OP_CAT was Re: Continuing the discussion about noinput / anyprevout

The bitcoin-dev mailing list discusses the proposal for an OP_SHA256STREAM that would use the streaming properties of a SHA256 hash function to allow concatenation of unlimited data, as long as it is only used for hashing. The proposed usage of this operator involves starting a new hash with an item, adding an item to the hash in state, and finalizing the hash. However, the simplest implementation of this proposal would expose raw SHA256 midstates, allowing people to use them directly and potentially compromising security. This issue arises because SHA256 is not designed to be used in situations where adversaries control the initialization vector. While there is no detailed analysis available on this matter, experienced cryptographers have already proposed designs that fall victim to this attack. Therefore, the proposal for OP_SHA256STREAM raises concerns and discourages encouraging such attacks.