Du kannst diesen Artikel auch auf Deutsch lesen.
Bitcoin might not be known for its ability to run smart contracts and arbitrary scripts, but as we have described in previous blog articles, it allows complex spending conditions to be part of a Bitcoin transaction.
Spending conditions
Every Bitcoin address contains a set of spending conditions. The most simple of which is “does the sender of this transaction own the private key to this address”. There are other spending conditions, such as a time lock, that only allows spending when a certain amount of time has passed - or multisig, which requires access to multiple private keys to spend a transaction.
While spending conditions in today's Bitcoin can already be quite powerful, they all do essentially the same thing: If the spending condition is met, the bitcoin can be spent in any way the sender chooses.
Covenants
A covenant is a spending condition that introduces new options for the way a Bitcoin transaction can be spent. As a simple example, a Bitcoin address could contain a covenant that will only allow sending that bitcoin to another, predetermined address. It can also limit which UTXOs can be spent from this bitcoin address.
Let’s take a closer look at two proposals that aim to enable this functionality:
Check Template Verify (CTV)
CTV is a proposal to introduce covenants into Bitcoin script. It enables spending conditions that check if the transaction data matches the one set in the covenant. It does that by hashing some of the transaction data and comparing it with pre-determined hash values in the covenant.
Because this transaction hash is only calculated by using the inputs, outputs, version and locktime, these can be precalculated. With a CTV covenant, a Bitcoin address commits to only sending those pre-calculated transactions in the future.
That means that before you receive transactions on this Bitcoin address, you need to know exactly how you are going to spend them. This commitment can have benefits, when securing your bitcoin, some of which we will explain in a later section.
CheckTXHashVerify
Another proposal to enable covenants in Bitcoin is “CheckTXHashVerify”, which works in a very similar way to CTV. It also commits to certain transaction data as a spending condition.
In contrast to CTV, CheckTXHashVerify does not commit to an entire set of transaction data. Instead, it can commit to only certain transaction data. This can for example be the number of inputs, receiver (outputs) or lock time. You can find an exhaustive list of conditions here.
Recursive covenants
A recursive covenant is a type of spending condition that requires the next receiving address to also include that very spending condition. A real life example for this would be US house owner associations, which require the owner of a house to only sell their house to someone that will keep the house in that house owner association, which in turn is bound to the same condition.
Members in the Bitcoin community have warned about recursive covenants, as they fear they could enable invasive practices for AML and KYC rules, such as a recursive covenant that whitelists only certain bitcoin addresses associated with KYC information.
There are other proposals for covenants that go far beyond what the above two implementations are achieving. Some of them enable recursive covenants. CTV does not enable recursive covenants as it requires all future transaction data (included in the covenant) to be known at the time of bitcoin address creation. CheckTXHashVerify might enable recursive covenants.
Use cases
There are many ways that covenants could be used in Bitcoin. Let’s take a look at three of them:
Vaults
One way to make self custody potentially more secure and more practical are vaults. A vault is a cold storage bitcoin address that can only send to a predetermined bitcoin address. This predetermined bitcoin address has a time lock attached to it, which means that it can only spend after a certain amount of time has gone by. Besides the time lock, the predetermined bitcoin address also has a covenant that allows the address to send back to the cold storage address without waiting for the time lock.
By using this design, it’s possible to build a wallet solution that can “cancel” malicious transactions within a predefined time lock. If that time lock on the interim address is for example 7 days, the user has one week to effectively “cancel” an outgoing transaction that he did not intend to send.
Congestion control
Another interesting feature that could be enabled by covenants is congestion control. With congestion control, a Bitcoin user can send an intermediate transaction with a higher fee that locks in a future transaction.
For example, this could mean that in times of high fees, where a bitcoin exchange would usually need to send a big transaction with a lot of expensive outputs, it can instead send a transaction with only one output that commits to sending the funds to many outputs once fees are lower.
Channel factories
Covenants could also enable a new way to scale the Lightning network. Channel factories are lightning channels that are shared between more than 2 parties. They allow participants of a channel factory to open channels between each other without the need to send additional on-chain transactions.
In a 3 party channel factory, each participant can send one on-chain transaction and receive 2 lightning channels. In a 4 party channel factory, this grows to 3 lightning channels per participant, and so on. Channel factories achieve a reduction in on-chain footprint by enabling more Lightning channels per on-chain transaction.
Conclusion
Covenants promise to change the way we think of bitcoin spending conditions. While there are currently no definite plans to activate covenants on Bitcoin, it’s an extension that could enable many interesting features.
Don’t own a BitBox yet?
Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.
The BitBox02 also comes in Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.
Frequently Asked Questions (FAQ)
What are Bitcoin covenants?
Bitcoin covenants are spending conditions that introduce new options for Bitcoin transaction management, allowing for more secure and specific control over the spending of bitcoin.
What is Check Template Verify (CTV)?
CTV is a proposal that allows Bitcoin addresses to commit to sending pre-calculated transactions by checking if transaction data matches predetermined hash values.
How does CheckTXHashVerify differ from CTV?
CheckTXHashVerify commits to certain transaction data as a spending condition, unlike CTV, allowing for more flexible control over transactions.
What are recursive covenants?
Recursive covenants require that any future transactions from an address include the same spending condition, potentially restricting transactions to a predefined set of addresses.
How can covenants be used for vaults?
Vaults use covenants to create secure storage that can only send bitcoin to predetermined addresses, enhancing security.
What is congestion control in Bitcoin?
Congestion control uses covenants to manage network congestion by committing to future transactions with potentially lower fees.
How do channel factories work with covenants?
Channel factories use covenants to scale the Lightning network by enabling multiple channels per on-chain transaction.
Shift Crypto is a privately-held company based in Zurich, Switzerland. Our team of Bitcoin contributors, crypto experts, and security engineers builds products that enable customers to enjoy a stress-free journey from novice to mastery level of cryptocurrency management. The BitBox02, our second generation hardware wallet, lets users store, protect, and transact Bitcoin and other cryptocurrencies with ease - along with its software companion, the BitBoxApp.