niftynei on Nostr: the next post is here: ...
the next post is here:
quoting nevent1q…gy2uin the last post we talked about how we need introspection to make more restrictive statements about where bitcoin is allowed to be spent. for example, to only let the bitcoin be spent in a transaction that pays nifty 500k of the sats.
how do we make introspection happen in bitcoin scripts? there’s a couple of proposals, each one a bit more involved than the last. we’ll start with the simplest proposal, and work our way to the most complex.
the simplest is probably the least well known: op-tx. this opcode will take a flagset as its input. the flagset “flags” which parts of the tx should be added onto the stack. the interpreter will look at the flags, find that data in the tx, and then pull it in by putting it on the stack.
once the data is pushed onto the stack, you can make assertions about that data. for example, you could flag to op-tx to push the first output amount and script onto the stack. this would then let you check that the tx is sending at least 500k sats to nifty’s address.
op-tx is very simple, but powerful. there’s open questions about how to design the flags that refer to different parts of a transaction, as well as how expensive it can be to do operations on the data. could you maybe make a script that has too long of a run time because of having access to so much transaction data? there’s also issues with limited amounts of data being allowed onto the stack, which you might run into if the tx info is too big.
to try to alleviate concerns about access to too much data, op-txhash has been proposed.
txhash works similarly, in that it lets you define a flagset which points to different parts of the transaction. instead of pushing the data directly onto the stack, however, it instead hashes the data and pushes the resulting *hash* onto the stack.
so if i wanted to check that the first output of the transaction paid me 500k sats, i’d have to figure out the hash of that when writing the locking script. i’d then use op-txhash to push the hash of the first output onto the stack, and them compare that to the one i calculated when i first locked the coins up. instead of looking at data directly, we’re looking at hashes of data.
there are some downsides to using hashes. for example, this makes it impossible to do comparisons like “at least” 500k sats sent to nifty. you’d have to only accept txs that send exactly 500k sats.
using hashes has definite upsides though. you can verify a lot more information in a single check. for example instead of checking the amount and address separately, you’d check a single hash value that compares them both. this also saves space, and reduces the number of checks that need to be done.
which brings us to op-ctv. op-ctv is an opinionated version of op-txhash. instead of allowing you to choose what set of fields from a tx you want to hash and check against, it picks a fixed set of data from the tx that goes into the hash. this means you need a better understanding of exactly what the tx your bitcoin will be spent in to use ctv. you can’t just compare the first output’s hash, for example.
op-ctv stands for “check template verify”; the “template” in this case is the fixed set of fields in a tx that will be hashed together.
one downside to using op-ctv is that you can’t change the amounts or outputs in the spending tx, which makes it more difficult to add fees later to ensure the tx can be mined.
ok that’s a good stopping point for the “simple” hash and direct access proposals for introspection opcodes in bitcoin scripting.
in the next post we’ll look at the craziest way that introspection can be added to bitcoin: op-cat 🐱
enjoying this series about covenant proposals? learn more about how txs work with base58btc (npub1vmp…xhm7) online classes 👌
Read more about TXHASH and how it relates to CTV/TX here: https://delvingbitcoin.org/t/draft-bip-for-op-txhash-and-op-checktxhashverify/121
Original proposal for op-tx is here: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-May/020450.html
Op-ctv you can find out more about on the Bip119: https://github.com/bitcoin/bips/blob/master/bip-0119.mediawiki