diff options
author | Ethan Heilman <ethan.r.heilman@gmail.com> | 2024-05-05 17:57:27 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-05 17:57:27 -0400 |
commit | cda34eef1c2543ece1205240f27e8d1cfffb336d (patch) | |
tree | e588c6afc85ffea7b02f832655cb1bac1cd50f0b /bip-0347.mediawiki | |
parent | f05e1627f93aa7d7af948545e0f65cd3ea041510 (diff) |
Improved accuracy of paragraph on OP_CAT's removal in 2010
Diffstat (limited to 'bip-0347.mediawiki')
-rw-r--r-- | bip-0347.mediawiki | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/bip-0347.mediawiki b/bip-0347.mediawiki index 0e19895..545ffbb 100644 --- a/bip-0347.mediawiki +++ b/bip-0347.mediawiki @@ -44,8 +44,12 @@ OP_CAT aims to expand the toolbox of the tapscript developer with a simple, modu * Vaults <ref>M. Moser, I. Eyal, and E. G. Sirer, Bitcoin Covenants, http://fc16.ifca.ai/bitcoin/papers/MES16.pdf</ref> which are a specialized covenant that allows a user to block a malicious party who has compromised the user's secret key from stealing the funds in that output. As shown in <ref>A. Poelstra, "CAT and Schnorr Tricks II", 2021, https://www.wpsoftware.net/andrew/blog/cat-and-schnorr-tricks-ii.html</ref> OP_CAT is sufficient to build vaults in Bitcoin. * Replicating CheckSigFromStack <ref>A. Poelstra, "CAT and Schnorr Tricks I", 2021, https://medium.com/blockstream/cat-and-schnorr-tricks-i-faf1b59bd298</ref> which would allow the creation of simple covenants and other advanced contracts without having to presign spending transactions, possibly reducing complexity and the amount of data that needs to be stored. Originally shown to work with Schnorr signatures, this result has been extended to ECDSA signatures <ref>R. Linus, "Covenants with CAT and ECDSA", 2023, https://gist.github.com/RobinLinus/9a69f5552be94d13170ec79bf34d5e85#file-covenants_cat_ecdsa-md</ref>. -The opcode OP_CAT was available in early versions of Bitcoin. However, OP_CAT was removed because it enabled the construction of a script whose evaluation could have memory usage exponential in the size of the script. -For example, a script that pushed a 1-byte value on the stack and then repeated the opcodes OP_DUP, OP_CAT 40 times would result in a stack value whose size was greater than 1 terabyte. This is no longer an issue because tapscript enforces a maximum stack element size of 520 bytes. +OP_CAT was available in early versions of Bitcoin. +In 2010, a single commit disabled OP_CAT, along with another 15 opcodes. +Folklore states that OP_CAT was removed in this commit because it enabled the construction of a script whose evaluation could have memory usage exponential in the size of the script. +For example, a script that pushed a 1-byte value on the stack and then repeated the opcodes OP_DUP, OP_CAT 40 times would result in a stack element whose size was greater than 1 terabyte assuming no maximum stack element size. As Bitcoin at that time had a maximum stack element size of 5000 bytes, the effect of this expansion was limited to 5000 bytes. +This is no longer an issue because tapscript enforces a maximum stack element size of 520 bytes. + ==Rationale== |