CoinPool: A New Bitcoin Off-Chain Transaction Protocol

This article is from the official blog of BITMEX Research. In February 2022, Gleb Naumenko and AntoineRiard, recipients of donations to the Bitmex Bitcoin Development Fund, released a CoinPool white paper. Earlier versions of the project received less technical coverage in Bitcoin Magazine.

This article attempts to build some intuition about the CoinPool proposal by answering some questions. For slightly technical readers (those who know what a payment channel is) who lack the time or expertise to read the full paper. Hopefully this post will lead to more feedback from readers, either as a reply to a mailing list post or directly to Gleb at


What is CoinPool?

It is a protocol on Bitcoin: multiple Bitcoin users lock their funds in a UTXO, conduct off-chain transactions in this UTXO, and be able to unlock/withdraw their funds from the pool at any time.

A CoinPool instance can be seen as a multi-party payment channel with uplifting, which we will discuss below.

How will Bitcoin benefit from CoinPool?

CoinPool allows for more bitcoin payments with lower fees, instant confirmation and another privacy method.

Those who don’t use CoinPool get more block space from the money saved by CoinPool, which allows them to transact at a lower cost.

How does CoinPool compare to Lightning?

CoinPool uses block space more efficiently because users can make more payments before having to close the payment channel with an on-chain transaction. This is achieved by avoiding routing through the (Lightning) network, which results in better liquidity.

The main disadvantage of CoinPool is that every action (except withdrawals) requires the cooperation of all pool users. We aim to address this disadvantage through future research. In some cases, this problem has been solved by uplifting.

What is CoinPool uplifting?

CoinPool accounts can represent not just simple balances, but any Bitcoin protocol. The process of bringing a protocol instance into a CoinPool account is called uplifting.

For example, it could be a 2-user payment channel connected to the Lightning Network. In this case, payments between and from the two users to LN do not require the cooperation of other participants.

Uplift’s protocol instance follows a very similar threat model to its non-uplift version.

How does CoinPool compare to Channel Factories?

CoinPool and Channel Factories optimize LN in a similar way, by making more efficient use of block space.

Unlike CoinPool, exiting Channel Factories for one user forces all other users to leave, which greatly limits potential savings.

How does CoinPool compare to JoinPool?

JoinPool, the predecessor of CoinPool, does not support off-chain payment, uplifting, and introduces higher communication/storage overhead.

The main purpose of JoinPool is not scalability, but anonymity through coin mixing.

Is CoinPool available today?

No, the simplest version of CoinPool requires SIGHASH_ANYPREVOUT, which many expect will be the next Bitcoin soft fork. However, even this is not enough in practice: it cannot scale beyond 20 users and needs to have a uniform amount of balance.

What must be done to make CoinPool practical?

There are different ways to implement CoinPool. In addition to SIGHASH_ANYPREVOUT, our version of CoinPool requires SIGHASH_GROUP and OP_MERKLESUB. The former is currently being discussed by the Lightning Network community to solve their protocol problems, while the latter is a novel opcode proposed by our team.


This is a new opcode that enables covenants (rules restricting how certain bitcoins can be used). This opcode forces the output to be equal to the spent Taproot output, but the signing key has been removed from the Taproot tree and the Taproot internal public key.

In CoinPool, it allows non-cooperative withdrawals to preserve the remaining pool state.

Does OP_MERKLESUB work for something other than CoinPool?

Merkle tree subtraction may also be useful for other smart contracts, but we leave this direction for future research. OP_MERKLESUB is a bit special because it also enforces modification of the key path as well as the script path.

What else can be used to build CoinPool?

OP_CTV allows building payout pools with different tradeoffs, which we personally find less interesting than the OP_MERKLESUB design. Adding more generic opcodes on top of OP_CTV enables something very similar to CoinPool. OP_TLUV can be seen as an extended version of OP_MERKLESUB, but it requires more protocol design work to build a CoinPool-like protocol.

What’s next for CoinPool development?

One direction is to address major CoinPool limitations, high interactivity requirements. We’ve seen some solutions based on game theory or the minimum trust assumption, but we’re looking for a better solution.

At the same time, there are now many proposals for covenants and future soft forks (OP_CTV, OP_TLUV, OP_EVICT), and we should develop a framework to compare them to better understand the trade-offs and inform the ecosystem’s decisions going forward.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-03-24 10:19
Next 2022-03-24 10:24

Related articles