From 337f5591504b0c8175d9c2690c23e93e71aa2df4 Mon Sep 17 00:00:00 2001
From: Jeremy Rubin <j@rubin.io>
Date: Sat, 21 Dec 2024 14:43:40 -0500
Subject: [PATCH] [BIP-0349] Add Re-Keying explanation to OP_INTERNALKEY

---
 bip-0349.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/bip-0349.md b/bip-0349.md
index acbf50eccf..2c497530ed 100644
--- a/bip-0349.md
+++ b/bip-0349.md
@@ -42,6 +42,25 @@ Note: The internal key must be the X coordinate of a point on the SECP256K1
 curve, so any such hash must be checked and modified until it is such an X
 coordinate. This will typically take approximately 2 attempts.
 
+### Re-Keying with Merkle Root Preservation
+
+Consider a program such `CTV <X> CSFS <S+1> CLTV`. Such fragments are useful for LN-Symmetry applications.
+
+Such a program would be embedded within a Taproot script path, such as `TR(X, {CTV <X> CSFS <S+1> CLTV})`.
+
+Were the internal key to be updated from `X` to `Y`, the resulting program would be: `TR(Y, {CTV <X> CSFS <S+1> CLTV})`.
+
+The key in the leaf and the key-path would be mismatched. Were `OP_INTERNALKEY` to be used,
+the leaf would automatically re-key.
+E.g., `TR(X, {CTV OP_INTERNALKEY CSFS <S+1> CLTV})` is equivalent to `TR(X, {CTV <X> CSFS <S+1> CLTV})`
+and `TR(Y, {CTV OP_INTERNALKEY CSFS <S+1> CLTV})` is equivalent to `TR(Y, {CTV <Y> CSFS <S+1> CLTV})`.
+
+While this particular example is contrived, the general technique of using `OP_INTERNALKEY`
+as updatable across an entire script tree is a helpful covenant primitive when it is desirable to
+invalidate signatures from prior states. For example, the theoretical `OP_TAPLEAFUPDATEVERIFY` opcode
+modifies the internal key directly to remove or add a participant, and `OP_INTERNALKEY` would ensure
+that the tweaked key is used from all script paths where desired.
+
 ## Reference Implementation
 
 A reference implementation is provided here: