Gmax earlier today was telling me about this proposal for jeremy rubin on something that has been a "hot" (or at least lukewarm!) topic in bitcoin research for years, namely a scripting change for what's colloquially referred to as just "covenants": the ability to restrict the outputs to which a utxo can be spent.

It seems like a very good write up. Generally, if we had such an opcode it would open up vastly more interesting constructions than are currently possible.

· · Web · 2 · 1 · 1

I haven't read this yet, so forgive me if this is a misinformed question, but in what situation would this be preferable to just having some sort of locally-enforced signing algo? Keep the keys controlled by some code that says 'I will only sign txs paying to these addresses', and you accomplish the same thing, no?

Actually, I thought of something after replying: the covenant construction could be used for security. If an attacker compromises your wallet, they would only be able to spend the outputs to some other wallet you control. A layered approach to releasing funds.

Seems complicated though, I really should just read this first :p


Yes, this is perhaps *the* canonical use-case people have in mind for covenants: it's often called in the "literature" (a few papers and blogposts scattered here and there), "vaults".

The basic thing to keep in mind is that in Bitcoin today you cannot place conditions on the *destination* of a coin you pay; you can only restrict the conditions under which it's spent, not where it's spent to. Covenants opens that possibility, but it's a thorny issue as discussed in thread.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!