Good morning Zac, > On Mon, 25 Apr 2022 at 07:36, ZmnSCPxj <zmnsc...@protonmail.com> wrote > > > CTV *can* benefit layer 2 users, which is why I switched from vaguely > > apathetic to CTV, to vaguely supportive of it. > > > Other proposals exist that also benefit L2 solutions. What makes you support > CTV specifically?
It is simple to implement, and a pure `OP_CTV` SCRIPT on a P2WSH / P2SH is only 32 bytes + change on the output and 32 bytes + change on the input/witness, compared to signature-based schemes which require at least 32 bytes + change on the output and 64 bytes + change on the witness ***IF*** they use the Taproot format (and since we currently gate the Taproot format behind actual Taproot usages, any special SCRIPT that uses Taproot-format signatures would need at least the 33-byte internal pubkey revelation; if we settle with the old signature format, then that is 73 bytes for the signature). To my knowledge as well, hashes (like `OP_CTV` uses) are CPU-cheaper (and memory-cheaper?) than even highly-optimized `libsecp256k1` signature validation, and (to my knowledge) you cannot use batch validation for SCRIPT-based signature checks. It definitely does not enable recursive covenants, which I think deserve more general research and thinking before we enable recursive covenants. Conceptually, I see `OP_CTV` as the "AND" to the "OR" of MAST. In both cases, you have a hash-based tree, but in `OP_CTV` you want *all* these pre-agreed cases, while in MAST you want *one* of these pre-agreed cases. Which is not to say that other proposals do not benefit L2 solutions *more* (`SIGHASH_ANYPREVOUT` when please?), but other proposals are signature-based and would be larger in this niche. Regards, ZmnSCPxj _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
