Price:

BITCOIN

Adi Man's vault prototype shows Bitcoin's covenant power with CTV alone

Thursday, June 11, 2026 · from 1 podcast
Bitcoin Optech
  • A developer built a functional Bitcoin vault with deposit, withdrawal, and clawback using only the existing CTV covenant proposal.
  • The proof-of-concept shows complex security is possible without new opcodes, but at the cost of massive state computation.
  • Other developers propose paths for quantum-resistant node traffic and standardizing QR codes for complex multisig setups.

Bitcoin's covenant debate often fixates on what the protocol lacks. Developer Adi Man flipped the script with MCCV, a proof-of-concept vault built using only CheckTemplateVerify (CTV).

His design treats unspent transaction outputs as states in a machine. Since CTV cannot natively create cycles, the implementation unrolls the logic into a massive tree of millions of pre-computed states. This enables about a thousand operations, including reactive security measures like clawing back funds if a hot key is compromised.

"Covenant debates usually focus on what Bitcoin lacks. Adi Man built a proof of concept called MCCV to see how far basic CheckTemplateVerify (CTV) can go."

- Bitcoin Optech

The complexity is significant, a point noted by developer Murch. Adi Man views it as a baseline, suggesting a more expressive opcode like CheckSigFromStack would allow for actual cycles and a smaller state machine.

Separately, developers are mapping a post-quantum future. One proposal secures node-to-node traffic by combining current encryption with modular lattice-based math, avoiding a consensus change. For the Lightning Network, the challenge is more fragmented. A single quantum-resistant solution doesn't exist, requiring separate keys for transport, gossip, and on-chain scripts.

A routing node with 1,000 channels updating every 10 minutes would exhaust a leading post-quantum signature scheme's lifetime limit in about four months. The consensus is to run classical and post-quantum systems in parallel for a long transition.

Finally, work continues on usability for advanced setups. A new proposal from Pyth seeks to standardize the payload for air-gapped signing of complex Miniscript policies via QR codes, solving a critical pain point for multisig users.

#Protocol#Adoption#Payments
Miniscript

Source Intelligence

- Deep dive into what was said in the episodes

Bitcoin Optech
Bitcoin Optech

Bitcoin Optech: Newsletter #408 RecapJun 10

  • Murch argues PQ upgrades for peer-to-peer traffic like BIP324 are easier than on-chain consensus changes, as they are not space-constrained and allow new protocol versions, though man-in-the-middle attacks remain a simpler threat than decrypting.
  • Roastbeef outlines a post-quantum Lightning design requiring multiple cryptographic primitives - MLKEM for transport, MLDSA for off-chain signatures, SLHDSA for on-chain scripts - since no single PQ solution replaces ECC's multifunctional node key.
  • A routing node with 1,000 channels updating every 10 minutes would exhaust SLHDSA-128-24's 16 million signature limit in about four months, highlighting a key reuse constraint for post-quantum Lightning.
  • Jeremy Rubin argues BIP54's ban on 64-byte stripped transactions blocks future use cases like time-locked miner donations, pay-to-anchor outputs, transaction sponsorship, and post-quantum key reuse schemes.
  • AJ counters that proposed 64-byte use cases can be padded with an OP_NOP to become 65 bytes, avoiding the ban, and many are economically equivalent to anyone-can-spend outputs.
Also from this episode: (10)

Coding (1)

  • Pais proposes a standard for QR-based signing payloads to improve air-gapped workflows for Miniscript wallets, addressing issues like multi-wallet support on a single device and descriptor selection during PSBT signing.

Protocol (8)

  • Adi Man's MCCV proof-of-concept uses only CTV or Template Hash to build a reactive vault, where pre-computed transaction trees let users claw back funds if hot keys are compromised, trading script complexity for security.
  • The MCCV design requires duplicating the vault's state machine to avoid cycles in CTV, making computation intensive; a vault supporting a million operations can take tens of minutes to pre-compute.
  • Adi Man suggests CheckSigFromStack could enable cyclical state machines in vaults without massive pre-computation, reducing states from millions to hundreds, but introduces concerns about deleted keys and key reuse.
  • Roastbeef proposes upgrading BIP324's encrypted transport with post-quantum MLKEM, debating hybrid versus pure PQ key exchange and methods to maintain traffic indistinguishability from random bytes.
  • A Bitcoin Core fix prevents session ID collisions when running 'walletprocesspsbt' twice for Musig2 nonce generation, now incorporating the public nonce hash into the session ID to allow retries without failure.
  • Bitcoin Core now allows migration of pre-2011 legacy wallets that lack a best block locator record, requiring a full chain rescan to find relevant transactions.
  • LND removes support for creating Tor v2 onion services, which have been obsolete since October 2021, though it retains ability to verify and rebroadcast old peer announcements containing such addresses.
  • A RustBitcoin fix enforces that a block's coinbase input must contain the 32-byte witness reserved value if the coinbase output includes a witness commitment, even if the block has no SegWit transactions.

Lightning (1)

  • Core Lightning v26.06 deprecates the Pay plugin in favor of XPay, which uses the AskRené plugin and minimum cost flow algorithms for improved multipath payment routing, and adds a payer proof implementation for Bolt 12 offers.
#Protocol#Lightning#Custody

Related Stories