📅 Original date posted:2016-11-03
📝 Original message:On Wed, Nov 2, 2016 at 1:30 PM, Russell O'Connor via bitcoin-dev
<bitcoin-dev at lists.linuxfoundation.org> wrote:
> I'm interested in collecting and implementing other useful covenants, so if
> people have ideas, please post them.
I know of a good business case that could benefit from two nice
features.
As an example:
Two parties have initiated a transaction designed with
counterparty-minimization in mind. It uses MAST and has many
different payout distributions. Both parties enter expecting to
gain from the transaction, but both take on risk due to external
factors.
Because of the risks involved, there exist possible times when one
party may wish to renegotiate the exit distribution, and might
threaten to block any exit. Or, either party might get hit by the
proverbial bus. During such times, the other party's eventual exit
is protected by using a multisig which includes an oracle
determination. The oracle's trusted role is bound to this example's
unstated "external factors" in a very limited sense, and does not
include broader concerns, such as determining whether a party to the
transaction is of "sound mind and body".
The singular term "oracle" hides a set of entities participating in
m-of-n multisig, which we can name the "oracle-set".
Transaction terms include a CLTV lasting perhaps several years,
applied whenever the exit requires the oracle-set's signatures.
Both parties may mutually select and sign one of the payout
distributions, to exit early.
The example, as I've described it so far, doesn't need anything other
than MAST. It isn't a covenant, because it doesn't impose any forward
restrictions when satisfied; despite the contractual complications of
executing the oracle-set's signatures. As covenant features are
considered across updated instances of what is otherwise a singular
transaction, it's important that none carry into the final payout
distribution, and that this is easy to verify.
Features desired:
- One party would like to unilaterally sell their participation in
the transaction, to a previously unknown recipient, before the
CLTV becomes valid.
The other originating party's stored MAST should either continue
to function, or require minimal replacements that can be
deterministically applied using data visible on the blockchain.
It should not be necessary to ask permission from - or coordinate
online communication with - the other originating party.
(This can also be viewed as a key rotation problem for any
long-lasting multisig transaction.)
- Both parties would like to mutually revoke rouge oracle-entities
from the oracle-set, without exposing each other to any possible
renegotiation of other terms.
Note that these features affect each other, since if one party sells
their participation after any oracle-entities have been revoked, then
the revocations should not reset, but rather remain in effect, until a
proper payout executes the final agreement in the contract.
Of course, if there's a way to achieve these features with less risk
than evaluating covenant logic, I would very much like to hear how to
do so.
Ryan Grant [ARCHIVE] /
npub19a…6mwcl
2023-06-07 17:54:14
in reply to nevent1q…qvea
Author Public Key
npub19a2m7qm80t7mzhgqfgunswhm5c3q4fkqt89057ugy7u8jdxncf2q06mwclPublished at
2023-06-07 17:54:14Event JSON
{
"id": "6c48da7d9717668aa90eb223a76d327862442f7fb1f0ac34f3c61b69eef840fa",
"pubkey": "2f55bf03677afdb15d004a39383afba6220aa6c059cafa7b8827b87934d3c254",
"created_at": 1686160454,
"kind": 1,
"tags": [
[
"e",
"61f5e2d52a76b3becccbcade7f95e36346221f1a7928d7d866ff31e2f47d30b0",
"",
"root"
],
[
"e",
"4d0e8abc43822e4a8b8b9d500b5462cad43078253511238af2bee90e604b9f31",
"",
"reply"
],
[
"p",
"492fa402e838904bdc8eb2c8fafa1aa895df26438bfd998c71b01cb9db550ff7"
]
],
"content": "📅 Original date posted:2016-11-03\n📝 Original message:On Wed, Nov 2, 2016 at 1:30 PM, Russell O'Connor via bitcoin-dev\n\u003cbitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\u003e I'm interested in collecting and implementing other useful covenants, so if\n\u003e people have ideas, please post them.\n\nI know of a good business case that could benefit from two nice\nfeatures.\n\nAs an example:\n\n Two parties have initiated a transaction designed with\n counterparty-minimization in mind. It uses MAST and has many\n different payout distributions. Both parties enter expecting to\n gain from the transaction, but both take on risk due to external\n factors.\n\n Because of the risks involved, there exist possible times when one\n party may wish to renegotiate the exit distribution, and might\n threaten to block any exit. Or, either party might get hit by the\n proverbial bus. During such times, the other party's eventual exit\n is protected by using a multisig which includes an oracle\n determination. The oracle's trusted role is bound to this example's\n unstated \"external factors\" in a very limited sense, and does not\n include broader concerns, such as determining whether a party to the\n transaction is of \"sound mind and body\".\n\n The singular term \"oracle\" hides a set of entities participating in\n m-of-n multisig, which we can name the \"oracle-set\".\n\n Transaction terms include a CLTV lasting perhaps several years,\n applied whenever the exit requires the oracle-set's signatures.\n\n Both parties may mutually select and sign one of the payout\n distributions, to exit early.\n\nThe example, as I've described it so far, doesn't need anything other\nthan MAST. It isn't a covenant, because it doesn't impose any forward\nrestrictions when satisfied; despite the contractual complications of\nexecuting the oracle-set's signatures. As covenant features are\nconsidered across updated instances of what is otherwise a singular\ntransaction, it's important that none carry into the final payout\ndistribution, and that this is easy to verify.\n\nFeatures desired:\n\n - One party would like to unilaterally sell their participation in\n the transaction, to a previously unknown recipient, before the\n CLTV becomes valid.\n\n The other originating party's stored MAST should either continue\n to function, or require minimal replacements that can be\n deterministically applied using data visible on the blockchain.\n It should not be necessary to ask permission from - or coordinate\n online communication with - the other originating party.\n\n (This can also be viewed as a key rotation problem for any\n long-lasting multisig transaction.)\n\n - Both parties would like to mutually revoke rouge oracle-entities\n from the oracle-set, without exposing each other to any possible\n renegotiation of other terms.\n\nNote that these features affect each other, since if one party sells\ntheir participation after any oracle-entities have been revoked, then\nthe revocations should not reset, but rather remain in effect, until a\nproper payout executes the final agreement in the contract.\n\nOf course, if there's a way to achieve these features with less risk\nthan evaluating covenant logic, I would very much like to hear how to\ndo so.",
"sig": "991b1bf852ee596f8120226c92dc7845cc9a6cbd606e1e99fb64402c10c17870d4cb15a55b20685ed1de328ef98e2639b4fbb95e8e50ab55cf74161708ce8edd"
}