That is the fifth article in a sequence deep diving into particular person covenant proposals which have reached some extent of maturity meriting an in-depth breakdown.
OP_CAT, put ahead for reactivation in tapscript by Ethan Heilman and Armin Sabouri in BIP 347, is just not a covenant. It was an opcode that was initially included within the first launch of Bitcoin for manipulating information parts on the stack. It was deactivated in 2010 with the discharge of Bitcoin 0.3.10 together with numerous different opcodes attributable to issues of denial of service assaults that would crash nodes. A world most restrict of 520 bytes for any particular person merchandise on the stack whereas executing a script was additionally added.
It’s best to have already got a primary understanding of how script analysis on the stack works, and the fundamental items of a bitcoin transaction, so there isn’t actually a lot pre-requisite explaining crucial for OP_CAT.
Whereas OP_CAT might not be a covenant in and of itself, it could actually emulate covenants attributable to a quirk in how Schnorr signatures work. This can be a fairly in depth matter, totally defined right here by Andrew Poelstra from Blockstream, so I’ll simply keep on with a excessive degree view. Each elliptic curve has a generator level, which is actually “0”, that’s used within the elliptic curve math for key era and signing. With Schnorr, you possibly can signal utilizing the generator level as a key, and provides or take a couple of bytes that you must signal repeatedly to get proper, the ensuing signature is definitely the identical hash of the transaction you signed.
Put aside the mechanics of how that works mathematically for now, and simply keep in mind for later that these “weird” signatures mean you can get the present transactions TXID on the stack.
How OP_CAT Works
OP_CAT takes the highest two information gadgets on the stack and concatenates them collectively. So if the highest two gadgets on the stack are “1” and “2”, OP_CAT removes each of them after which places “12” on prime of the stack. That’s it.
What Is OP_CAT Helpful For
Okay, so what’s the large deal? Why is everybody freaking out about OP_CAT although it’s so easy the reason of the way it works didn’t even take a full paragraph to write down?
Two causes, though given the character of OP_CAT I may give no ensures these are the one two causes. OP_CAT permits the development and verification of merkle timber straight on the stack, which opens the door to some fascinating habits and performance. It additionally permits emulation of covenants enabling full granular introspection because of the “weird” Schnorr signatures talked about above.
Merkle proof verification is a key part of Taproot, however the best way it’s carried out merkle tree verification solely happens within the context of verifying {that a} tapscript spending path is dedicated to within the root Schnorr public key within the output script of the coin being spent. Taproot doesn’t help generic merkle proof verification.
OP_CAT permits this in a completely generic method. Merely offering the leaf hash(es) after which inside hash nodes in the appropriate order and calling OP_CAT successively will mean you can reconstruct a merkle root hash, and evaluate towards a pre-defined hash within the script. You would do that to offer unilateral withdrawal paths for shared UTXOs like in CatVM, you would make transactions depending on different transactions having been included in a block with legitimate work, you can also make a transaction depending on just about any situation that may be verified with a merkle proof.
Now, for the covenant emulation that allows full introspection. What you are attempting to do is be certain that a transaction has to have sure traits to be legitimate. Bear in mind now that the “weird” signature will get the hash of the transaction on the stack. A transaction signature isn’t really achieved over the uncooked transaction, it’s achieved over its hash. This permits us to do one thing fascinating.
You possibly can assemble very difficult and convoluted scripts utilizing OP_CAT to take the person uncooked items of the transaction as a part of the witness, and slowly put them collectively on the stack with OP_CAT. Alongside the best way, particular person items of the transaction may be checked towards predefined hashes by simply hashing them and utilizing OP_EQUAL. On the finish of the script you’ve the complete transaction on the stack itself, and may append the mandatory information to it after which hash it, as soon as once more evaluating it with OP_EQUAL, this time towards the “weird” signature. If that verify passes, a traditional CHECKSIG may be run and so long as the “weird” signature was made with the transaction being spent, every part executes as legitimate.
The OP_EQUAL checks of particular person items of the transaction alongside the best way assure that these items of the transaction are precisely what they need to be. If any of them fails verification, the transaction is invalid. This enforces the emulated covenants. On the finish, if the transaction hash constructed with OP_CAT and the “bizarre’ signature match, then the ultimate CHECKSIG ensures that the transaction constructed with OP_CAT and checked towards the emulated covenant matches the precise transaction being spent on the time.
Closing Ideas
OP_CAT blows open the doorways of introspection and ahead information carrying utterly. Introspection may be completed to any granular diploma desired, with every particular person discipline of the transaction with the ability to be independently dedicated to. It allows all the identical introspective capabilities that TXHASH does, after which some.
The aptitude to confirm generic merkle proofs can be a robust performance, however brings into query how that functionality might be used, and what sort of incentives that would create. Bitcoin scripts may very well be constructed requiring some transaction be made on exterior blockchain techniques, so long as they use merkle timber constructed with the hash features out there in Bitcoin script.
Whereas OP_CAT is itself not a covenant, it permits full emulation of covenants with a a lot much less environment friendly blockchain footprint (and potential for builders to make errors and burn cash). It’s a proposal that regardless of being extremely easy itself, needs to be approached cautiously given the large design house it opens up.
