Oddbean new post about | logout
 Who wants to help with a Core fork CTV client with a 2 year activation flag day? With a 90% support for early lock in.

There’s just no other proposal that has the length of testing, use, and extremely clear limits as CTV. It’s 100th the change that taproot and Segwit were and it just feels silly that we’re just sitting around waiting. At least starting something so people will discuss it seems like the way forward, imo. #Bitcoin 
 Bro if I had any idea what you just said, I'm certainl I'd be all in 🙃 
 Haha, CTV is the simplest yet capable covenant OP_CODE (simple version: a new script for using Bitcoin) that has been developed and tested for many years now. Was wrapped into a ton of controversy and FUD about 2-3 years ago when Rubin tried to make a client, but slowly we realized it was all nonsense. Then it all died down and we’ve still been talking about what seems like a dozen covenant proposals, when CTV is just sitting there ready to go it seems.

Nobody wants to pull the trigger, but there are just so many benefits if we could get CTV, we should just do it. 
 Bitcoin is feature complete.  Your new shitcoin opcodes are nothing more than an attack on the protocol.  Fuck off with your shitcoins 
 Tell me you know nothing about CTV without telling me 
 Oh son, I was studying PR's before you were in diapers. 
 He's just shitcoining... wants to fork core and add in nEw FeaTurEs 
 can't have op_cat sorry 😺 
 CTV isn’t op_cat 
 LNHANCE, not just CTV 
 I don’t know enough about LNHANCE, and there’s no reason to do a bunch at once. After CTV it could make sense to talk about the next one. We can have concurrent soft forks for simple opcodes. 

I won’t get behind something I don’t understand fully. There’s many things that could change if you started a CTV activation client. Thats how you get the ball rolling, imo 
 It is a combination of OP_CHECKTEMPLATEVERIFY, OP_CHECKSIGFROMSTACK(VERIFY), OP_INTERNALKEY which enables covenants, LN-symmetry (eltoo) & PTLCS.

It's safe. Maybe get reardencode on for a chat to explain it? 
 Would love to chat with reardoncode 
 I'm sure he would make time for you. Reach out on X 
 hi. hmu on the X hellbird site ;) 
 I guess I’m having a semantic problem with the word covenants then, because I understood what CTV does as basically a direct covenant. It simply locks the coins to a hash of the next output or TX details. So you can essentially “own” coins without directly needing an on chain footprint unless something goes wrong or you want to have a single UTXO for some particular reason.

I thought that “lock” was basically considered a covenant. 
 Yes, but it's a very neutered covenant (on purpose so it is not offensive but also not potent enough) and doesn't help with scaling or privacy or vaults, as far as I understand. 

Lightning devs need more. Other layer devs also need more (ARC, dark pools and other UTXO sharing protocols where the coordinator is much more trust minimized.

CTV is very cool and can be upgraded in future, but we do need more if we are going to be able to scale without custodians. 

I'm a bit out of the loop with this and you should talk to Brandon as he understands this all deeply and has a gift for explaining it in simple terms.
 
 CTV absolutely helps with scaling, privacy, and vaults in its simplest form. Multiple L2 designs and ideas can benefit from it. Obviously all of those things can be improved further with other op codes, but that’s exactly why I think we should implement and use CTV, that way we have a more direct idea of where it doesn’t meet everything we want. But CTV alone could make a symmetrical and much better LN design, it could alone create transaction pools, it could create a new type of “multisig” ownership that doesn’t actually expose the underlying parties, and that can be updated both cooperatively and exited unilaterally (kinda like channels but with many, rather than just 2, participants).

Ark also would get the lightest single benefit by just having CTV. Again, it wouldn’t be the end all solution to everything? That’s not the point, it’s just the next step toward where we need to go. 

I think if we are constantly acting like we need to upgrade “everything we ever need” with the next soft fork, then the next one isn’t ever going to happen, because consensus on “everything we need” seems next to impossible. But a critical building block, that is safe, useful, and long tested feels like the best way to get a little bit closer to where we want to be. 
 In other words, i think trying to do everything is the impossible path when it comes to consensus, and also the wrong path when it comes to being conservative about the effects on Bitcoin. This isn’t a race, it’s a global foundation, I think one piece at a time, even if it takes 3x as long, is perfectly fine. We just need to get things moving, slow and steady 
 Well, I hope you can discuss with Brandon as he can make a better case than me. Plus it would be a good show. 
 Yeah and based on the utter mess that segwit and taproot were, I'm in no hurry for more changes.

Bitcoin is, in my opinion, feature complete.

You're welcome to do all the shitcoining you want.  See you back here in a few years when you've studied more.  No shame though, takes many of us a lot of years to realize why it's Bitcoin only
 
 You're telling the guy who has read more about bitcoin than anyone else you know, to go study more? Now I'm intrigued as to what kind of uber level bitcoin of scholarship level you must have reached to be calling out Guy as effectively being a noob.  
 He's a shitcoiner endorsing an attack on the protocol, that's really all you need to know. 
 That guy has no clue what he’s talking about. I muted him. He wouldn’t know the difference between multisig and an NFT if it slapped him. Thinking CTV has anything to do with shitcoins is so fucking stupid I suspect he might just be a troll account who doesn’t even like bitcoin or know anything about it. 
 The point is this podcaster wants to turn bitcoin into a shitcoin by adding new opcodes.  Taproot was a disaster and lead to massive spam.  Segwit, not much better.

I'm a professional software engineer with 30 years of experience and I've been studying the protocol on a technical level since before this guy knew what Bitcoin was.

His videos get 100 views, and this guy is your hero?

Covenants are an attack on bitcoin, they will only allow further exploitation of the protocol 
 Are you sure you're not exaggerating here? Have you really been studying the bitcoin protocol on a technical level since before 2011?  
 🤣🤣🤣 he’s a troll man, you’re wasting your time 
 I only troll people who want to fork in new opcodes. 
 I never said I have been studying Bitcoin since 2011.  I think you might have misread something I said. 
 “I've been studying the protocol on a technical level since before this guy knew what Bitcoin was.”


#CommunityNotes 
 It's hyperbole.  I have no idea who this guy is.  His videos get 100 views and he's asking people to fork core, so he's a shitcoiner best I can tell.

If he's been studying bitcoin longer than me, then that's really sad.

Bitcoin should be feature complete. 
 Maybe it would be more productive to focus on the topic and the issues than the people. For example, Why do you think bitcoin is feature complete? I personally think it is inherently lacking in privacy at present. But perhaps the features bitcoin’s protocol already has are sufficient to enable full privacy on chain with appropriate workarounds? Or is privacy on chain not a desirable feature? I think it depends on what the use case is as to whether it is feature complete. I have no idea about what ctv offers, just putting out one example of where I wish bitcoin was slightly better.  
 You cannot have privacy in an open ledger, that's a completely different protocol.  See Monero if that's what you want.

The problem with making it "better" is that the risk is a couple orders of magnitude more dangerous than any incremental improvement you might make.

The single biggest threat to bitcoin is that they will soft-fork in some new opcodes that bring with them unintended consequences.  Think taproot, but worse.

