That is the fifth article in a collection deep diving into particular person covenant proposals which have reached a degree of maturity meriting an in-depth breakdown.
OP_CAT, put ahead for reactivation in tapscript by Ethan Heilman and Armin Sabouri in BIP 347, will not be a covenant. It was an opcode that was initially included within the first launch of Bitcoin for manipulating knowledge components on the stack. It was deactivated in 2010 with the discharge of Bitcoin 0.3.10 together with quite a lot of different opcodes attributable to issues of denial of service assaults that would crash nodes. A world most restrict of 520 bytes for any particular person merchandise on the stack whereas executing a script was additionally added.
You need to have already got a primary understanding of how script analysis on the stack works, and the essential items of a bitcoin transaction, so there isn’t actually a lot pre-requisite explaining obligatory for OP_CAT.
Whereas OP_CAT might not be a covenant in and of itself, it might emulate covenants attributable to a quirk in how Schnorr signatures work. This can be a fairly in depth matter, totally defined right here by Andrew Poelstra from Blockstream, so I’ll simply persist with a excessive degree view. Each elliptic curve has a generator level, which is basically “0”, that’s used within the elliptic curve math for key technology and signing. With Schnorr, you possibly can signal utilizing the generator level as a key, and provides or take a number of bytes that it’s important to signal repeatedly to get proper, the ensuing signature is definitely the identical hash of the transaction you signed.
Put aside the mechanics of how that works mathematically for now, and simply keep in mind for later that these “bizarre” signatures will let you get the present transactions TXID on the stack.
How OP_CAT Works
OP_CAT takes the highest two knowledge gadgets on the stack and concatenates them collectively. So if the highest two gadgets on the stack are “1” and “2”, OP_CAT removes each of them after which places “12” on high of the stack. That’s it.
What Is OP_CAT Helpful For
Okay, so what’s the massive deal? Why is everybody freaking out about OP_CAT despite the fact that it’s so easy the reason of the way it works didn’t even take a full paragraph to jot down?
Two causes, though given the character of OP_CAT I may give no ensures these are the one two causes. OP_CAT permits the development and verification of merkle bushes immediately on the stack, which opens the door to some attention-grabbing conduct and performance. It additionally permits emulation of covenants enabling full granular introspection because of the “bizarre” Schnorr signatures talked about above.
Merkle proof verification is a key part of Taproot, however the best way it’s applied merkle tree verification solely happens within the context of verifying {that a} tapscript spending path is dedicated to within the root Schnorr public key within the output script of the coin being spent. Taproot doesn’t help generic merkle proof verification.
OP_CAT permits this in a very generic method. Merely offering the leaf hash(es) after which inside hash nodes in the best order and calling OP_CAT successively will will let you reconstruct a merkle root hash, and examine in opposition to a pre-defined hash within the script. You possibly can do that to offer unilateral withdrawal paths for shared UTXOs like in CatVM, you might make transactions depending on different transactions having been included in a block with legitimate work, you can also make a transaction depending on just about any situation that may be verified with a merkle proof.
Now, for the covenant emulation that permits full introspection. What you are attempting to do is be sure that a transaction has to have sure traits to be legitimate. Bear in mind now that the “bizarre” signature will get the hash of the transaction on the stack. A transaction signature isn’t really carried out over the uncooked transaction, it’s carried out over its hash. This enables us to do one thing attention-grabbing.
You may assemble very sophisticated and convoluted scripts utilizing OP_CAT to take the person uncooked items of the transaction as a part of the witness, and slowly put them collectively on the stack with OP_CAT. Alongside the best way, particular person items of the transaction might be checked in opposition to predefined hashes by simply hashing them and utilizing OP_EQUAL. On the finish of the script you might have the complete transaction on the stack itself, and may append the mandatory knowledge to it after which hash it, as soon as once more evaluating it with OP_EQUAL, this time in opposition to the “bizarre” signature. If that test passes, a traditional CHECKSIG might be run and so long as the “bizarre” signature was made with the transaction being spent, every little thing executes as legitimate.
The OP_EQUAL checks of particular person items of the transaction alongside the best way assure that these items of the transaction are precisely what they need to be. If any of them fails verification, the transaction is invalid. This enforces the emulated covenants. On the finish, if the transaction hash constructed with OP_CAT and the “bizarre’ signature match, then the ultimate CHECKSIG ensures that the transaction constructed with OP_CAT and checked in opposition to the emulated covenant matches the precise transaction being spent on the time.
Closing Ideas
OP_CAT blows open the doorways of introspection and ahead knowledge carrying fully. Introspection might be completed to any granular diploma desired, with every particular person subject of the transaction with the ability to be independently dedicated to. It allows all the identical introspective capabilities that TXHASH does, after which some.
The aptitude to confirm generic merkle proofs can also be a robust performance, however brings into query how that functionality can be used, and what sort of incentives that would create. Bitcoin scripts might be constructed requiring some transaction be made on exterior blockchain methods, so long as they use merkle bushes constructed with the hash features accessible in Bitcoin script.
Whereas OP_CAT is itself not a covenant, it permits full emulation of covenants with a a lot much less environment friendly blockchain footprint (and potential for builders to make errors and burn cash). It’s a proposal that regardless of being extremely easy itself, needs to be approached cautiously given the large design area it opens up.
