Combined CTV/APO into minimal TXHASH+CSFS

The discussion revolves around the ongoing exploration into the optimization of hash-based transaction validation methods, particularly focusing on distinguishing the types of hashes suitable for signature verification from those applicable for simple comparison checks. This differentiation has spurred the development of an updated proposal aiming to harmonize the use of the ANYPREVOUT/NOINPUT hash style, which is instrumental in forming covenants and enabling dynamic binding. The dialogue includes considerations for soft forking both ANYPREVOUT (APO) and CHECKTEMPLATEVERIFY (CTV) as they currently stand. Despite the appeal of such forks, there's a consensus leaning towards refining APO by integrating it with a new hashing method distinct from the existing Tapscript version 0 key signature hashing.

There's an inquiry about awareness of any proposals or protocols that necessitate using a Tapscript version 1 key, where transactions could be signed with either SIGHASH_DEFAULT or one of the novel APO modes. This question underscores the necessity for a separate hashing mode tailored to the new Tapscript key version. Such a design would not only facilitate the specific needs of APO but could also be adapted for CTV usage, employing a 33-byte hash to discourage the misuse of pre-signed output covenants.

In crafting this new hashing mode, the proposal suggests establishing a default mode distinct from the current SIGHASH_DEFAULT. This new default would be more compatible with Tapscript version 1 keys, potentially conserving a byte in common signing scenarios. It's proposed that this default closely aligns with the signature-appropriate equivalent of CTV, ensuring that the hashes used for Tapscript version 1 keys and CTV are closely correlated. For further details, the draft of this thought process is available at this link.