That's all it will take is one opcode that someone figures out a way to exploit. 
 I agree, that holding a secret supply exploit in Monero is as powerful as the FED, controlling money supply.

Still USD is the preferred medium of exchange. Bitcoin is a hedge against both USD and Monero inflation and as such it has tremendous value. But both USD (fungible bydecree) and Monero are better monies (fungible through code). 
 Money:
1. store of value
2. medium of exchange
3. unit of account

There is no good money on Earth right now.  I use bitcoin for #1 and eventually the others will follow. 
 Most people on this planet use the USD as store of value.

I agree, that Bitcoin is the best store of value currently. Use it as such.

Monero is the better money. Use it as such.

 
 Monero is terrible as money far worse than bitcoin.  It's a worse store of value, it's accepted less places so it's a worse medium of exchange, and it's just as bad as bitcoin as a unity of account due to it's wild fluctuations in purchasing power.

Monero is good at one things, making secret payments when you are trying to hide your financial transactions 
 I like how Monero tries to keep mining on an equal footing. 
 You might ask why can't we just add ring signatures, stealth addresses, and confidential transactions to bitcoin... lots of reasons, but let's start with the fact that it makes the thing unauditable.

Tell me exactly how much monero exists... can you?  Spin up your node and audit it.  That's right, you can't.  

There could be an inflation exploit and it's possible no one even knows about it.

Satoshi spoke on this subject.  His opinion was that adding all this fancy shit was too risky.  I agree with him.  That's why we can't have privacy.  

Privacy is one of those things, it's either baked into the protocol from day 1, or you will never get it.

Ultimately in the case of bitcoin, it was a tradeoff.  No full privacy but full verifiability. 
 Monero is audit able. There are only two operations in Monero. Mining and transfers. The block reward is know, especially due to tail emission. For transfers you just need to know that the amount in is equal to the amount out and this can be confirmed through perdersen commitments.  
 Relying on Pedersen Commitments and Range Proofs to audit your network is not a real audit.  Any cryptographic flaw or exploit in them could and probably would go unnoticed.  That's the point.  You can't just add up all the coins.  Instead you have to use cryptographic proofs to even know how much monero there is. 
 In that case passively running a node is not a real audit either. Did go through a billion+ transactions and make sure every input/output canceled out? Or are you just trusting your node software to do it correctly for you? If so, what is the difference in practice? 
 In Bitcoin, every node independently verifies every transaction against a fully transparent ledger. The amounts, addresses, and transaction history are all visible and can be checked manually if desired. You don’t just trust the software; you can verify the entire ledger yourself.

In Monero, you can't manually verify individual amounts or trace transactions due to the privacy features like Pedersen commitments and range proofs. You have to trust that these cryptographic methods are flawless and implemented correctly.

So, the key difference in practice is that Bitcoin’s auditability is direct and transparent, while Monero’s is indirect and relies heavily on cryptographic assurances.

Hopefully this quite important difference is clear now. 
 You *can* verify the entire ledger yourself, but *do* you? 

Your argument is akin to saying "I'm not fat because I *can* lift weights (but don't)"

Being able to do something, but never doing it, is functionally indistinguishable. Otherwise you're just trusting others.

The few that do actually audit are able to truly say that, but passive Bitcoin node runners have no/much weaker arguments against Monero. Most Bitcoiners don't even run a node let alone manually verify. 
 Your analogy of lifting weights to auditing the Bitcoin ledger misses a critical distinction: the default state of a Bitcoin node.

When running a Bitcoin node, the software inherently audits the entire ledger, validating every block, every transaction, every input and output. This process is automated but fully transparent and open to verification at any point. Even if node operators don't manually check each transaction, the protocol ensures that every node is in agreement, validating the integrity of the entire blockchain continuously.

Contrast this with Monero: While it’s true that Monero’s cryptographic methods verify transactions under the hood, the privacy mechanisms mean you cannot independently verify the actual amounts or track the flow of funds. If there were a flaw in the cryptographic assumptions or an undetected bug, inflation could happen unnoticed. The auditability here is limited to what cryptography allows, not to the same degree of direct transparency Bitcoin offers.

Yes, most Bitcoin users might not manually audit every transaction, but they don’t need to. Bitcoin's transparency means anyone can verify and the collective effort of thousands of nodes ensures that fraudulent transactions are spotted and rejected. With Monero, that level of transparency isn't an option due to its privacy focus. The two systems operate under fundamentally different trust models: one based on open transparency and collective verification, and the other on private cryptography. It’s not about what you can do in theory but what the system allows you to verify independently at any time 
 In other words you're trusting proper software implementation and other Bitcoiners to verify for you. Double spend bugs have already happened in the past that passive node runners didn't detect on Bitcoin and can happen again. Only "manual verifiers" are relevant and unique in this regard and have a real argument. If you don't do this you are not much different from any Monero node runner.

The last part is basically: "Yea I'm strong because my friend lifts weights" 

To keep to the analogy, while your one friend can help you lift something heavy once in awhile, that doesn't make *you* strong, and you're still trusting/relying on him to lift heavy things for you (relying on a few other Bitcoiners to verify for you AKA trusting) 
 In Bitcoin, every node does more than just 'rely on others'—it independently validates all transactions and blocks against the full ledger. This isn't the same as saying 'my friend lifts weights for me.' It's more like being part of a gym where everyone lifts weights regularly. Each node in the Bitcoin network continuously checks for double spends, invalid blocks, or any deviations from the protocol, and nodes would reject such anomalies automatically. Yes, this process is automated, but it is still a form of active verification. Passive node runners are still contributing to the security and decentralization of the network by running this software.

Yes, there have been bugs and issues in Bitcoin's history, but the key difference is transparency. When a bug or double spend occurs, it's visible on the public ledger, and anyone can examine the blockchain to understand what happened. This isn't true for Monero due to its obfuscated transaction data. If a flaw exists in Monero's cryptographic assumptions, detecting it without transparency would be far more challenging, especially for passive users who can only rely on cryptographic proofs, not visible transactions.

Your argument suggests that because most Bitcoiners don’t manually audit transactions, they’re akin to Monero node runners. However, Monero node runners can't manually verify the total supply or audit individual transactions because the protocol doesn't allow it. The difference isn't about whether or not individual users actively engage in auditing; it’s about the system's openness and the ability for anyone, at any time, to verify the entire ledger if they choose.

So, while some Bitcoin users might rely on the broader network to audit the blockchain, they still could audit independently if they wished. This inherent capability provides a level of assurance and trust that isn’t dependent solely on cryptographic methods, unlike Monero. The option to verify independently or trust the network is a choice Bitcoin offers, while Monero, due to its privacy focus, inherently restricts this transparency."

 
 What you say is we need an independent script that verifies the Monero supply. It's actually a great idea as this has been the most prominent critique from maxis.

