Maybe we don’t need covenants on chain?
Write a script that encrypts a method for signing a transaction [1] that pays out to arbitrary addresses defined within the script or as an input at runtime.
At runtime you supply the preimage for a SHA256 that has a specified level of difficulty (like maybe 20 sequential blocks using some anchor block like the current chain tip or 6 blocks ago).
This way you get to leverage the proof of work from the chain without touching it directly. You could even use block hashes for a random number generator inside the script [2].
As long as the runtime script is blinded from the machine running it and it accepts a payout address you can have the script perform arbitrary computation and verifiably be rewarded with a UTXO.
Once the computation is ran you broadcast the output UTXO and claim the reward. First person to broadcast gets it. Then you could have a marketplace maybe even here in Nostr.
Curious nostr:npub12rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sf485vg what you think. Maybe something like this could be used to start a decentralized mint since you can perform arbitrary computation?
I know next to nothing about homomorphic encryption but in principle it should work.
Sources: