Author: Luke Dashjr 2017-11-01 08:43:48
Published on: 2017-11-01T08:43:48+00:00
In September 2017, Mark Friedenbach proposed two new script features to be added to the bitcoin protocol by means of soft-fork activation. These features are a new opcode, MERKLE-BRANCH-VERIFY (MBV), and tail-call execution semantics. The implementation of these features is simple enough, and the use cases compelling enough that the author suggested BIP 8/9 rollout of these features in relatively short order, perhaps before the end of the year. Fast Merkle Trees, MERKLEBRANCHVERIFY, and Tail-call execution semantics were written up as three separate BIPs to describe these features, and their associated implementation, for which public review and discussion was invited. Mark has since updated the three BIPs with all the feedback he has received so far. Changes made include modifying the hashing function fast-SHA256 so that an internal node cannot be interpreted simultaneously as a leaf, changing MERKLEBRANCHVERIFY to verify a configurable number of elements from the tree instead of just one, and making tail-call eval compatible with BIP141's CLEANSTACK consensus rule by allowing parameters to be passed on the alt-stack. Additionally, tail-call eval was restricted to segwit scripts only, so that checking sigop and opcode limits of the policy script would not be necessary. Luke has offered an improvement to reduce the commitment of both membership-checking scripts and merkle roots to a single hash. This involves calculating the root instead of checking membership, where the witness program commits to H(membership-calculation script | data added by an OP_ADDTOSCRIPTHASH). This would securely reduce the commitment of both to a single hash without reducing flexibility. One could omit OP_ADDTOSCRIPTHASH from their "membership-calculation" script to get the previous membership-check behavior and use OP_EQUAL in its place.
Updated on: 2023-06-12T18:19:04.766756+00:00