Pedersen commitments are well understood. 
 It's trivial to do this, learn to code 
 from monero.backends.jsonrpc import JSONRPCDaemon
from monero.transaction import Transaction

# Connect to your Monero node's JSON-RPC server
daemon_rpc_host = "127.0.0.1"
daemon_rpc_port = "18081"
rpc_user = "your_rpc_username"
rpc_password = "your_rpc_password"

daemon = JSONRPCDaemon(host=daemon_rpc_host, port=daemon_rpc_port, user=rpc_user, password=rpc_password)

def verify_monero_supply():
    try:
        # Step 1: Verify total mined supply based on the emission schedule
        total_mined = 0.0
        last_block_height = daemon.info().height - 1

        for block_height in range(1, last_block_height + 1):
            block = daemon.get_block_by_height(block_height)
            # Verify block reward aligns with the expected reward
            total_mined += block.reward

        # Step 2: Verify cryptographic proofs in each transaction
        for block_height in range(1, last_block_height + 1):
            block = daemon.get_block_by_height(block_height)
            for txid in block.tx_hashes:
                tx = daemon.get_transaction(txid)
                transaction = Transaction(tx)
                # Verify Pedersen Commitments
                if not transaction.verify_pedersen_commitments():
                    print(f"Failed Pedersen commitment verification in transaction {txid}")
                    return
                # Verify Bulletproofs (range proofs)
                if not transaction.verify_bulletproofs():
                    print(f"Failed Bulletproof verification in transaction {txid}")
                    return
                # Verify Ring Signatures
                if not transaction.verify_ring_signatures():
                    print(f"Failed Ring Signature verification in transaction {txid}")
                    return

        print(f"Total Monero Mined: {total_mined:.12f} XMR")
        print("All cryptographic proofs verified successfully. No inflation detected.")

    except Exception as e:
        print(f"An error occurred during verification: {e}")

if __name__ == "__main__":
    verify_monero_supply()



There you go.  The problem is it relies on complex cryptography to accomplish this, which is one of the criticisms of Monero.  For more details study the library's implementation of 
verify_pedersen_commitments
verify_bulletproofs
verify_ring_signatures

As far as pedersen being well understood... by whom, by you?  I don't think so. 
 "On the other hand, we need computers, and the method will convince only those that trust both math and the computer they use."


https://crypto.stackexchange.com/questions/64437/what-is-a-pedersen-commitment#64443


Not a cryptographer, but the math behind is not so difficult. But as the commentor of the link wrote. There is trust involved in math and in the machine you use.

I'd suggest you to talk ti some of the cryptographers you'll find in the Monero community.

For some use cases it is not acceptable to trust, in that cases Bitcoin is preferable over Monero. For other use cases the trust is acceptable.

Most Monero supporters also have been early Bitcoiners. Therefore hold huge bags of both coins. Would I ever consider to spend Bitcoin without going through Monero first? No, because I don't know the future and how the future dictators will treat my financial past. Do I treat Bitcoin as a store of value. Yes.

By the way. Monero is a rather stable coin, like you'd expect from a currency.


 
 Your argument seems to focus around what _I_ do.. It's not about me.  The point is ANYONE can audit it.  In Monero, no one can.

If you still don't understand the difference between active auditing and an inability to audit the total supply then I am not sure how much more I can help you understand. 
 I'm pointing out that if this is your argument against Monero there is little difference between that and the vast majority of Bitcoiners in practice.

How many Bitcoiners run nodes? 
How many of those node runners are actively verifying it's transparent input/outputs- 0.001%?
Far fewer than you make it seem.

An advantage that one never takes advantage of...is not an advantage 
 I'm not arguing "against Monero" I'm simply helping you understand the differences between an open public ledger that can easily be audited with someone with basic python skills and a protocol that requires complex cryptographic proofs just to ask it how many coins there are. 
 Now you too can manually audit the bitccoin without employing and cryptographic proofs:

def audit_bitcoin_supply():
	block_count = rpc_connection.getblockcount()
	total_supply = 0.0
	total_utxo_amount = 0.0
	for block_number in range(0, block_count + 1):
		block_hash = rpc_connection.getblockhash(block_number)
		block = rpc_connection.getblock(block_hash)
		coinbase_txid = block['tx'][0]  # Coinbase transaction is always the first transaction
		coinbase_tx = rpc_connection.getrawtransaction(coinbase_txid, True)
		block_reward = sum(vout['value'] for vout in coinbase_tx['vout'])
		total_supply += block_reward
	unspent_txos = rpc_connection.listunspent(0)
	total_utxo_amount = sum(utxo['amount'] for utxo in unspent_txos)
	print(f"Total Bitcoin Supply (based on block rewards): {total_supply:.8f} BTC")
	print(f"Total Bitcoin in UTXOs: {total_utxo_amount:.8f} BTC")
	print(f"Difference: {total_supply - total_utxo_amount:.8f} BTC") 
 You can't audit fractional reserves in CEX. Not for Bitcoin and not for Monero. 
 People who fractionally reserve bitcoin go bankrupt.  See FTX for details.

Rehypothecating the most bullish asset in human history in it's infancy when volatility is incredibly high is not something experienced asset managers would even consider.  It takes a fool like SBF to have the hubris to even attempt it.  And you see where that ended him up, in a prison cell. 
 Those who don't know how to operate proper fractional reserves go bankrupt.

Binance for example managed quite well so far.

Coinbase and BlackRock will only go bankrupt when USD hyperinflates as they can print as many USD for cash settled ETFs as they need to not default on bad trades thanks to the BlackRock-FED connection. 
 And what proof do you have that binance fractionally reserves things?  You have none this is just speculation and conjecture. 
 Well, as you are not new you seem to have ignored the discussions around it for at least 3 to 4 years. What does that tell me about you?

It at least tells me that most Bitcoiners so far did not learn anything from Monero's past which to me signals that Bitcoin is not fit to challenge the state apparatus. You either do have exceptional observation, adversarial thinking and executing strategies (like early Btcoiners from 2009-2012) or you will get played by forces that do.

 
 For a starter try to use a search engine and put in Binance + fractional reserves then read up on a ton of observations, test runs, withdrawal issues,... 
 Yes but I don't care in the least.  I give exactly 0.00000000 fucks about Binance or if/when/where/why they are defrauding people. 
 There are very real threats to bitcoin, Binance is not one of them. 
 I don't care if Binance is rehypothecating bitcoin.  It matters nothing to me, nor to bitcoin.  Anyone stupid enough to do that will be exposed in the end.

Binance is no threat to bitcoin. 
 do you see how easy that was?  Simple arithmetic.  Now compare that to the logic required to attempt to verify Monero:

transaction.verify_pedersen_commitments():
transaction.verify_bulletproofs():
transaction.verify_ring_signatures():

have a look in the Monero python cryptography libraries for those functions.  So much for simple arithmetic.  They are vastly complex, certainly beyond my ability to understand.  Maybe you're a better software engineer and cryptographer than me.

So your argument that "Monero can be audited too" is just simply invalid.  It's not the same, apples and oranges.
 
 But what if you're the vast majority of Bitcoiners that never do that "simple arithmetic"

You just keep bragging to us that you can (but don't ever do it) 
 I just fucking did it for you, lol.  Run that script and see for yourself. 
 I know and I see that. But it still doesn't avoid that the vast majority of Bitcoiners don't do this. They don't even run a node.

For those that do (and do so often) I already agreed they have a reasonable argument against Monero if they want the best possible verifiability/auditability 
 In short.  To remain thin ANYONE can lift weights.  It's possible to make others thin if enough people lift weights.  Unlike Monero where you rely on cryptographic proof to lose weight.

