By Bitcoin 雜誌 - 3 個月前 - 閱讀時間:5 分鐘
CTV 如何幫助擴大規模 Bitcoin
OP_CHECKTEMPLATEVERIFY has once again become a focal point in the conversation about improvements to scale Bitcoin. This time around there are many more alternative designs for covenants being proposed, and actual concrete designs that make use of CTV as scaling solutions (超時樹 和 方舟). The conversation has a much larger depth of concepts to take into consideration, both in terms of alternatives that could be adopted as well as concrete proposals that CTV could enable.
One narrative circulating from the camp of people against CTV is that “CTV doesn’t scale Bitcoin.” Let’s charitably interpret that to mean that CTV itself does not scale Bitcoin, things you can build with it do. Well, then that is not a coherent argument. Segregated Witness did not scale Bitcoin. CHECKLOCKTIMEVERIFY and CHECKSEQUENCEVERIFY did not scale Bitcoin. But the Lightning Network, which those three proposals enabled, do scale Bitcoin. They add a massive amount of overhead for transactional throughput to grow beyond the constraints of the blockchain 本身。
Lightning literally couldn’t exist without those base layer primitives. The problem with Lightning though, is it only scales the number of transactions that can be processed. It does not in any way help improve the scalability of ownership over UTXOs, or increase the number of users who can control one. Lightning is currently not capable of doing that with its current design and the current set of consensus primitives available in Bitcoin 腳本。
CTV 可以改變這一點。
UTXO 和虛擬 UTXO
Part of the problem of Lightning’s shortcoming regarding scalability of Bitcoin ownership is that in order to open a channel, or control a UTXO, you actually have to transact on the base layer. After that Lightning can facilitate a very large number of transactions off-chain, but a user must still transact on-chain to onboard themselves to Lightning. It massively increases the number of transactions Bitcoin can process, but it does nothing at all to increase the number of people who can own bitcoin.
This is another big problem CTV can help with. Burak coined the term “virtual UTXO” for his Ark proposal, but I think this terminology is a perfect general term useful far beyond the context of Ark. A virtual UTXO is one committed to being created in the future, through mechanisms like a pre-signed transaction, but that hasn’t actually been created on-chain yet. Bitcoin does not have the blockspace for everyone to create a single UTXO at the scale of the world population, but there is definitely potential for people to have their own independent virtual UTXO if the process of committing to those can be made scalable.
Scaling the creation of commitments to vUTXOs is the problem. Right now there is no way to create them except through the use of pre-signed transactions, and this introduces a bottleneck that must be addressed. The number of vUTXOs any real UTXO can commit to is bounded by the size of the multisig set signing these transactions. To trustlessly create vUTXOs, the owner of every vUTXO must be part of the multisig key that is signing the transactions that commit to creating them, otherwise they have no guarantee that conflicting transactions will not be generated that voids their ability to claim their vUTXO if necessary. The problem of coordinating the signing of this between every member of the set introduces practical considerations that will ultimately severely limit the size any pool of vUTXOs can grow to. The only other alternative is to have some trusted party or parties sign the transactions committing to everyone’s vUTXOs, and simply trusting them to not steal those funds from the rightful owners.
CTV 為這兩個問題提供了解決方案。透過能夠以與預簽名交易相同的方式非互動地提交一組未來交易,但不需要這些交易創建的 vUTXO 的每個所有者來協調簽名,它解決了協調問題。同時,由於沒有人需要互動,一個人可以承擔為 CTV 輸出提供資金的角色,該輸出致力於每個人的 vUTXO 在鏈上展開,並且在資金交易確認後,需要對該人進行零信任。一旦真正的 UTXO 在區塊中得到確認,為其提供資金的人就無法撤消或雙花其已承諾的未來交易。
Keep in mind that a vUTXO can be whatever you want it to be. It can be a Lightning channel, a multisig script for cold storage, etc. CTV does what the current form of Lightning does not, it scales actual ownership of Bitcoin, not just the number of transactions it can process.
走捷徑
One of the other criticisms of CTV as “not scaling Bitcoin” is that by committing to future transactions you do not escape the need to put them on-chain eventually, and so therefore CTV doesn’t actually help improve scalability. I like to call this “the OP_IF fallacy.” i.e. once people start talking about CTV they forget OP_IF exists, and that scripts can actually have multiple spending conditions to choose from.
Taproot 最強大的功能是能夠透過將兩個公鑰添加在一起並使用單一聚合簽名對其進行簽名來建立多重簽名,並且僅選擇性地顯示具有多種使用方式的腳本的單一「IF」分支。與 CTV 結合,這提供了一種非常強大的方式來利用 vUTXO 承諾。它們可以透過埋在主根樹內的 CTV 支出路徑來構建,而不是純粹使用 CTV 來建立交易鏈。交易鏈的末端是每個參與者擁有的所有單獨的 vUTXO,僅鎖定到該使用者的公鑰。當您向後走向樹的根部時,樹中任何節點下方的每組金鑰都可以簡單地添加在一起,並用作 CTV 支出路徑埋藏在其下的 Schnorr 多重簽名金鑰。
這意味著,在鏈上展開的交易鏈中的任何一點,實際上將vUTXO 轉變為真正的UTXO,您可以讓中間UTXO 中的每個參與者相互協調,每個人都可以簡單地合作簽署一項交易,將他們的代幣轉移到他們希望以一種更有效的方式,而不是簡單地讓預定義的交易流一路展開,將他們的 vUTXO 轉變為真實的交易。這使得小小組無需實際展開預先提交到鏈上的整套交易,而無需引入任何可信方來依賴或削弱每個用戶對其自己的 vUTXO 的聲明的安全性。
These two simple realities offer a massive gain in scalability for Bitcoin without compromising on individual sovereignty or security in doing so, and all we need in order to realize them is CTV.
致謝:我要感謝所有參加芝加哥 Bitdevs 的人,他們透過討論幫助我簡潔地闡述了這些觀察。
原始來源: Bitcoin 雜誌