bitcoin-dev

ColliderScript: Covenants in Bitcoin via 160-bit hash collisions

Original Postby Ethan Heilman

Posted on: November 27, 2024 22:37 UTC

The discussion centers on the cryptographic principle of proving the equivalence of two variables, y1 and y2, in a scripting context without making any assumptions outside of cryptographic soundness.

Specifically, it illustrates the use of the OP_DUP operation to demonstrate that both Small Script and Big Script perceive the same (w,t) values with absolute certainty. Here, "w" is identified as a 33-bit stack element, exemplified by the number 23412, whereas "t" refers to a bit vector composed of multiple stack elements, illustrated by a bit string sequence. These elements are introduced as witness stack components by the spending transaction, with Figure 1 highlighting elements pushed onto the stack from the spending transaction in purple.

Furthermore, the conversation shifts to exploring transactional integrity through an example involving two transactions, Txn1 and Txn2, which differ only in their locking scripts. Despite this singular variation—Txn1 uses a specific PUSH command followed by DROP, as does Txn2 albeit with a different value—the hashes of these transactions will be unique, yet they remain semantically equivalent. This aspect raises questions about the goal of a hypothetical attack scenario where one party, Alice, locks coins under a covenant executing a certain action (X), and another party, Eve, aims to accomplish a different objective (Y). Such a scenario underscores the complexity and nuances involved in Bitcoin development and cryptographic security discussions, emphasizing the importance of understanding script operations and transaction semantics within the ecosystem.