Covenant : a usually formal, solemn, and binding agreement. This word has become one of the most charged words in the Bitcoin space. They’re the best thing since sliced bread. They’re the most dangerous thing since the atom bomb. They aren’t really going to do anything to scale Bitcoin, but they’re neat. Everyone has a completely different attitude towards them. We have the pro-faction, the anti-faction, the ambivalent faction. To make matters worse, covenant is frankly a very vague term in its description of mature and concrete proposals to the protocol that would be classified as covenants. The degrees of difference between the functionality of different proposals that have been put forward is enormous. Some of them create entirely new design spaces for what it is possible to build on top of Bitcoin, while others strictly speaking don’t add any new functionality at all, they simply optimize things that are already currently possible with a large degree of complexity and overhead. Let’s create a new definition specific to Bitcoin.Covenant : any script that guarantees some, or all, of the outputs created by a transaction spending an input with a covenant script will have to fit certain specified criteria for the spending transaction to be consensus valid. So in less strict terms, if a Bitcoin script currently restricts who can spend a coin by demanding an authorization proof, i.e. a cryptographic signature, or when it can be spent, i.e. after a timelock expires or the spender can show the preimage to a hash, a covenant script restricts how it can be spent, i.e. to who, how much to which person, etc. A covenant script can even restrict a coin so that it must be spent to another covenant script. That last part is the core of what has made covenant such a contentious word. Many people have large reservations about adding a new way to “lock” bitcoins that can self-propagate and ensure future coins are restricted in a similar fashion. Many people have concerns about this being used to damage fungibility or institute censorship regimes. I feel it necessary to point out that both of these things can be accomplished right now, with no covenant script capability, simply by using multisig. Any authority can refuse to allow withdrawals to be processed from exchanges unless they are to a 2-of-2 multisig where that authority holds one key. From there they can simply refuse to sign transactions sending to addresses where they do not hold a required key, and establish whatever blacklist or whitelist scheme they desired opaquely and entirely off-chain. That said, it is still important for Bitcoin users to have a grasp and understanding of the difference of power and flexibility between all the different covenant proposals that currently exist. There are two core things that covenants seek to enable in order to apply restrictions to how coins are spent, introspection and forward data carrying. Introspection is the ability to inspect di
Bitcoin Covenants: What Are They and How Do They Work?