I hope you now understand this fundamental difference. 
 I think we're talking past each other and arguing different points  
 yes that's entirely possible and would explain why we keep repeating ourselves.

The reason I brought up Monero at all in this conversation was that I was suggesting Bitcoin is feature complete, and that adding new opcodes, while they could potentially add some marginal improvement, are incredibly risky and irresponsible.  

Someone suggested that bitcoin should have privacy and I was attempting to explain why that can't really happen and some of the tradeoffs associated with it. 
 A #Bitcoin node audits the entirety of the history from the beginning and at all times. It’s all open and I’m sure you know this.

But your argument is essentially the equivalent of saying that nobody has any idea if they ever did their accounting properly because they’re just trusting their calculator… I’m sorry, but that’s a very poor argument that has no value in the real world, only in some silly hypothetical. (I.e. in practice it actually just works very easily)

It would be extremely obvious if a node software didn’t do the simple job of auditing the open #Bitcoin timechain history. You can just look to see if something’s wrong.

Funny that you use that example actually, because something like Monero doesn’t get that benefit. If the BTC audit was messed up you *could* check it very easy on pen and paper. If there’s something wrong with bulletproof or ring signature implementation/value outputs, how long before somebody figures it out? Literally nothing would stand out as obviously incorrect or flawed. 🤔

In addition, all cryptography has a shelf life. If your amounts are separate from the signatures, you can update the cryptography to fix a vulnerable system. Bitcoin can continue to work indefinitely, even if/when quantum computers start to threaten its ownership assurances. Something that uses cryptography to obscure the amounts, however, doesn’t get that benefit. You’d have to disallow any and all use of the old system, essentially a reset, because broken cryptography means you now have no clue how many coins there are. Even allowing 1 old signature becomes a risk to the entire thing. The supply matters first and foremost above everything. Without it being immutable, the “money” doesn’t even exist. This is why, despite all the reasons we’ve wanted privacy in the foundation of Bitcoin, nothing has persisted and the trade off on the long term is too much. It just makes more sense to build it into higher layers, than at the base, unless we can find some way to obscure the ownership of many different amounts within a UTXO that doesn’t threaten the full audit in any way.

(Also I don’t see what note you are responding to, so I might have missed some context) 
 Yes he's exactly right. 
 "I’m sorry, but that’s a very poor argument that has no value in the real world, only in some silly hypothetical. (I.e. in practice it actually just works very easily)"
Let's say I'm wrong and put aside the "passive" noderunners thing for the moment for the sake of argument, what I also said is that the vast majority of Bitcoin users don't run a node so are simply trusting others . And in those cases they are in a similar situation, if not worse, than Monero noderunners. Maybe you didn't see it, but like I told BitcoinStu, I don't disagree with anything you're saying about Bitcoin noderunnners.

"It would be extremely obvious if a node software didn’t do the simple job of auditing"
It's not so obvious to me. We have several examples in Bitcoins history where it wasn't necessarily so obvious to everyone running a node. This one required some random anon to even point it out to devs before anyone realized what was going on.
bitcoincore.org/en/2018/09/20/notice

"Funny that you use that example actually, because something like Monero doesn’t get that benefit. If the BTC audit was messed up you *could* check it very easy on pen and paper"
I never claimed that it did. And I agree you *could* with Bitcoin but who *does* in the real world, honestly? If a couple users do this, and do so often, how does it change the fact that 99.9% aren't verifying themselves? They can't claim the benefits of a transparent chain as you are saying because they never take advantage of those properties. I can shout until I'm blue in the face that I *can* do something, but I never actually did it until I *do* it.

"You’d have to disallow any and all use of the old system, essentially a reset, because broken cryptography means you now have no clue how many coins there are"
Pretty sure Zcash kept their supply sound and got around this scenario by using turnstiles, but not an ideal solution for sure (exploiters can leave legit user SooL)

I think we can agree that each method isn't perfect and has it's own downsides (basechain privacy vs basechain auditability)
Each project has different priorities and I think they should follow them to their conclusions
At least that will show us what works in practice (maybe they'll each succeed in a different way)

If I can ultimately transact with strong privacy, on Monero or some layer of Bitcoin, without any severe trade-offs to self-custody or permissionlessness, it's a win/win for me. 
 Anyone who tells you that adding new opcodes will scale bitcoin is either ignorant or malicious.  In this guy's case I don't know which it is, I've never heard of "the guy who's read more about bitcoin than anyone else I know" which is an absurd assertion and should tell you right away he's full of shit.  But in either case he's endorsing an attack on Bitcoin, it's really that simple.

Study BIP-119 if you want to know more. 
 The utter mess that segwit was? We wouldn't even have LN without segwit 🤔. The non-segwit hardfork was the real mess

Also, taproot didn't enable shitcoins on Bitcoin, it just made scaling shitcoins easier 😅 
 Taproot didn’t do anything to help shitcoins, I don’t know how that became a popular trope about all of this. In fact, despite it not being used, taproot is how you could do that stupid garbage without it bloating the blockchain at all. 

The only bit thing with soft forks that gave a lower cost to inscriptions that were fully printed onto the chain was the Segwit *discount,* which wasn’t even really about Segwit itself, but was simply what was done to get a compromise blocksize increase during the shitstorm of a war that had gone on for 4 full years. 
 Oh wait, are you responding to that moron who thinks CTV has to do with shitcoins? You are super wasting your time there man. Not worth it at all. Just mute 
 Lol, my first mute on nostr is a fact 😂. Still, took 19 months... 
 CTV will likely turn Bitcoin into a shitcoin, that's the risk you run by forking new opcodes in.  It's irresponsible at best and malicious more likely 
 Inscriptions could happen before SegWit, it would have only meant fees would have gone up a little less.

And it would pollute the UTXO set instead of storing it in witness 
 Yeah none of it really stops or prevents anything. And the witness discount makes sense because having inscriptions there means it can be pruned by anyone who doesn’t want to store that trash. 
 No one said Segwit allowed spam, it simply made giant blocks full of it possible and added financial incentives to do it. 
 None of those are true 
 Both of them are true.  4mb blocks can contain a lot more spam than 1mb blocks and the witness discount made it cheaper 
 Made it cheaper how?

On the surface it may seem like it but you have to realize this availability of space meant more demand and more fees, until the market reached the amount they would pay reasonably per byte stored

Contain more spam, sure, but also contains more non-spam TXs 
 The witness discount means that each byte of spam is cheaper than a bit of meaningful transaction.

This was all done when blocks were mostly empty.   
 and today, stuffing the witness section full of bullshit is cheaper and the amount of witness is unlimited.  Spam fest 
 ah, "more tx" yes so you probably should use bcash because that has massive blocks full of those wonderful transactions.

There will never be enough transaction space in bitcoin no matter what you do.  Incentivizing spam is only making it worse. 
 even today blockspace is cheap for transactions yet we incentivize spam.

The good news is that eventually a single transaction is going to cost $1000 or more and that will probably put an end to spam.  The bad news is, nothing will drive "big block" bullshit harder than that. 
 The bottom line is it doesn't really matter cause those things have been merged in.  Taproot and the rest is live and there is no way to get the pee out of the pool.

