Optimistic payout in BitVM implementations like Citrea?

The core security mechanism of the "No one else can get out invalidly" protocol within Clementine's system relies on the verification process by signers. Before any optimistic withdrawal is finalized on Bitcoin, signers are required to verify the batch proof that contains the withdrawal. This verification step is crucial as it ensures that only valid withdrawals are processed.

A significant challenge arises when considering the implementation of a key-deletion covenant with BitVM bridges. The process would require signers to possess an authorization key to authorize their new key for each deposit. However, this approach reintroduces a vulnerability; if all N-of-N authorization keys are compromised, it becomes possible for an attacker to execute fake deposits and subsequently drain the bridge funds. This scenario underscores a persistent risk, similar in nature to potential attacks even if signers were to delete their keys after presigning.

Opting not to delete the keys post-signing, despite these risks, offers a better user experience (UX) without altering the underlying trust assumptions of the system. This balance between maintaining security protocols and ensuring user convenience is central to the design and operational philosophy of the system.