[bitcoin-dev] [Bitcoin Advent Calendar] Oracles, Bonds, and Attestation Chains

[ZmnSCPxj]

Good morning Jeremy,

> Today's post is pretty cool: it details how covenants like CTV can be used to improve on-chain bitcoin signing oracles by solving the timeout/rollover issue and solving the miner/oracle collusion issue on punishment. This issue is similar to the Blockstream Liquid Custody Federation rollover bug from a while back (which this type of design also helps to fix).
>
> https://rubin.io/bitcoin/2021/12/17/advent-20/
>
> It also describes:
> - how a protocol on top can make 'branch free' attestation chains where if you equivocate your funds get burned.
> - lightly, various uses for these chained attestations
>
> In addition, Robin Linus has a great whitepaper he put out getting much more in the weeds on the concepts described in the post, it's linked in the first bit of the post.

Nice, bonds are significantly better if you can ensure that the bonder cannot recover their funds.
Without a covenant the best you could do would be to have the bonder risk loss of funds on equivocation, not have the bonder actually definitely lose funds.

We should note that "equivocate" is not "lie".
An oracle can still lie, it just needs to consistently lie (i.e. not equivocate).

As an example, if the oracle is a signer for a federated sidechain, it could still sign an invalid sidechain block that inflates the sidecoin supply.
It is simply prevented from later denying this by signing an alternative valid sidechain block and acting as if it never signed the invalid sidechain block.
But if it sticks to its guns, then the sidechain simply stops operation with everyone owning sidecoins losing their funds (and if the oracle already exited the sidechain, its bond remains safe, as it did not equivocate, it only lied).

Regards,
ZmnSCPxj