But we can certainly prevent more exploits from being added in an attempt to "scale bitcoin" which is an absurd idea when you understand why blocks and small and blocktime is long 
 before segwit spam had to compete with legit transactions for space.  The witness discount was core basically saying "ok you can spam, but put it in the witness section so it doesn't bloat the utxo set.

And then taproot took out the witness limit and now our blocks are full of dickbutts.

Personally I'm of the opinion that if spam had to compete for blockspace on an even playing field you would see a lot less of it.

The moral of the story, especially with taproot, is that when you start fucking around with "perfect money" all you can really do is make it less perfect....

If it aint broken, dont fix it.  
 They are competing for blockspace even with Segwit. Not that it would stop spam.

Please do research. 
 with a discount, please do some research 
 normal transactions also get a discount 
 A normal segwit transaction is 60% witness.  A spam is 90% witness or more.  This makes spam cheaper per vbyte.  But I think you know this you're just being argumentative. 
 after actually examining some of them, looks like a lot of inscriptions are 99% witness data.... so.  yeah. 
 ^ 
 increased block weight, decreased tx cost for spam, both bad for bitcoin 
 Taproot brings Bitcoin one step closer to being a shitcoin.  It facilitates shitcoins by making Bitcoin into one.

Your OP_CTV is wildly irresponsible.  You said yourself core won't "pull the trigger".  

Bitcoin is feature complete.  But for the sake of compromise, I think you should get 1 new opcode ever 50 years, timer starting now.  So get your BIPs together, get them tested, and if you have one you really think will help and be safe, then in 2074 you can softfork it in.

The reality is that Bitcoin biggest vulnerability is people softforking some bullshit in there that ends up with unintended consequences that can be used to harm or destroy the protocol. 
 Lightning is meaningless without a stable secure and decentralized bitcoin.  Honestly I give zero fucks about LN.  I care about breaking the global banking cartel with an undebaseable money.

Adding opcodes is nothing more than opportunities for those who would harm bitcoin to do so.

Taproot, by removing any semblance of regulating arbitrary data led to the spam fill bloated blockchain we have today.  That threatens the cost of verification, and that is critical to Bitcoin.

Without nearly free cost of verify all you have is a centralized shitcoin running in datacenters, just like the big blockers wanted. 
 I can't help devving, but I'd love to run it on my node 👍🏼 
 Not me. 
 I’m not in favor of generic expanded capabilities to the core protocol where we don’t know the limits of how they will be used. 

It would be better, IMHO, to pick specific use cases that the community wants and to then engineer the best, most limited change that meets that need. Vaults? Payment channels? Etc. We should design a change to do just that and only that. 

We need to learn our lesson with Taproot and discounted witness data. Devs didn’t realize how it would be used for spam. 

Devs aren’t omniscient and can’t predict all ways a change can be abused. Some of the abuses will even be indirect and attack the incentives underpinning key operations (like mining). Best to lock it down to reduce the attack surface area. 
 “I’m not in favor of generic expanded capabilities to the core protocol where we don’t know the limits of how they will be used.”

This is exactly why CTV makes the most sense. It’s a simpler primitive than probably any soft fork we’ve had since the beginning of Bitcoin 
 I know, but that’s terrifying isn’t it. It’s why we ended up inadvertently centralizing mining with Taproot and making it difficult for folks like me to periodically sync the blockchain on our small TOR nodes. Secret blocksize increase after fighting to keep it small. 

Why not simpler still? Why not op_vault? 

What specific use cases are your priorities? I’m sure the community had a top one. Why can’t we just focus on it first?

I’ve only heard from devs, “I think it’s safe”, which isn’t appropriate for the system that protects the world’s money. We need to be absolutely certain that it’s safe. 
 How is that terrifying? And how exactly have you reached the conclusion that taproot has been responsible in any way for centralizing mining? Are you saying people wouldn’t be using pools without it? Or that mining somehow wouldn’t have been financialized?

I think you’ve equated cause and effect with things that have nothing to do with each other. 
 And how on earth do you gauge op_vault as better here? Seriously what do you know about op_vault? It’s actually more expressive than CTV as I understand it. 
 Op_vault is more limited and specifically designed to enable that one feature: vaults. 

This article discusses vault as a subset of ctv. 

https://www.coindesk.com/tech/2023/02/28/proposed-bitcoin-vault-feature-could-thwart-malicious-hackers/

But the fact that vault is a subset of CTV is not my point. 

My point is that changes to the core protocol should be specifically limited in scope so that we can have more certainty that the change is technically safe, and also doesn’t disrupt the network ecosystem. 

Maybe op_vault is the right approach to solve vaults, or maybe not. What makes it better is that it’s *specifically* designed to solve vaults. 

CTV can be used and abused in more ways, including ways we don’t yet know. 
 I completely get the sentiment, I’ve advocated for more conservatism for a long time, but CTV **is** the conservative approach and it **is** something explicit that we know the limits of.

I think the notion that we shouldn’t implement simple, very contained functions because we haven’t predicted everything that could be built with them yet is a misunderstanding of how and why we should be conservative.

Example: The justification to reject timelocks or multisig because no one had yet predicted the existence of lightning and how it would work would be silly.

It’s literally an impossibility to know what will be built with new tools, that’s the whole point, but how they are contained and HOW they work within the transaction is the concern. And CTV is essentially little more than a hash lock, something we understand in dozens of other contexts and with a very simple and very environment limited function. 
 Ok, then prove to me that it can’t be abused. 

You can’t prove a negative so to prove it can’t be abused, you must first list all classes of ways it can be used and then prove those can’t be abused. 

Since you can’t list all the classes of ways it can be used, you can’t prove it can’t be abused. 

So therefore your statement that you know the limits of it and that it’s safe is not true. 

You don’t know the limits of it. If you did, you could tell me. Right?

Timelocks and multisig have classes of uses beyond lightning so you’re right, it would have been silly to reject them because we didn’t know of the potential of lightning. We already knew other ways they could be used. For example, shared custody. 

It’s not just a hashlock, is it? If it were just a hashlock we could use pay-to-script-hash (P2SH). 

Think about it more. You have everything backwards. In product design, we don’t build technology first and then hunt for a problem to solve. We first identify a human centered problem to solve and then design technology to make people’s lives better. 

Imagine that you are a systems designer for a nuclear reactor. Would you agree to release a public API that could do a bunch of stuff that people will figure out later? No, you wouldn’t. Someone might accidentally melt down the core. Instead, you would make the most limited changes that you knew would be safe.

When I look at the bitcoin core protocol. I see something more important than a nuclear reactor. The core devs are one of the most centralized and dangerous systems in the bitcoin ecosystem. Unlike individual govts, they actually do have the power to destroy the entire network. 

Let’s not “melt down” bitcoin’s core.  Future generations are counting on us. 
 “Timelocks and multisig have classes of uses beyond lightning so you’re right, it would have been silly to reject them because we didn’t know of the potential of lightning. We already knew other ways they could be used. For example, shared custody.”

You misunderstand my analogy here. It wasn’t that we didn’t understand it’s value because of its, it’s that one didn’t have to defend multisig as a tool by predicting everything that could be built with it to know it was safe. If that was a requirement, then we could never make any changes at all. 

