bitcoin-dev

ColliderScript: Covenants in Bitcoin via 160-bit hash collisions

Original Postby Ethan Heilman

Posted on: November 7, 2024 17:44 UTC

The recent publication introduced by the team focuses on a novel method for creating and spending covenants in Bitcoin without necessitating soft forks, leveraging Tapscript.

This technique allows for the construction of covenants with the same ease as generating a transaction with Pay-to-Witness-Script-Hash (P2WSH) output but highlights the complexity involved in spending these covenants. The process requires an enormous computational effort, equivalent to ~2^86 hash calls to SHA-1 and RIPEMD-160, surpassing the current computational demand for mining a Bitcoin block, which stands at ~2^78.3 hash calls to SHA256x2. This indicates that covenant spending would necessitate computational resources comparable to what the entire Bitcoin network expends over approximately 33 hours. Given the substantial computational requirements, the practical deployment of such covenants might be contingent upon the development of specialized ASICs.

The methodology employed for these covenants is not aimed at replacing the covenant opcode due to its high computational cost and the inherent limitations related to transaction size. Transactions implementing this approach are likely to approach, but not exceed, 4MB, the maximum permissible size for Bitcoin transactions, even when optimized for efficiency. This balancing act between computational cost and transaction size underscores the inherent trade-offs in the design of these covenants.

A significant aspect of this innovation is its capacity to facilitate arbitrary computation within the constraints of Bitcoin's transaction data, restricted only by the circuit size that can be accommodated within a 4MB transaction. An interesting application discussed involves using Tapscript for Lamport signatures, which could theoretically enable Bitcoin transactions to withstand the advent of quantum computing by allowing users to spend their coins despite potentially catastrophic cryptographic vulnerabilities. This use case exemplifies the broader potential of the proposed technique beyond mere covenants.

The paper delves into the technicalities of constructing equivalence checks within Bitcoin scripts, a task that explores the boundaries of Bitcoin's scripting capabilities. By introducing a novel function, dGen, the authors demonstrate how to bridge the gap between the conventional Bitcoin script (Big Script) and their optimized version (Small Script), enabling the validation of transaction conditions that were previously impractical. This breakthrough forms the foundation for enforcing covenants on the blockchain, showcasing a method to bind specific conditions to Bitcoin transactions in a manner that was hitherto unachievable without significant computational overhead.

For a more detailed exploration of this subject, including the underlying algorithms and their implications for Bitcoin's future development, readers are encouraged to consult the full paper available at colliderscript.co/colliderscript.pdf.