bitcoin-dev
Congestion Control via OP_CHECKOUTPUTSHASHVERIFY proposal
Posted on: May 24, 2019 20:36 UTC
Jeremy Rubin, a Bitcoin developer, has proposed a new opcode called OP_CHECKOUTPUTSHASHVERIFY (OP_COSHV) in a BIP draft.
The opcode is designed to enable an easy-to-use trustless congestion control technique via a rudimentary, limited form of covenant which does not bear the same technical and social risks of prior covenant designs. Congestion control allows Bitcoin users to confirm payments to many users in a single transaction without creating the UTXO on-chain until a later time. The BIP covers this use case in detail, and a few other use cases lightly. The proposal suggests deploying the change simultaneously with Taproot as an OPSUCCESS, but it could be deployed separately if needed. The developer has responded to Johnson Lau's review of the proposal. While Lau acknowledges that OP_COSHV is a subset of ANYPREVOUT and suggests that both are not necessary, Rubin argues that the point of OP_COSHV is that ANYPREVOUT is much more controversial. Rubin explains that OP_COSHV is proposed specifically as a congestion control mechanism, and so keeping it very easy to verify and minimal data suggest this approach is preferable. Lau has suggested three comments on the proposal. Firstly, he suggests relaxing the "one input" rule to a "first input" rule, which would allow adding more inputs as fees, as an alternative to CPFP. Secondly, he suggests that there is no reason to require minimal push. Finally, he suggests that the argument for requiring a prevout binding signature may also be applicable to OP_COSHV. Rubin disagrees with the suggestion to require a signature, stating that it makes OP_COSHV less useful and prevents using it for non-interactive setups where the txids are unstable. Instead, he suggests always tweaking leaf nodes of the tx tree entropy so that it's unique per key and doesn't impose extra data at every node, only the leafs of the expansion tree.