“Imagine you are a systems designer for a nuclear reactor…”

Dude I’ve done dozens of shows on this, you don’t need to argue that this is foundational, nuclear grade software, that this should be treated with utmost care, that upgrades should be extremely limited in scope and well understood. If you are making that argument then we aren’t actually on topic. 
 In order to make sure my “on topic” comment isn’t too vague, I’m saying that we both completely agree on this point and the argument is about *what* the conservative, save for nuclear grade options are.

So to equate CTV with an open API is to misunderstand that I’m saying CTV appears not only the safe, and most conservative option while still getting the functionality we want, but that explicitly comparing it to previous soft forks, it’s *easier* to justify than a bunch of things we’ve already soft forked for.

So what I’m saying is that I agree with basically your entire post. I *disagree* on where CTV falls in that risk profile. 
 You say it “appears to be safe”, but have put forward no justification to support that statement. You can’t say just say “trust me” to the bitcoin community. We need the “verify” part too. 


“it’s *easier* to justify than a bunch of things we’ve already soft forked for.”

Sure, but you and I both know that’s not a real argument. Arguing that devs were more reckless in the past doesn’t justify additional reckless protocol changes. That past recklessness explains why we have the witness discount, more spam data in our timechain, and additional centralizing forces on miners. 

Bottom line: if you’re advocating to change the core protocol, you have an obligation to demonstrate that it’s safe and necessary. You owe the community this. And since you have a highly visible platform, you have a duty to use a higher standard of care … a higher bar, if you will. 
 It’s terrifying because nobody knows the limits of its use and therefore nobody can say with any certainty that it’s both (a) technically safe and (b) won’t disturb the network ecosystem. 

My understanding is that taproot and segwit’s witness discount encouraged and increased the volume of arbitrary data stored on chain. 

This expanded the market for things that use this data. More data, more junk, larger market. 

Thereafter private apis to miners and pools developed to front-run and insert crap in the chain. 

Private apis and out-of-band payments encourage mining centralization by giving unequal access to fees and disturbing the even playing field. This motivates miners to join the pool that has better access to these exclusive fees and encourages monopoly-like arrangements. 

https://www.coindesk.com/opinion/2024/07/09/mev-has-spread-to-bitcoin-in-subtler-forms-than-on-ethereum/
 
https://bitcoinmagazine.com/technical/the-witness-discount-why-some-bytes-are-cheaper-than-others 
 You clearly don't understand CTV 
 Great, I’m glad someone who does just showed up. Go ahead, tell me all the ways it can be used, and prove it’s both technically safe and also doesn’t disrupt the network ecosystem. 
 You lock your bitcoins to a spending script.

It's as technically safe as P2SH and doesn't disrupt network ecosystem because it's just a spending conditions on coins.

Can you demonstrate and prove that CLTV, CSV, P2SH are technically safe and also doesn’t disrupt the network ecosystem? 

If not we might have to remove them :/

 
 Is CTV being used the wild right now? In Liquid? Somewhere else? 

Hard for me to trust “it’s the same as” arguments because if it were the same then we wouldn’t need it. 

Is there a document somewhere that provides an in depth review of the safety considerations?

What is the feature that it provides that you care most about?

This summarizes my lates thoughts. Important to also prove necessity. 

nostr:note16zakjweexcw9hjawwxllrj702mnt3k9ve69lgq5am39q77vedzksnd8n4a 
 I'm not advocating for CTV. I'm just pointing out that your lack of technical knowledge will hinder your ability to understand those things and participate in such conversations because all of your arguments are based on feelings, not facts. 

There is no "we" in this. A soft fork proposal doesn't need you if YOU can't show the proof-of-work as to why your opinion is valuable or worthy of consideration.

Hence, when improvements to Bitcoin script inevitably come, you will be left screaming in the void because the stakes for you are clearly not enough to have an informed, non-biased, opinion. 
 You didn’t show anything. You just made claims I didn’t know what I’m talking about. Ad hominem attacks are always the fallback, aren’t they?

It’s not on me to prove it’s necessary and safe. It’s on those advocating for it. And apparently that’s not you. 😂

Do you just jump into random convos and yell “you don’t know what you’re talking about!!” And then refuse to support you point when challenged? Pretty funny. 😄 
 I have made the case for why CTV is safe, you are just not able to understand it because of simple technical shortcomings. This is not an ad hominem, simply an observation.

Do you imagine people will spoonfeed everything to you?

These conversations will carry on without you and you will remain puzzled and confused when changes happen because all you rely on are your feelings.  
 You made no such case. You only made unsubstantiated claims that it was the same as P2SH. 

I just pointed out that it was a false analogy to see if you could back it up. And you didn’t. 

It seems you’re just parroting talking points given to you from other people. Just like that meme where the NPCs all download their latest update. Did you sit in on a talk once or twice and conclude you now know everything there is to know?

I often find that folks who see the world in superficial simplicity often have never built anything of value or complexity. Those who have usually realize that many of their preconceived assumptions were wrong. 

By the way, what they didn’t discuss in that talk you attended:

Op_ctv can be used to expand time-based trading opportunities, options, futures, DLCs. 

https://www.coindesk.com/layer2/2022/05/20/bip-119-unpacking-ctv-and-how-it-would-change-bitcoin/

https://bitcoinops.org/en/newsletters/2022/02/02/

Trading and marketplaces create opportunities for people to front-run transactions. 

https://www.coinbase.com/en-it/learn/advanced-trading/what-are-frontrunners-and-mev-when-it-comes-to-crypto-trading

This creates MEV or MEVil, as some people term it. MEVil motivates miner centralization. 

https://bluematt.bitcoin.ninja/2024/04/16/stop-calling-it-mev/

Here’s a primer on MEV in case you forgot!

https://bitcoinmagazine.com/technical/mev-monster-bitcoin

Anyway my point is that it’s not clear that it’s necessary and we definitely don’t know that it’s safe. I can see that there is a potential risk. I just don’t know the severity of the risk and neither do you. 
 You are talking about things again which you don't understand. Understandably this makes you afraid.

You cannot "see" anything. You are just feeling because you can't verify yourself.  
 I read you correctly, didn’t I? 😎

I look forward to your actual rebuttals when you have some. 
 You're literally the one parotting talking points. It's right there in your notes. You reference things you do not understand and just throw link to support your "feelings". 

If I were to ask you to explain any of the subjects discussed you wouldn't be able to.

There is nothing to rebutt, you didn't bring up anything substantial.  
 Oh, my! Bless your heart. I guess you don’t know how to respond when your usual bullying stops working. 

The only feeling I’m getting is that cringe one where you’re watching someone in the movie embarrass themselves. And also starting to feel a bit sorry for you. 

I explained to you how there is a risk of MEVil. I guess you can just pretend I never said it. Everyone else can see that I did and also see that you had nothing to say. 

I got a nice glass of wine 🍷 here. I’m going to take a drink every time you say “feelings”. Don’t keep me waiting! 😆 
 You explained to me? 🤣

You sent me a "primer" I wrote 🤣

Dead 
 And you’re so full of yourself that you thought you “got me”. It’s how I could tell you were not a builder. 

