The path to general computation on Bitcoin (with OP_CAT)

The OP_CAT opcode, although currently disabled in Bitcoin's script, holds significant potential for enabling both covenants and STARKs within the Bitcoin ecosystem. This opcode's primary function is to concatenate elements on the stack, a seemingly simple operation that carries profound implications for Bitcoin's functionality and versatility.

STARKs, or Scalable Transparent ARgument of Knowledge, benefit directly from the ability to concatenate data, as their operational foundation largely consists of concatenating data and then hashing it. This process aligns well with Bitcoin's native scripting capabilities, especially considering that hashing operations are already supported. Two critical hashing operations highlighted in the use of STARKs include Merkle path verification and the Fiat-Shamir transform. The Circle-STARK variant, which operates within a 31-bit field size, fits comfortably within the four-byte restriction imposed by Bitcoin script, making it an algorithm compatible with the Bitcoin framework.

Covenants on Bitcoin represent another application area significantly impacted by the OP_CAT opcode. Andrew Poelstra's insights in 2021 shed light on how OP_CAT could facilitate the implementation of covenants through a method known as the Schnorr trick. This trick applies to Pay2Taproot output types, utilizing Schnorr's algorithm for digital signatures. For other output types, an analogous ECDSA trick can be employed, as noted by Robin Linus. The essence of enabling covenants lies in the use of OP_CHECKSIG, the sole opcode capable of pushing spender transaction-related data onto the stack. Through specific manipulations, access to all necessary data can be achieved, highlighting a pathway to implementing covenants within the Bitcoin network.

Furthermore, enhancements like LNhance propose the possibility of integrating both covenants, through techniques such as CTV and CSFS, and multi-commitments via PAIRCOMMIT. However, these advancements stop short of offering functional STARK proofs, leading to speculation about whether the act of concatenation itself may be the missing element in realizing full functionality.

The discussions around OP_CAT, STARKs, and covenants underscore a broader narrative about Bitcoin's evolving script capabilities. By examining the potential unlocked by seemingly straightforward operations like concatenation, one can appreciate the depth of innovation and technical sophistication that continues to drive the development of Bitcoin and its underlying technologies.