By Bitcoin 杂志 - 3 个月前 - 阅读时间:5 分钟
CTV 如何帮助扩大规模 Bitcoin
OP_CHECKTEMPLATEVERIFY has once again become a focal point in the conversation about improvements to scale Bitcoin. This time around there are many more alternative designs for covenants being proposed, and actual concrete designs that make use of CTV as scaling solutions (超时树 和 方舟)。对话需要考虑更深入的概念,包括可以采用的替代方案以及 CTV 可以实现的具体建议。
One narrative circulating from the camp of people against CTV is that “CTV doesn’t scale Bitcoin.” Let’s charitably interpret that to mean that CTV itself does not scale Bitcoin, things you can build with it do. Well, then that is not a coherent argument. Segregated Witness did not scale Bitcoin. CHECKLOCKTIMEVERIFY and CHECKSEQUENCEVERIFY did not scale Bitcoin. But the Lightning Network, which those three proposals enabled, do scale Bitcoin. They add a massive amount of overhead for transactional throughput to grow beyond the constraints of the blockchain 本身。
Lightning literally couldn’t exist without those base layer primitives. The problem with Lightning though, is it only scales the number of transactions that can be processed. It does not in any way help improve the scalability of ownership over UTXOs, or increase the number of users who can control one. Lightning is currently not capable of doing that with its current design and the current set of consensus primitives available in Bitcoin 脚本。
CTV 可以改变这一点。
UTXO 和虚拟 UTXO
Part of the problem of Lightning’s shortcoming regarding scalability of Bitcoin ownership is that in order to open a channel, or control a UTXO, you actually have to transact on the base layer. After that Lightning can facilitate a very large number of transactions off-chain, but a user must still transact on-chain to onboard themselves to Lightning. It massively increases the number of transactions Bitcoin can process, but it does nothing at all to increase the number of people who can own bitcoin.
This is another big problem CTV can help with. Burak coined the term “virtual UTXO” for his Ark proposal, but I think this terminology is a perfect general term useful far beyond the context of Ark. A virtual UTXO is one committed to being created in the future, through mechanisms like a pre-signed transaction, but that hasn’t actually been created on-chain yet. Bitcoin does not have the blockspace for everyone to create a single UTXO at the scale of the world population, but there is definitely potential for people to have their own independent virtual UTXO if the process of committing to those can be made scalable.
Scaling the creation of commitments to vUTXOs is the problem. Right now there is no way to create them except through the use of pre-signed transactions, and this introduces a bottleneck that must be addressed. The number of vUTXOs any real UTXO can commit to is bounded by the size of the multisig set signing these transactions. To trustlessly create vUTXOs, the owner of every vUTXO must be part of the multisig key that is signing the transactions that commit to creating them, otherwise they have no guarantee that conflicting transactions will not be generated that voids their ability to claim their vUTXO if necessary. The problem of coordinating the signing of this between every member of the set introduces practical considerations that will ultimately severely limit the size any pool of vUTXOs can grow to. The only other alternative is to have some trusted party or parties sign the transactions committing to everyone’s vUTXOs, and simply trusting them to not steal those funds from the rightful owners.
CTV 为这两个问题提供了解决方案。通过能够以与预签名交易相同的方式非交互地提交一组未来交易,但不需要这些交易创建的 vUTXO 的每个所有者来协调签名,它解决了协调问题。同时,由于没有人需要互动,一个人可以承担为 CTV 输出提供资金的角色,该输出致力于每个人的 vUTXO 在链上展开,并且在资金交易确认后,需要对该人进行零信任。一旦真正的 UTXO 在区块中得到确认,为其提供资金的人就无法撤消或双花其已承诺的未来交易。
Keep in mind that a vUTXO can be whatever you want it to be. It can be a Lightning channel, a multisig script for cold storage, etc. CTV does what the current form of Lightning does not, it scales actual ownership of Bitcoin, not just the number of transactions it can process.
走捷径
One of the other criticisms of CTV as “not scaling Bitcoin” is that by committing to future transactions you do not escape the need to put them on-chain eventually, and so therefore CTV doesn’t actually help improve scalability. I like to call this “the OP_IF fallacy.” i.e. once people start talking about CTV they forget OP_IF exists, and that scripts can actually have multiple spending conditions to choose from.
Taproot 最强大的功能是能够通过将两个公钥添加在一起并使用单个聚合签名对其进行签名来构建多重签名,并且仅选择性地显示具有多种使用方式的脚本的单个“IF”分支。与 CTV 相结合,这提供了一种非常强大的方式来利用 vUTXO 承诺。它们可以通过埋在主根树内的 CTV 支出路径来构建,而不是纯粹使用 CTV 来构建交易链。交易链的末端是每个参与者拥有的所有单独的 vUTXO,仅锁定到该用户的公钥。当您向后走向树的根部时,树中任何节点下方的每组密钥都可以简单地添加在一起,并用作 CTV 支出路径埋藏在其下的 Schnorr 多重签名密钥。
这意味着,在链上展开的交易链中的任何一点,实际上将 vUTXO 转变为真正的 UTXO,您可以让中间 UTXO 中的每个参与者相互协调,每个人都可以简单地合作签署一项交易,将他们的代币转移到他们希望以一种更有效的方式,而不是简单地让预定义的交易流一路展开,将他们的 vUTXO 转变为真实的交易。这使得小小组无需实际展开预先提交到链上的整套交易,而无需引入任何可信方来依赖或削弱每个用户对其自己的 vUTXO 的声明的安全性。
These two simple realities offer a massive gain in scalability for Bitcoin without compromising on individual sovereignty or security in doing so, and all we need in order to realize them is CTV.
致谢:我要感谢所有参加芝加哥 Bitdevs 的人,他们通过讨论帮助我简洁地阐述了这些观察结果。
原始来源: Bitcoin 杂志