I have never heard a lot about Graftroot within the context of the covenant/vault dialogue since across the time the Taproot smooth fork was being finalized. The concept was initially posted on the bitcoin-dev mailing checklist in 2018 by Greg Maxwell. (An approachable explainer from Aaron van Wirdum is right here.)
David Harding not too long ago posted an thought on utilizing Graftroot for vault restoration paths on X:
Would not a graftroot-like factor be a greater resolution? E..g, pay to a major musig keypath with a scriptpath choice for a 1 12 months CLTV for a secondary musig with a smaller set of signers. As 1 12 months approaches, delegate (offchain) to a 2 12 months CLTV for a brand new secondary musig with completely different keys. Have the entire secondary musig signers for the 1 12 months CLTV destroy their non-public keys for it. If at the very least certainly one of them complies, the unique 1 12 months CLTV is not accessible and the two 12 months CLTV will change into spendable in a 12 months from current. Repeat every year.
Benefits: privateness and effectivity of taproot keypath spends within the regular case, extra environment friendly onchain than an equal BIP345 vault within the restoration case, and arbitrary modifications to the scriptpath choices may be made offchain any time the first musig keypath signers can be found.
Are there any concrete the explanation why Graftroot hasn’t been a part of the covenant/vault dialogue to this point? Simply simpler to design and motive about primary, restricted opcodes? I did discover a dialogue on the bitcoin-dev mailing checklist discussing the complexity of Graftroot however that appears to be a critique of Taproot as a lot as a critique of Graftroot.
