Taproot-native prevout binding via sighash preimage decomposition

The discussion revolves around a technical solution to enhance the functionality of BitVM bridges by binding two specific inputs, A and B, so they can only be spent together. This method addresses a previous limitation where bindings were made to scriptSig bytes rather than directly to the outpoint itself. The improved approach uses the sha_prevouts field from the sighash preimage as a binding mechanism, ensuring higher security and specificity in transactions.

In practical terms, the script developed for this purpose hardcodes the outpoint of input B within its code, which comprises approximately 36 bytes of raw data. When a transaction is attempted, the script computes a SHA256 hash of the concatenated outpoints of A (provided by the witness) and B (hardcoded). This hash must match the sha_prevouts segment extracted from the preimage. To ensure integrity across the transaction, a Schnorr signature is employed that satisfies both OP_CHECKSIG and OP_CHECKSIGFROMSTACK, confirming the legitimacy of the combined inputs.

Significant testing on the Bitcoin Inquisition signet has yielded positive results, demonstrating successful binding and spending of inputs A and B together while rejecting unauthorized transactions involving other unbound UTXOs, such as substituting input C for B. These tests, recorded on platforms like mempool.space, validate the robustness of the script against potential attacks and confirm its effectiveness in maintaining the integrity of input combinations at the consensus level.

This development not only enhances security but also introduces a generalizable method for sighash preimage decomposition, offering broader applications for various cryptographic challenges in blockchain technologies. The source code and further details about this implementation are available on GitHub, providing an open platform for additional evaluation and adaptation within the community.