OP_CHECKTEMPLATEVERIFY has once again become a focal point in the conversation about improvements aimed at scaling Bitcoin. This time around, many more alternative designs are proposed for covenants, as well as concrete designs that use CTV as scaling solutions (Timeout Trees and Scaling Trees) . Ark). The conversation has a much deeper set of concepts to consider, both in terms of alternatives that could be adopted and concrete proposals that CTV could enable.
A narrative circulating in the camp of those opposed to CTV is that “CTV doesn’t scale Bitcoin.” Let’s interpret this charitably to mean that CTV itself doesn’t scale Bitcoin, but the things you can build with it do. Well, that’s not a coherent argument. Segregated Witness has not scaled Bitcoin. CHECKLOCKTIMEVERIFY and CHECKSEQUENCEVERIFY did not scale Bitcoin. But the Lightning network, activated by these three proposals, is making Bitcoin evolve. They add a considerable amount of overhead for transactional throughput to increase beyond the constraints of the blockchain itself.
Lightning literally could not exist without these base layer primitives. The problem with Lightning is that it only increases the number of transactions that can be processed. This in no way helps improve the scalability of UTXO ownership, nor does it increase the number of users who can control one. Lightning is currently not capable of doing this with its current design and the current set of consensus primitives available in the Bitcoin script.
CTV can change that.
Virtual UTXO and UTXO
Part of Lightning’s problem with scalability of Bitcoin ownership is that to open a channel or control a UTXO, you actually have to transact on the base layer. After that, Lightning can facilitate a very large number of off-chain transactions, but a user still needs to transact on-chain to integrate with Lightning. This significantly increases the number of transactions Bitcoin can process, but it does nothing at all to increase the number of people who can own Bitcoin.
This is another major problem that CTV can help with. Burak coined the term “virtual UTXO” for his Ark proposal, but I think this terminology is a perfect general term useful well beyond the context of Ark. A virtual UTXO is one that is committed to being created in the future, through mechanisms like a pre-signed transaction, but has not yet been created on-chain. Bitcoin doesn’t have the block space for everyone to create a single UTXO on a global population scale, but there is certainly potential for people to have their own independent virtual UTXO if the process of engagement in these can be made scalable.
The problem is to increase the creation of commitments to vUTXOs. Currently, there is no way to create them other than using pre-signed transactions, which introduces a bottleneck that needs to be resolved. The number of vUTXOs that any real UTXO can engage in is limited by the size of the multisig pool signing those transactions. To confidently create vUTXOs, the owner of each vUTXO must be part of the multisig key that signs the transactions committing to creating them, otherwise there is no guarantee that conflicting transactions will not be generated, which would void his ability to claim his vUTXO if necessary. . The problem of coordinating the signing of this between each member of the set introduces practical considerations that will significantly limit the size to which any vUTXO pool can grow. The only other alternative is to have one or more trusted parties sign off on the transactions by pledging each other’s vUTXOs and simply trusting them not to steal those funds from the rightful owners.
CTV offers a solution to both problems. By being able to non-interactively commit to a set of future transactions in the same way as pre-signed transactions, but without requiring each owner of the vUTXOs created by those transactions to coordinate signing, this solves the coordination problem . At the same time, since no one needs to interact, a single person could take on the role of financing the CTV output who commits to everyone’s vUTXOs rolling out on the channel, and no trust in that no person once the financing transaction is confirmed is required. Once this true UTXO is confirmed in a block, the person who funded it no longer has the option to cancel or double future spending they have committed to.
Keep in mind that a vUTXO can be whatever you want. This could be a Lightning channel, a multisig script for cold storage, etc. CTV does what the current form of Lightning doesn’t: it scales the actual ownership of Bitcoin, not just the number of transactions it can process.
Cut shortcut
One of the other criticisms of CTV for “not scaling Bitcoin” is that by engaging in future transactions you are not escaping the need to put them on-chain eventually, and so CTV doesn’t actually help improve scalability. I like to call this the “OP_IF error”. That is, once people start talking about CTV, they forget that OP_IF exists and that scripts can actually have multiple spending conditions to choose from.
The most powerful elements of Taproot are the ability to construct multiple signatures by simply adding two public keys together and sign them with a single global signature, and to only selectively reveal a single “IF” branch of a script that has several ways to be spent. . Combined with CTV, this provides a very powerful way to use vUTXO engagements. Rather than creating a chain of transactions using only the CTV, they can be constructed with the CTV spending path buried in a taproot tree. The end of the transaction chain includes all of the individual vUTXOs that each participant owns, locked only to that user’s public key. As you move up to the root of the tree, each set of keys that are under any node in the tree can simply be summed and used as the Schnorr multisig key under which the CTV spend path is buried.
This means that at any point in the chain of transactions happening on-chain to actually turn vUTXOs into real UTXOs where you can get all participants in an intermediate UTXO to coordinate, everyone can just cooperatively sign a transaction moving their coins where they want to proceed in a more efficient way than just letting the predefined transaction flow run through to turn their vUTXOs into real ones. This allows small subgroups to avoid having to deploy the entire set of pre-committed transactions into the chain, without introducing trusted parties to rely on or weakening the security of each user’s claim to their own vUTXOs .
These two simple realities provide a massive scalability gain for Bitcoin without compromising individual sovereignty or security, and all we need to realize them is CTV.
Thanks: I would like to thank everyone participating in Chicago Bitdevs for helping me formulate these observations concisely through discussion.