bitcoin-dev

ColliderScript: Covenants in Bitcoin via 160-bit hash collisions

ColliderScript: Covenants in Bitcoin via 160-bit hash collisions

Original Postby Antoine Riard

Posted on: November 12, 2024 17:38 UTC

The paper in discussion introduces a novel approach towards cryptographic verification using an equivalence check mechanism between two sets of algorithms.

On one hand, traditional signature validation processes are utilized wherein signatures, after being verified as valid, are subjected to hash functions such as OP_SHA1 or OP_RIPEMD160. This involves leveraging the Schnorr signature scheme to manipulate a data-carrying transaction until its signature aligns with the SchnorrHash, facilitated by selecting specific public keys and nonces. Additionally, the process incorporates a "signature defragmentation" technique through 32-bits integers opcodes to ensure the integrity of the signature composition.

Conversely, the description touches upon re-implementing cryptographic operations within the Bitcoin script framework, simulating complex hash functions like blake3 through simpler script commands. This part of the methodology aims to execute basic cryptographic operations within the constraints of Bitcoin's scripting language, specifically catering to scenarios like p2tr tapscript spends where the script size is limited by the block size.

The core objective of the equivalence check is to identify a scenario where a variable y can be derived from both a comprehensive script (h_big_script) and a simplified script (h_small_script), ensuring that these outcomes are logically equivalent without direct comparison during script execution. This forms the basis for adjusting the data-carrying transaction until both scripts yield the same hash outcome for y, thereby passing the equivalence check. Following this, further validations related to signature restrictions and covenant checks can be performed within the 4MB weight limit of a block.

Security concerns are addressed with questions regarding potential vulnerabilities in this setup. The possibility of an adversary exploiting the predictability of certain transaction elements to find collisions more easily than anticipated is raised. Moreover, the risk of transaction data forgery, despite the equivalence check, is noted, suggesting enhancements to the protocol to mitigate such threats.

In summary, the paper proposes an innovative method for cryptographic verification in Bitcoin transactions, aiming to balance complexity and practicality within the scripting limitations. It opens discussions on security models and potential improvements, underlining the importance of robust testing and analysis in the development of cryptographic protocols.