The canonical bridge post essentially suggested a way to authenticate that a UTXO belongs to some “covenant chain”. A natural continuation of this would be to standardize the idea of a covenant and to allow authenticating it with some identity, in a way which is authorized by L1. One use-case for such standardization would be async message passing between covenants/rollups where L1 will certify the sender identity. It could also simplify the implementation of a delegation script such as the one described in the post.
A reoccurring theme of covenant scripts is that they maintain some static part of the script (e.g., CANON, PROG) throughout time, while other parts mutate and represent the covenant dynamic state.
I propose that a covenant script will contain a script-header specifying a mask which will allow to extract the static part of the script. This can be done by specifying masking ranges (e.g., ignore bytes 22-45) or by inserting special markers within the script itself (the latter is useful if the dynamic parts are also dynamic in size).
Another complementing operation would be hashing the header/markers along with the static parts they signify, such that any script following the covenant will hash to the same “covenant identifier”.
I can see two immediate use-cases for such a mechanism.
- Async message passing: a covenant transaction (proof transaction in the rollup context), can contain a payload marked with a special
SYSTEMprefix indicating that L1 authorized this payload. The payload will include a sender field with the sender id, and the message itself. L1 will verify (as a transaction acceptance rule), that the sender id corresponds to the standard covenant identifier of one of the spent input scripts. This means that other rollups interested in messages from this sender will only need to follow such messages (as long as they performed a one-time check/audit verifying that the underlying covenant is well-formed and cannot be forged) - Delegation scripts: the standardization essentially captures the notion of “well-formed” defined in the linked post. The
DELEGATEscript can thus be simplified to verify that the primary input has the desired covenant identifier.