These two building blocks are enough to facilitate a unilateral withdrawal mechanism from a group shared UTXO. A merkle root can be embedded in a transaction using OP_RETURN or another mechanism that commits to a leaf node for each user. The UTXO script can be structured so that any user with a balance can attempt to withdraw it. To do so they would provide the merkle branch committing to the amount they are entitled to, the authorization proof such as a public key to check a signature against, and construct the transaction on the stack to verify the appropriate conditions are met. <\/p>\n

Similar to Rijndael\u2019s OP_CAT vault, this withdrawal transaction would function as a staging point. User funds would be restricted by a timelock, and they would not be capable of completing the withdrawal until it expires. At any time before the timelock expires, any other user can create a fraud proof to stop the withdrawal and shove funds back into the group UTXO script. They can do this because of OP_CAT\u2019s ability to verify merkle trees. If someone has used a specific merkle branch to withdraw funds from the UTXO before, then that was included in a block somewhere. By constructing a transaction containing the SPV proof of that transaction inside an actual block, which can use OP_LESSTHANOREQUAL to verify the blockheader meets some minimum difficulty, they can prove on the stack<\/em> that the merkle branch was used before. This allows duplicate withdrawals to be prevented. <\/p>\n

In addition to this, because you can use the \u201cCAT on the stack\u201d trick to ensure specific pieces of a previous transaction must be included in the next, you can guarantee that the current merkle root is carried forward into the next transaction after a successful withdrawal. You can also guarantee that change from the withdrawal goes back into the group sharing script. This guarantees that after one user withdraws their funds, the change UTXO is locked with a script that allows any remaining user to withdraw, and so on. Any user can unilaterally withdraw their funds at any time in any order, with the guarantee that the remainder of funds are still accessible to the rest of the users. <\/p>\n

The VM Part<\/h2>\n

Readers should be familiar with the basic idea of BitVM. You can take an arbitrary computation and break it up into each of its constituent pieces and embed them in a large taproot tree, turning that computation into a back and forth challenge\/response game. This allows you to lock bitcoin with more complicated conditions than is directly supported by bitcoin script itself. The only real shortcoming is the need to craft a massive amount of pre-signed transactions to facilitate this. <\/p>\n

The requirement to use pre-signed transactions is so that in the challenge\/response dynamic, you can guarantee that coins are spent back into the large taproot tree encoding it unless an exit condition one way or the other is reached. OP_CAT and the ability to \u201ccarry forward\u201d data from previous transactions allows you to guarantee that without needing pre-signed transactions. <\/p>\n

So not only does this scheme allow any user to unilaterally exit on their own, it also allows locking conditions supported by a second layer that are not supported by Bitcoin script to actually be enforced in the withdrawal process. I.e. if some coins were encumbered by a smart contract the base layer doesn\u2019t understand, and then withdrawn from the second layer, those more complicated conditions could still be settled correctly on the base layer as the coins are withdrawn. <\/p>\n

The Missing Piece<\/h2>\n

One thing that OP_CAT does not enable is updating a merkle tree root representing user balances off-chain verifiably. It can enable an already committed state to facilitate unilateral withdrawals, but that is because a whole section of the tree is actually put on-chain and verified. To update that root off-chain by definition means you are not putting the data on-chain. This represents a problem. There is no way with just CAT to efficiently verify that all changes to the merkle tree were authorized properly by the relevant users. <\/p>\n

Someone(s) has to be trusted, and by the nature of things capable of spending the UTXO however and wherever they want, to efficiently replace an old state root with a new one to represent all off-chain balance changes. A new opcode in addition to OP_CAT, such as OP_ZKVERIFY, would be needed to do this in a trustless manner. <\/p>\n

This wouldn\u2019t be the end of the world without OP_ZKVERIFY though. The entity updating the merkle root for off-chain transfers could be an n-of-n multisig, with 100% of the participants required to sign off on any root changes. This boils down to the same trust model as BitVM based pegs, where as long as a single honest participant exists, no one’s funds can be stolen. It is a stark improvement over existing BitVM designs however when it comes to the withdrawal process. <\/p>\n

In BitVM pegs, users do not have a unilateral withdrawal mechanism. Peg operators must be trusted to fulfill user withdrawals, knowing that they can claim back funds they have spent doing so relatively trustlessly from the BitVM peg. While the incentives of this are very solid, it still does require users essentially getting permission from someone else to exit the system, they cannot do it on their own. With CatVM, users can claim back their funds unilaterally, and an operator is not required to front their own liquidity to process withdrawals. <\/p>\n

Wrapping Up<\/h2>\n

Overall, the design is incomplete in terms of construction. This is not something I would call a Layer 2 in and of itself. It is the core of one, the mechanism and structure for how funds are locked into a Layer 2, and the process for how users can withdraw their funds. It definitely has a lot of flexibility and usefulness to it. <\/p>\n

In the worst case scenario, users do not need anyone\u2019s permission to safely claim their funds back on-chain. It also allows more flexible programmability of funds, while still carrying the enforcement of those conditions to the base layer in the event of worst case unilateral exits. If one day we do eventually get something like OP_ZKVERIFY, the off-chain state progression can become an actually trustless process. <\/p>\n

I don\u2019t expect any concrete demos in the near future, but it definitely is a sound idea in my opinion, and something worth considering. It also shows that the wizards are doing a little more than just pumping stupid jpegs.\u00a0<\/p>","protected":false},"excerpt":{"rendered":"

Taproot Wizards released a cartoon yesterday called CatVM. I will not refer to it as a whitepaper, those are real academic documents for adults. In the cartoon, interspersed amongst the absurd childish narratives, were a few valuable technical insights regarding different scaling proposals in the Bitcoin ecosystem. Of course, in true cartoon fashion, buried between […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-24600","post","type-post","status-publish","format-standard","hentry","category-crypto-news"],"_links":{"self":[{"href":"https:\/\/bitcoins-101.com\/wp-json\/wp\/v2\/posts\/24600","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoins-101.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoins-101.com\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoins-101.com\/wp-json\/wp\/v2\/comments?post=24600"}],"version-history":[{"count":0,"href":"https:\/\/bitcoins-101.com\/wp-json\/wp\/v2\/posts\/24600\/revisions"}],"wp:attachment":[{"href":"https:\/\/bitcoins-101.com\/wp-json\/wp\/v2\/media?parent=24600"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoins-101.com\/wp-json\/wp\/v2\/categories?post=24600"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoins-101.com\/wp-json\/wp\/v2\/tags?post=24600"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}