365 sats \ 1 reply \ @k00b 8 May \ on: "Size Limits are Now the Only Reason that Bitcoin doesn't have Covenants" bitcoin
When we say "size" we're talking about the opcode size limits?
Both opcode size limit (if you don't use taproot) and block size if you do use taproot.
Andrew Poelstra later clarifies
Aside from limits on transaction size, post-Taproot script can verify a trace of any program execution, as long as the individual elements it is operating on fit into 4-byte CScriptNums. You can therefore implement SHA2, ECDSA, etc., and reconstruct the pattern of SIZE elements by feeding in transaction data. Which of course can then be arbitrarily constrained.
Probably actually doing this would take more than 4 megs of script and you would need to use some sort of BitVM tricks and the whole thing might not work. But this was my point in saying that "only the script limits are stopping us from having covenants".
And pre-Taproot we have only 201 opcodes so of course this is all totally out of the question :) but plausibly we could make a copy of the Lamport signature in a Taproot output and then use non-equivocation slashing conditions to somehow make things work.
You can read the whole thread here: https://groups.google.com/g/bitcoindev/c/mR53go5gHIk/m/csQn7IdEAgAJ?pli=1
reply