Nostr Web Client

there’s a lot of talk about “covenants” but not a lot of understanding what that entails. lets do a little dive into how i think about the opcode proposals and how they relate to “enabling covenants on bitcoin”

what is a covenant?

great question. a covenant is the ability to specify what the transaction that spends your bitcoin must look like. for example, you could say “the transaction that spends this bitcoin must pay 500k sats to this address” or “the transaction that spends this bitcoin must have a locktime set to block 880,000”

in order to make these kinds of assertions in bitcoin transactions, you need the ability to find out what information is in the transaction that is spending an output. this information needs to be accessible when the script is running.

bitcoin script is a limited programming language that you use to write locks for bitcoin. one of the limitations is what data you have access to while the program is running.

so in order to write more “expressive” bitcoin scripts, which can say “one output must be to my address and pay 500k sats”, for example, you need to be able to look at the outputs on a transaction.

this ability to look at the info on a transaction is called “introspection”. being able to introspect a transaction is a big missing piece in bitcoin. adding introspection enables you to write covenants.

so how do you get introspection in bitcoin script?

you have to add a new opcode for it. in fact, we’ve added two opcodes to bitcoin that enable introspection already: op-checklocktimeverify (op-cltv) and op-checksequenceverify (op-csv)

these look at the locktime/sequence of a transaction and require a certain value to be set in order to be valid. they were added in order to enable lightning, which uses both op-cltv and op-csv to make “primitive” covenants. these were added to enable LN, to help scale bitcoin.

today you could write a bitcoin script that asserts “the transaction that spends this bitcoin must have a locktime set to block 880,000”. you’d use op-cltv to make that script, and any coins locked to that script wouldn’t be spendable til block 880,000.

there’s no way to look at the output fields in a transaction though. you cant write a script that requires funds to go somewhere, you’d have to use presigned txs (like how lightning does) to make that kind of assertion.

ok so the goal of introspection is to let you look at what information is in a transaction that’s spending a bitcoin output. we can do this already with op-cltv and op-csv. but this is limited just to timelocks, and doesn’t let us make assertions about outputs, or other inputs.

in the next post i’ll talk about how the current opcode proposals (op-ctv, op-txhash, op-tx, op-cat) work and how they enable more broad tx introspection !

if you found this interesting, check out nostr:npub1vmpf90hq56wzyxht6teg3llpa74rzcepw9suj5unxl3tph24zd4qgtxhm7 and our classes on bitcoin transactions!

Reply to this note

Please Login to reply.

Discussion

w3ird_ 1y ago

good content. I'm trying to zap but it won't resolve. 😔

w3ird_ 1y ago

this is a great breakdown. I still don't know why I _need_ this on the base layer though.

nostr:nevent1qqsy0m93tu49gtqxdjnm62u3xlvkgy8tc8gdwx8sy7dm0vgulu58qkqpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygxtchhkkqwt68l69ju44920qnpct2fkcx5xuxaeen0jeu85a04vevpsgqqqqqqs2m6cgz

Satoshi Consult🔑 1y ago

Thanks for sharing this valuable explanation, nostr:npub1e0z776cpe0gllgktjk54fuzv8pdfxmq6smsmh8xd7t8s7n474n9smk0txy

Bertha 1y ago

Great explainer. Does any wallet implement access to CLTV for the regular user? I don’t think so but maybe Nostr knows.

niftynei() 🇺🇸💸🧡 1y ago

@walletsardine and @anchorwatch are building/have timelock capabilities, but theyre the only ones i know of. the reasons for this are a bit complex

Bertha 1y ago

🫡

Conrad Keeps 1y ago

I can see uses. Is the downside that it would be easier for people to scam (here is the payment but you missed the part where you have to give me 95% of it back if you try and spend it)?

niftynei() 🇺🇸💸🧡 1y ago

not without them sending your bitcoin to an address your wallet doesn’t recognize — if you’re the one providing the address for the sats to be sent to, you’re the one fully deciding how those bitcoin can be spent

Conrad Keeps 1y ago

Ok. That makes sense. Thank you for taking the time to explain 😊👍

Conrad Keeps 1y ago

Followed. ‘Zap failed’ not sure if you or me.

Sawzall 1y ago

Note to self: finish the base58 Udemy bitcoin basics courses purchased last year

niftynei() 🇺🇸💸🧡 1y ago

planning to spin up some study clubs next month! will keep you posted 👍

Boog 1y ago

I just finshed the class. Planning on taking it over again.

Jayson 1y ago

Covenants have the potential to be extremely dangerous to Bitcoin censorship resistance and fungibility. It allows the enforcement of blacklists, whitelists and the ability to freeze funds and enforce KYC rules.

For instance, a regulated exchange could be required to reject a TX that doesn't have a required covenant attached. And it might attach a covenant the to all withdrawals. Wallets could be legally required to check for certain covenants

The risks outweigh the potential benefits

niftynei() 🇺🇸💸🧡 1y ago

it’s easy to spot this kind of behavior— if you’re providing the bitcoin address to send funds to you can have confidence that your funds are unencumbered

the usual argument is that you can do what you describe today merely by making all funds require a signature from another party (you can’t spend them w/o the other party’s explicit sign off). this idea is used extensively in lightning to ensure funds end up in agreed upon places

Jayson 1y ago

Yes it course we can know if we receive a coin that has a covenant impairment. And I also understand the potential benefits..That is not the concern.

The problem is that covenants will hurt fungibility by creating classes of coins that have or do not have covenants. This can be much easier to enforce than a multisig scheme. Ultimately exchanges, custodian's and merchants can be forced to only accept coin with approved covenants.. while the captured institutions will have he power to add approved conenants. I can foresee price fragmentation between coins with or without various convenient impairments. Ultimately you will have no choice but to use the approved coins for nearly transactions.

If Bitcoin loses it's special qualities as an uncensorable bearer asset, it i

Will be no different that USDC, JP Morgan coin, or a CBDC, and therefore no more valuable.

niftynei() 🇺🇸💸🧡 1y ago

Lightning channels exist and lightning payments are sometimes preferred by people, so this scenario you describe already exists even without a change to bitcoin

atyh 1y ago

i would conduct all small daily purchases in lighting if i could.

bitcoin for bills.

Jayson 1y ago

Lightning coins are easily withdrawn to be on-chain without any encumbrance to your coins afterward. I don't see how financial authorities/institutions can restrict that or use lightning to segregate/control coins. I don't see the enforcement mechanism.

Are you suggesting all on-chain transactions can be effectively stopped?. Maybe in the extreme case, but has serious property rights issues and hard to enforce worldwide. Adding a covenants erodes your property rights gradually, until you have only the illusion of control of your property. You effectively will need permission to use your coins, just as you do with a Visa card today.

The more programmability that is added to the L1 protocol, the larger the attack vector. The legacy system will use every tool it can to make Bitcoin submit to its control.

henq 1y ago

Totally agree. If one wants the functionalities covenants could offer, just implement it in a Layer 2, and play covenants game over there.

But leave our Btc blockchain alone!

the axiom 1y ago

great book, now try writing a note

henq 1y ago

Covenants are the path to CENSORSHIP HELL. Govs could declare txs are only allowed if certain approved addresses are pre-scripted.

Just say NO to covenants!

nostr:note1glktzhe22skqvm98h54ezd7evsgwhsws6uv0qfumk7c3elegwpvqdpcar5