You’re so funny. 😂 

I just added ded and dead to my drinking game. 🍷🍷

Glad Guy is focusing on the real issues here. 👍 
 Even though this conversation is unproductive now and I won’t be participating anymore, I’ll just leave this here:

CTV would allow us to open a million lightning channels in a single block.

https://media4.giphy.com/media/l3vR6eSZ9bvU6CxkQ/giphy.gif?cid=9b38fe9123jfxpqw5emt48pqvy6n4e2lgbrs23b7jr9t271x&ep=v1_gifs_search&rid=giphy.gif&ct=g 
 Did you mean to post Alex’s own article on MEV or was the “in case you forgot” a joke about that? 
 DED 
 😂 of course. It was clear from his writing that he wasn’t a builder. Thought he needed to review his primer. Too funny. Look at him. Was hoping he would say feelings again so I could take another drink. 
 I read through most of what you linked to here and I haven’t found a single connection between MEV and CTV in any of it.

In what way do you think CTV will cause this issue? None of what it does can be done *to* someone, you have to sign and place all the signature requirements into it yourself. The first article does a decent job of explaining why it’s very useful, but also makes almost no change in the security assumptions, because it’s just another type of restriction you can place on your own coins.

Literally Lightning is trying to do exactly what CTV does, except in a complicated, multi step, numerous interaction way. So if the basic function of CTV is bad somehow, then so would a multisig that attempts to have rules not in the actual transaction to adhere to…

ie. You and I are in a multisig and we agree that .1 belongs to you and .2 belongs to me. CTV literally just makes that simple and easy to understand, instead of complicated and needing multiple interactions and signings. 
 Thanks for the response. I appreciate the focus on the issues and the discussion. Will respond when I can. 
 Ok, could you please tell me which statements you disagree with so we can start from there:

1. Centralizing MEV is bad

2. Out of band payment to miners to enter private mempool can create centralizing MEV

3. Speculators may pay miners out of band fees if they can receive a financial advantage. 

4. Trading financial instruments creates opportunities for financial advantage if you can execute your transaction quicker than others.

5. Op_CTV enables smart contracts that could be used to create and trade financial contacts, possibly even creating a Uniswap-like DEX. 

6. There is a risk that op_ctv could create centralizing MEV 
 You can’t control out of band payments in any way whatsoever, to suggest you can is silly, imo.

CTV doesn’t “enable smart contracts” in some elaborate way that isn’t already possible. Lightning is a “smart contract,” multisig is, atomic swaps are. What you describe is a completely generic idea and is 100% possible right now with all the op codes we have. CTV does not suddenly make a shitcoin trading empire possible where it wasn’t before, it literally formalizes, simplifies, and removes multiple interactions needed to do many of the same things we are doing *already.*

Multisig doesn’t scale to large groups because everyone has to be present. All CTV does is make it so parties can make changes independently and without constant cooperation and synchronized signatures from every single party.

So I disagree with the whole framing. It doesn’t make any sense in the context of what the tool is. 
 “CTV doesn’t “enable smart contracts” in some elaborate way that isn’t already possible.”

Have you heard of Sapio?

https://www.coindesk.com/tech/2020/07/14/this-new-coding-language-could-help-unlock-bitcoins-smart-contract-potential/

https://btctranscripts.com/vr-bitcoin/2020-07-11-jeremy-rubin-sapio-101/

https://bitcoin.stackexchange.com/questions/106850/is-there-anything-specific-to-the-design-of-the-sapio-language-that-makes-it-wel

https://blog.primebit.com/2020/07/22/sapio-a-new-language-aimed-at-increasing-bitcoins-smart-contract-potential/?amp=1 
 Hey Guy, did you fall down the Sapio rabbit hole as I did? Pretty interesting (and disturbing) stuff! 

Anyway, unless I’m missing something, it seems that you were misled on CTV’s capabilities. 

You said: “CTV doesn’t “enable smart contracts” in some elaborate way that isn’t already possible…”

Your statement is not true … straight from Jeremy Rubin himself:

“When we write a program in Sapio, we are designing an arbitrary state machine that can run any program.”

…and…

“As such, Sapio is a very powerful framework for designing Bitcoin smart contracts […].”

So CTV does provide a NEW powerful framework that allows ARBITRARY programs, which aren’t possible today. 

Jeremy even says at one point that you can write options contracts in Sapio. This confirms what I said about financial trading. 

Jeremy also says clearly that Sapio is ONLY POSSIBLE with CTV:

“CTV makes all this stuff really possible and without it it is severely limited in what contexts you’d want to be able to use it. …
Getting CTV adopted is really instrumental to making this vision that I showed you actually work.”

So, to recap:

You’ve said repeatedly that CTV was only providing capabilities that we have already. 

You said that CTV doesn’t provide “elaborate” new smart contract capabilities. 

You now have strong evidence that both of these statements are not true. 

Do you understand now why my earlier framing was accurate? If you’re still fuzzy on anything please let me know. 

Hoping you also understand better why I challenge these attempts to quickly change bitcoin’s core protocol. 

Of course I would love to have channel factories capable of opening a million lightning channels at once. But not if there is any risk to bitcoin. 

The problem is that none of us really know what OP_CTV can do. It seems this discussion is a perfect case in point. You’re super smart, incredibly well read, spending most of your time in this space, but still under the belief that OP_CTV just provides better hashing, stuff we already have. 

Nobody understands all the ways it can be abused, so nobody really understands what the risk to bitcoin really is. 

You think we need channel factories? Great! The dev community should explore how to add that without any “side effects”. We absolutely need vaults. Hopefully they can figure out how to get that done without side effects too. 

But adding arbitrary programs to the core protocol which could harm decentralization? No freaking way. We’ve seen that horror story play out on crypto blockchains. 
 I already left this convo and don’t have time to read all that, I have been well aware of Sapir for years and I’m guessing you’ve never heard of BitVM if you think this is something new. 
 Sapio runs logic on-chain but BitVM is currently designed to run logic off-chain. You can’t equate them. 

Big difference in terms of risk to centralizing MEV, don’t you think? 

It will be interesting to see how BitVM develops though. 

You’re not going to respond? Once I brought receipts and then you suddenly “didn’t have the time”? Disappointed. I thought we cared about what’s best for bitcoin rather than our established positions. 
 “You’re not going to respond? Once I brought receipts and then you suddenly “didn’t have the time”? Disappointed. I thought we cared about what’s best for bitcoin rather than our established positions.”

I was literally just trying to find the time because I am insanely busy and also out of town at the moment, but you beating your chest like you are the only one who cares about anything and this sort of attitude is what makes me not want to. If you want me to respond this isn’t how to do it.

And no, Sapio doesn’t change anything, as I said I knew about it and I’m pretty sure I did an episode on it a couple years back. 
 You’ll recall that when I was busy, i politely thanked you for your message and let you know that I would reply when I could. 

Perhaps you forgot saying “I already left this convo and don’t have time to read all that…” But you always intended to reply? Ok, sure. 

Repeating “Sapio doesn’t change anything” is weak sauce — baseless contradiction, no logic, no evidence, just nothing. 

