How does CTV help Bitcoin scale?

Author: Shinobi, Bitcoin Magazine; Compiler: Songxue, Golden Finance

OP_CHECK TEMPLATE VERIFY has once again become the focus of conversations about improving Bitcoin expansion. This time, more contract alternative designs are presented, as well as actual concrete designs that utilize CTV as a scaling solution (Timeout Tree and Ark). More in-depth concepts need to be considered, including alternatives that can be employed and specific recommendations that CTV can achieve.

One argument circulating in the anti-CTV camp is that "CTV cannot help Bitcoin scale." Let’s briefly explain, what this means is that CTV itself doesn’t scale Bitcoin, but you can build things with it. Okay, so that's not a coherent argument. Segwit does not scale Bitcoin. CHECK LOCK TIME VERIFY and CHECK SEQUENCE VERIFY do not scale Bitcoin. But the Lightning Network supported by these three proposals can indeed scale Bitcoin. They add significant overhead, pushing transaction throughput beyond the limits of the blockchain itself.

Without these base layer primitives, lightning would literally not exist. But the problem with the Lightning Network is that it can only scale the number of transactions it can handle. It does not in any way help improve the scalability of UTXO ownership, or increase the number of users who can control UTXOs. The Lightning Network is currently unable to do this with its current design and the current set of consensus primitives available in Bitcoin Script.

CTV can change that.

UTXOS and Virtual UTXOS

One of the shortcomings of the Lightning Network in terms of Bitcoin ownership scalability is , in order to open a channel or control a UTXO, you actually have to transact on the base layer. The Lightning Network can then facilitate a large number of off-chain transactions, but users still have to transact on-chain to join themselves to the Lightning Network. It greatly increases the number of transactions that Bitcoin can handle, but does nothing to increase the number of people who can own Bitcoin.

This is another big problem that CTV can help solve. Burak coined the term "virtual UTXO" in his Ark proposal, but I think this term is a perfectly general term with uses well beyond the scope of Ark. Virtual UTXOs are UTXOs that are committed to being created in the future through mechanisms such as pre-creation. The transaction has been signed, but has not actually been created on-chain. Bitcoin doesn’t have enough block space for everyone to create a single UTXO on the scale of the world’s population, but if the commitment process can scale, it’s definitely possible for people to have their own independent virtual UTXO.

The creation of an expanded commitment to vUTXO is the problem. Currently, there is no other way to create them other than using pre-signed transactions, which introduces a bottleneck that must be solved. The number of vUTXOs that can be submitted for any real UTXO is limited by the size of the multisig set used to sign those transactions. In order to create vUTXOs in a trustworthy manner, the owner of each vUTXO must be part of the multi-signature key that signed the transaction committing to create the vUTXO, otherwise they have no guarantee that conflicting transactions will not be generated, preventing them from claiming their vUTXO if necessary . The issue of coordinating signatures between each member of the collection introduces practical considerations that will ultimately severely limit the size that any vUTXO pool can grow. The only option is to have some trusted party or parties sign the transactions submitted to everyone's vUTXO and simply trust them not to steal those funds from the rightful owners.

CTV provides solutions to both problems. It solves the coordination problem by being able to non-interactively commit a set of future transactions in the same way as pre-signed transactions, but without requiring every owner of the vUTXOs created by those transactions to coordinate signatures. At the same time, since no one needs to interact, one person can assume the role of funding the CTV output dedicated to each person's vUTXO unfolding on-chain, and zero trust in that person is required after the funding transaction is confirmed. Once a real UTXO is confirmed in a block, those who funded it cannot undo or double-spend future transactions to which it has been committed.

Remember that vUTXO can be anything you want. It can be lightning channels, multi-signature scripts for cold storage, etc. CTV does something that the current form of Lightning does not, it scales the actual ownership of Bitcoin, not just the number of transactions it can handle.

Taking shortcuts

One of the other criticisms of CTV’s “inability to scale Bitcoin” is , by committing to future transactions you can't escape the need to eventually put them on-chain, so CTV doesn't actually help with scalability. I like to call this the “OP_IF fallacy.” That said, once people start talking about CTV, they forget that OP_IF exists, and the script can actually have multiple payout conditions to choose from.

Taproot's most powerful feature is the ability to build multi-signatures by adding two public keys together and signing them with a single aggregate signature, and selectively showing only those with multiple ways of using them A single "IF" branch of the script. Combined with CTV, this provides a very powerful way to leverage vUTXO commitments. Instead of purely using CTV to build transaction chains, they can be built with CTV spending paths buried within the taproot tree. At the end of the transaction chain are all individual vUTXOs owned by each participant, locked only to that user's public key. As you work your way back towards the root of the tree, each set of keys below any node in the tree can simply be added together and used as the Schnorr multi-signature key with the CTV spend path buried beneath it.

What this means is that at any point in the chain of transactions that unfolds on-chain and actually turns a vUTXO into a real UTXO, you can have every participant in the intermediate UTXO coordinate with each other and everyone Rather than simply letting the predefined transaction flow unfold, one can simply collaborate to sign a transaction, turning their vUTXO into a real transaction. This eliminates the need to actually unfold the entire set of transactions pre-committed to the chain, without introducing any trusted parties to rely on or weaken the security of each user's claim to their own vUTXO.

These two simple realities provide huge gains in Bitcoin’s scalability without compromising individual sovereignty or security, and to achieve them all we need is CTV.