bitcoin-dev

ColliderScript: Covenants in Bitcoin via 160-bit hash collisions

ColliderScript: Covenants in Bitcoin via 160-bit hash collisions

Original Postby Antoine Riard

Posted on: November 25, 2024 03:42 UTC

The correspondence delves into the intricacies of a cryptographic method used within blockchain protocols, specifically focusing on the verification process involved in transaction security and integrity.

The primary discussion revolves around a technique for proving the equivalence of transactions (denoted as y(y1 = y2)) within both large and small scripting languages, which is central to ensuring that once a transaction output containing a lock script is confirmed on the blockchain, it cannot be altered by even the covenant creator. This process is crucial for maintaining the immutability of transactions, a core principle in blockchain technology.

Further examination is given to the implementation details of this method within the context of multi-party colliderscript-based vault protocols. It's emphasized that all participants should verify the soundness of the transaction equivalence before engaging with the protocol, such as staking more coins or conducting swaps. This pre-engagement verification serves as a security measure to prevent potential breaches.

Questions are raised about the necessity and functionality of duplicating certain variables (w and t) on the script stack, pointing to a possible redundancy if the signature verified by the larger script suffices for breaking down the data payload into the smaller script's 32-bit inputs. This inquiry leads to a broader discussion on the parameters defined in a section of the paper concerning Bitcoin equivalence tester sets, highlighting ambiguities regarding their role and definition.

Additionally, the conversation touches on the concept of transaction staticness and the potential for introducing randomness into transaction signatures to achieve semantically equivalent transactions—a topic that raises questions about the efficiency of existing algorithms in finding non-semantically equivalent transactions based on the same signature randomness. This part of the discussion implicitly critiques the paper's lack of a formal definition of semantic equivalence.

The dialogue concludes with reflections on the Schnorr signing algorithm and its implications for generating two valid curve points from the same signature, which could correspond to different messages. This contemplation segues into considerations about the difficulty of this task in relation to the discrete logarithm problem and whether recent cryptanalytic developments have offered new insights into the Schnorr algorithm's security under various cryptographic models.

The message ends with a technical note providing an operational timestamp hash, affirming the authenticity and specific context of the discussion within the broader Bitcoin Development Mailing List community.