Proposal: OP_STARK_VERIFY - Native STARK Proof Verification in Bitcoin Script

The discussion raises pertinent issues regarding the application of cryptographic proofs in facilitating permissionless exits from multiparty systems, specifically within the context of blockchain technology and smart contracts. The core concern revolves around the potential for the misuse of proofs in unauthorized transactions, highlighting a vulnerability in the current method where a proof, once generated, is not inherently bound to a specific transaction. This loophole could allow actors to repurpose a proof for different transactions, thereby enabling actions like replacing an original transaction while it's still in the mempool or using the proof in subsequent transactions or against distinct UTXOs encumbered with identical scripts.

A suggested solution to mitigate this risk involves incorporating public parameters into the proof that are directly linked to the transaction in question. Two methodologies are proposed for achieving this tighter coupling between a proof and its intended transaction. The first approach recommends including the sighash (signature hash) of the transaction within the public parameters of the proof. This inclusion would facilitate an assertion check to confirm that the sighash matches that of the current transaction, ensuring the proof's applicability solely to the intended transaction. Alternatively, the second approach draws on a technique utilized in CAT (Covenants, Assertions, and Triggers) scripts involving Schnorr signatures. It suggests creating a signature over the transaction using a private key set to 1, which can then be validated against the transaction using the generator point G as the public key. By employing a CHECKSIG operation, this strategy offers a generic mechanism to securely associate a STARK (Scalable Transparent ARgument of Knowledge) proof with a transaction, effectively preventing the reuse of proofs across unintended transactions.

These proposals aim to enhance the security and integrity of transactions in multiparty systems by ensuring cryptographic proofs cannot be misappropriated. Implementing such measures would significantly bolster the reliability of permissionless exits, safeguarding against potential vulnerabilities and misuse.