On the time of writing (January 2022) there appears to be little or no analysis with direct comparisons on the utility and security of various methods to allow the development of assorted vault designs. Certainly the covenant opcode TAPLEAF_UPDATE_VERIFY was solely proposed to the bitcoin-dev mailing listing in September 2021 and there aren’t any implementations of it as but not to mention detailed analyses of the way it compares to developing vaults utilizing SIGHASH_ANYPREVOUT or OP_CHECKTEMPLATEVERIFY. The mailing listing put up did counsel that it allows a vault design that matches a earlier vault design of Bryan Bishop with further advantages:
It is absolutely recursive, permits withdrawals to differ moderately than be the
fastened quantity L (as a result of not counting on pre-signed transactions), and
usually appears a bit easier to work with.
Jeremy Rubin initially described OP_CHECKOUTPUTSHASHVERIFY (which turned OP_CHECKTEMPLATEVERIFY) as a “rudimentary, restricted type of covenant which doesn’t bear the identical technical and social dangers of prior covenant designs”. This implies that for vaults particularly the design house could also be extra restricted utilizing OP_CHECKTEMPLATEVERIFY.
Andrew Poelstra has blogged on how you can use OP_CAT and OP_CHECKSIGFROMSTACK to assemble covenants and vaults (1, 2). These would allow extra generalized covenants than OP_CHECKTEMPLATEVERIFY doubtlessly growing the design house for vaults however with the downsides of being much less environment friendly and arguably riskier. There does appear to be a direct danger/reward trade-off right here when trying to broaden the design house for vaults and it’s tough to evaluate the place on the spectrum is the potential optimum given how few vault prototypes there are not to mention absolutely constructed out implementations of these prototypes.
The solitary paper that has in contrast constructing vaults utilizing OP_CHECKTEMPLATEVERIFY and SIGHASH_ANYPREVOUT on the time of writing is Bitcoin Covenants: Three Methods to Management the Future.
This paper mentioned three classes of vault design: deleted key (no consensus adjustments required however inferior safety mannequin), recovered key (requires BIP 118 consensus change, superior safety mannequin) and script based mostly (requires BIP 119 consensus change, superior safety mannequin).
It said:
Recovered-key and script-based covenants are largely functionally equal and
so the benefits that recovered-key covenants have over deleted-key covenants additionally applies to Script-based covenants. If
both have been enabled by their required soft-fork improve then a brand new area of sensible covenant-based protocols may emerge.
Understanding exactly what utility is gained from such upgrades is vital to their progress.
The paper concluded by stating:
Bitcoin is a fancy adaptive system with many interacting components and
there are systemic dangers with each modification of bitcoin’s
code-base and protocol. It’s tough to analyse these dangers and it
can be hubris to assert that there aren’t any unknown dangers being
launched.
I do know some will disagree together with most probably BIP 119’s creator (Jeremy Rubin) however it seems that on each the utility axis and the security axis there seems to be much more exploration and evaluation to do to converge on a software or set of instruments to allow the development of vaults on Bitcoin mainnet which would not quickly afterwards be assessed to be suboptimal. We then get right into a excessive stage dialogue of whether or not we must always see Bitcoin mainnet as a testbed for brand spanking new use circumstances which will or might not work out or whether or not we must always see Bitcoin mainnet as a spot the place consensus adjustments are made when there’s robust confidence that these adjustments will stand the check of time on each the utility and security axes. Personally I lean in the direction of the latter however that’s a whole different dialogue in itself.
April 2023 replace
There’s now an extra paper authored by James O’Beirne on “Vaults and Covenants” and a draft BIP (BIP 345) which introduces new opcodes together with OP_VAULT. James has a demo vault utilizing OP_CTV and darosior has constructed that very same vault utilizing ANYPREVOUT as an alternative on the expense of further digital bytes.