bitcoin Script:

  • SIGHASH_ANYPREVOUT is a new sighash flag to omit the spent outpoints from the inputs and thus allowing dynamic rebinding of transactions. It enables Eltoo, an off-chain update mechanism.

  • SIGHASH_GROUP is a new sighash malleability to outputs in an arbitrary way..

  • SIGHASH_ANYPUBKEY and SIGHASH_ANYAMOUNT are new sighash flags to remove the commitment to the outputs amounts and scriptPubkey in the transaction digest. For CoinPools, they allow linking the exact value to be a function of previous pool withdrawals.

results matching ""

    No results matching ""