Author: Anthony Towns 2015-11-29 23:41:43
Published on: 2015-11-29T23:41:43+00:00
In a bitcoin-dev mailing list discussion on November 27, 2015, Mats Jerratsch proposed introducing a new general OP_CRYPTO to allow for all sorts of general crypto operations in script. He suggested using a single prefixed 0x01 byte to push "OP_CRYPTO" onto the stack and have OP_CRYPTO look at the top item on the stack to determine what to do. This would not be a softfork and could lead to arbitrarily expandable multi-byte pushes. Jerratsch also discussed some constructions that could break the signature scheme but were either too large or expensive to calculate. In response, there was a suggestion to add more crypto ops into a BIP for a check-verify crypto toolkit op like this. The only ones mentioned with practical uses in the near term were base-point multiply on secp256k1 (CHECKPUBPRIVPAIR) and Schnorr-signature of transaction with secp256k1 curve (smaller, faster, more-anonymous N-of-N multisig). Other suggestions included general point addition/multiply on secp256k1, SHA3-256/SHA2-512/SHA3-512, and ECDSA/Schnorr signature of value from stack.It was also noted that if the segregated witness soft-fork is plausible, any opcode could be re-enabled/changed/added as a soft-fork, not just turning a NOP into CHECK_foo_VERIFY. It was suggested to wait and see how the segregated witness soft-fork goes before drafting a BIP or similar.
Updated on: 2023-05-19T22:25:37.780604+00:00