You can basically do covenants by creating pre-signed transactions and throwing the private key away. To my knowledge no wallet has any UI for it and no service advertises that they do anything like this.
Which raises the question, if covenants are so useful, why don't people do what I've described?
So on bluewallet i can sign a transaction and broadcast it at a later date. Am talking about something different than what you are saying here
This is a fundamental misunderstanding of covenants
So is the idea, that you can broadcast the pre-signed transaction, if need be?
Can you ever truly verify that keys were burnt?
This does not work. For one, there is no way for others in the transaction to prove that they key is destroyed.
You can kind of do this with Liana. You can throw away the private key for the initial primary spending path, and then have a CSV timelock alternate path that becomes active after a set period of time. But to your point it’s not in the UI and requires some legwork.
Same reason ain't nobody gonna grind out hash collisions to enable covenant functionality.
It's a pain in the fucking ass.
Doesn't seem more painful than having an OP code or new SIGHASH. If anything, there's a lot more logic that you have to wrap your head around with those than something much more straightforward, like having signed transactions ready to go.
Securely generating and destroying keys on a regular basis is a massive pain.
These types of protocols are more conducive to hot wallets / hsm backed infrastructure. It's really not conducive to using in conjunction with cold storage.
Have you seen the people who actually manage HSMs in the real world?
blockstream green has been doing that for many years
Rewind wallet is a new bitcoin wallet app that does just this, also does it with a clean UX, TestFlight only right now, https://rewindbitcoin.com/
FWIW, DLCs for multivariate contract types (e.g., price on 2025-01-01 will be {1, 2, ..., 100_000, ..., 999_999, 1_000_000}) work by presigning large numbers of transaction variants, only one of which will become a valid transaction when the oracle commits to the actual value.
To me, this seems very similar to the functionality for presigned transaction trees for currently deployable small group covenants (e.g. presigned vaults for individual users).
The comparison is less apt for large group covenants where one of the advantages to consensus changes is removal of the coordination problem where getting hundreds or thousands of people to all cosign the same transaction tree is prone to repeated accidental or deliberate failure. E.g., look at the high failure rate of large coinjoin attempts, and those top out at 1,000 users and one cosigned transaction.
I actually do know of a service that does exactly that. firefish.io One of the keys is in RAM only and thrown away.
