I have never heard a lot about Graftroot within the context of the covenant/vault dialogue since across the time the Taproot tender fork was being finalized. The thought was initially posted on the bitcoin-dev mailing checklist in 2018 by Greg Maxwell. (An approachable explainer from Aaron van Wirdum is right here.)
David Harding lately posted an concept on utilizing Graftroot for vault restoration paths on X:
Would not a graftroot-like factor be a greater resolution? E..g, pay to a main musig keypath with a scriptpath possibility for a 1 yr CLTV for a secondary musig with a smaller set of signers. As 1 yr approaches, delegate (offchain) to a 2 yr CLTV for a brand new secondary musig with totally different keys. Have all the secondary musig signers for the 1 yr CLTV destroy their personal keys for it. If no less than one in every of them complies, the unique 1 yr CLTV is now not accessible and the two yr CLTV will change into spendable in a yr from current. Repeat every year.
Benefits: privateness and effectivity of taproot keypath spends within the regular case, extra environment friendly onchain than an equal BIP345 vault within the restoration case, and arbitrary adjustments to the scriptpath choices may be made offchain any time the first musig keypath signers can be found.
Are there any concrete the reason why Graftroot hasn’t been a part of the covenant/vault dialogue so far? Simply simpler to design and cause about primary, restricted opcodes? I did discover a dialogue on the bitcoin-dev mailing checklist discussing the complexity of Graftroot however that appears to be a critique of Taproot as a lot as a critique of Graftroot.
