6. Alternative design primitives
In Bitcoin smart contract design, the tools restricting the ways a UTXO could be spent are called covenants. These tools, among other things, enable new off-chain protocols, including CoinPool. Even though different covenant constructions have been discussed for years, none were activated on Bitcoin mainnet.
CoinPool requires one of the following covenants:
TAPROOT_LEAF_UPDATE_VERIFY enables dynamic editing of the Taproot tree. For CoinPool, it allows non-interactive withdrawals: a user prunes their own balance from the pool while being unable to touch other users’ balances.
MERKELSUB is a more restrictive alternative to TLUV. It allows slightly more straightforward CoinPool design, although the opcode itself could be less powerful for other use-cases.
We encourage the community to continue the exploration of constructions enabling CoinPool.
Additionally, CoinPool requires the following modifications to Bitcoin Script:
SIGHASH_GROUP is a new sighash malleability to outputs in an arbitrary way..
SIGHASH_ANYPUBKEY and SIGHASH_ANYAMOUNT are new sighash flags to remove the commitment to the outputs amounts and scriptPubkey in the transaction digest. For CoinPools, they allow linking the exact value to be a function of previous pool withdrawals.