I’ve quoted the author of OP_CTV extensively and he clearly contradicts you. I was hoping you would respond with something coherent so I might be able to learn, if I was missing something. 
 “Smart contract” is a buzzword. Lightning and multisig can do what you explain above. It’s just more annoying and requires more interactions. Are we getting rid of those things because of “smart contracts”? 

CTV is not a “framework”, Sapio is. It’s a coding language to work with bitcoin script, CTV is not the problem here and I also think you misunderstand MEV on top of this. There are already options contracts in Bitcoin, it’s already financialized. Also something that you can’t stop. There have been futures contracts for years. 

It’s completely impossible to stop practically everything you listed and maybe I’m wrong, but you don’t seem to understand what the *actual* problems with those things are, rather than thinking there’s some concrete line where it does/doesn’t exist and thinking that CTV leaps over it. 
 I’ll give an example to look into if you care:

Lightning pool can execute any arbitrary code to enforce ownership of bitcoin. Has been able to for a couple of years. It simply uses the Lightning punishment system to enforce ownership. CTV only makes it so you can pre-sign the exits and do it non-interactively… as I explained at the very beginning. 
 Thank you for the response! 

I can see our conversation is misaligned. Might be helpful to clarify my position. I’m not pushing back on particular functionality, per se. I’m only pushing back on how particular functionality interacts with the base chain — if that interaction might create centralizing incentives. 

For example, I don’t reject smart contracts, arbitrary code execution, or the like, if done via multisig, lightning pools, or even BitVM (as I understand it today). I push back when it is done in a way that could harm bitcoin decentralization (eg OP_CTV). 

What’s the difference? On-chain vs off-chain logic. 

CTV’s logic is on-chain so I’m concerned about CTV creating centralizing MEV and therefore potentially creating incentives that promote miner centralization. 

Let’s imagine that there was a trading marketplace on bitcoin where speculators were buying and selling securities, like how Uniswap enables trading on Ethereum. 

If bids, offers, and pending transactions were visible and transactable on-chain, there would be an incentive for traders to bribe miners to help them jump the queue to transact before other traders. These bribes would flow as out-of-band payments through private APIs to the largest miners, creating an advantage for larger miners (hence promoting centralization). 

There seems to be much less risk if the bids, offers, and pending transactions are off-chain and where the chain is only used for final settlement. For example, I don’t see any risk of people trading stocks on Nasdaq and settling with bitcoin. That’s just using bitcoin as money. No problems there! I DO see a big risk if people are trading stocks on a “bitcoin Uniswap” if there is any possibility that people may want to pay miners privately to jump the queue. 

This is why lightning pools and BitVM don’t concern me — the logic is off-chain and the chain is only used for final settlement. 

This is why I perceive a difference with CTV / Sapio. Everything seems to be on-chain. If someone could use it to create something like Uniswap then it poses a centralization risk to miners. 

You can also think about this another way, specifically that types of transactions classified as safe or unsafe. 

For example, the safest transactions are using the chain for final settlement, and are publicly broadcast so that no miner can have an advantage. 

Unsafe transactions are those using the chain for some other purpose where there is some incentive to connect privately to a large miner. (That’s why inscriptions were so bad. Promoting node centralization by filling the chain with spam, while promoting miner centralization through private transaction APIs. Double whammy!)

Eg, MARA’s Slipstream API:
https://x.com/JStefanop1/status/1760764664651133162

Jeremy was clear that OP_CTV could be used for anything. He even demo’ed playing tic tac toe on chain. This is why I put CTV in the unsafe category. 

I’m also not trying to quantify the risk. I’m in no position to assess whether it’s likely or not that someone will abuse CTV, CAT, etc, or how they might try. (And, nobody can really know.) My position is that these changes to the protocol should be rejected solely based on their architecture and potential for abuse. 
 Didn't jeremy ruben have a client already? 
 true 
 There's nothing CTV gives us that brings us much further along in the near term, at all.

I would listen to Rusty's latest recording with the Brink team to get a better sense of what actual improvement makes sense.

We can do better and we have plenty of time to unlock true scripting capabilities that will be long lasting and enable all use cases we might want.  
 Thats a fair argument and I don’t pretend to know about all the different options. I’ll check out the Brink episode. Thanks for the suggestion. 
 It’s a tad technical in the beginning but some good context in the Q&A at the end. 
 Rusty's perspective and his advocates cause me distress 
 Why is that? 
 I'm concerned by the proposal of a "great" script restoration that include significant changes to the core protocol placing bitcoin's decentralization and security at risk. 
 Yeah that one is very hard to get behind 
 Happy to donate to a bounty for this 
 Only if it's done right 
 What goal is CTV accomplishing? I am an economic nerd first and a Comp-sci nerd second. money scales in layers. Layer 1-Asset; Layer 2-coupon; Layer 3-credit. What does CTV do to build any of these layers? Specific spend coupons? Locked asset layers that can literally never be spent? I can see it MIGHT help the credit layer(the most custodial and least secure layer). We aren't even there yet. the coupon Layer is still being built. The unforeseen risk is so high, to push this fork seems irrational. Taproot was what? November 2022? and I still barely find a peer to use it with through layer 2.  I would just like a very compelling reason why opening this pandoric box is worth it? Bitcoin will not Ossify over night. Expanded Layer 2 will do way more to expand Bitcoin's  adoption than creating additional spend condition OP codes. 
 It lets you build something like lighting (where two people can own separate amounts in a single UTXO) except non-interactively and without needing some “punishment system.”

Thats literally it, and it can do this at scale too, so you can do it with 20, 50 or even more people, because you just add more “sub transactions” that can validity spend it into a tree. Same as you do with signatures now, it allows you to add amounts and specific destinations.

In other words, we could open millions of lightning channels in a single block if we had something like UTXO, and they could even be “private,” as they wouldn’t have any apparent location on chain if you didn’t share it specifically. 
 I don't want to turn this into a huge chain of nuh-uh, yuh-huh sessions(like I see with the more tenacious of your commentors). So I will posit a few questions to which I don't intend to ask follow-ups.

The "Punishment System" is present all throughout Bitcoin. I see it more as a feature than a workaround. That said, wanting rapidity is the goal of lightning not the consequentially low fees. How does CTV incentivize honest collaborative behavior if you are trading coupons off chain non-interactively?

Secondly I'm guessing multiparty ownership of a single UTXO would be a function of if-else statements if Key [1] does action, then Key [2] is output upon resolve condition and so on. The question is what if distribution contitions are so verbose that A) it bloats the timechain with "arbitrary" data or B) that spend conditions specified SEEM like they will send to Key[2] but really the secondary and tertiary conditions could be so complex that it does?

I understand the benefits of a Lightning pool with implications of payroll. The issue I see arising is to make that UTXO worth the CTV Pool, you would have a very large honey pot that if you could satisfy conditions of, you'd get a large chunk of quiche. How, without a punishment system does one monitor millions of outputs for closure? 

This is my absolute ignorance here (saved the best for last) How does one party close a channel and get final settlement in a CTV pool situation? How does one get their on-chain asset OUT of the coupon layer if all settlement conditions on the template haven't been fulfilled?

Thanks for your time and contributions of value to the Network of Freedom.