Johnson Lau, a Bitcoin Core developer, has proposed a Bitcoin Improvement Proposal aimed at expanding the network's scripting language. It builds on BIP 114, which he also authored. MiningPool spoke
Johnson Lau, a Bitcoin Core developer, has proposed a Bitcoin Improvement Proposal aimed at expanding the network's scripting language. It builds on BIP 114, which he also authored. MiningPool spoke with Lau to get the details on the proposals.
Lau's BIP would activate some opcodes while restoring others that Satoshi Nakamoto had turned off years ago. Opcodes function as instructions that control whether and how bitcoin is transferred between addresses. Nakamoto disabled several of them during Bitcoin's early days as a precaution, but Lau argues most could operate safely if turned back on. "The most commonly used rules (i.e. address starting with 1) is 'In order to spend the bitcoin, you have to give a valid signature for this public key,'" he told MiningPool.
Making room for more sophisticated transactions is Lau's goal. Activated opcodes could support features like improved privacy and trustless wagering.
The concepts underlying BIP 114, known as MAST (Merkalized Abstract Syntax Tree), came from prior research by Russell O'Connor, Pieter Wuille, and Peter Todd, all Bitcoin Core veterans. Other developers have floated the idea of reviving disabled opcodes for years.
Currently, Bitcoin's scripting system forces users to publish the conditions that govern whether a bitcoin can be spent. Lau highlighted the privacy implications: "It's bad for privacy. The more conditions you reveal on the blockchain, the more clues are given to a blockchain analyst to identify the purpose of the transaction or the identities behind."
MAST solves this by requiring only a single condition to appear when bitcoin transfers. Less data on the public ledger means transactions shrink in size. "Conditional scripts are not common today. But payment channels, like Lightning Network, will use conditional scripts extensively, and MAST could be very useful," Lau noted.
The same opcodes enable trustless swaps of assets between different blockchains. Tier Nolan had proposed a new opcode for this job, but Lau demonstrated an alternative: "I just show that the same effect could be achieved by re-enabling OP_CAT (or OP_SUBSTR)." Peter Todd's BIP 65, called CHECKLOCKTIMEVERIFY, underlies the security model. A Bitcoin holder transfers funds to someone on another blockchain in exchange for that person's private key to an address on the second chain. Sidechains could also use this mechanism.
Fair wagering has been a feature of Bitcoin casinos since Satoshi Dice launched. Casinos improve on traditional gambling sites by publishing the hash of their random number before a bet starts. "If the casino wins, it could show that the random number was generated before the wager is placed and not modified," Lau explained. But a problem persists. "However, theoretically, the casino may still run with the money if it loses too much in a single bet. So this is not really trust free," he added.
Reactivating XOR and RSHIFT opcodes would let two strangers place bets on each other without needing to trust a middleman. "We could allow two people to both be the dealers at the same time. They will both generate a random number individually, reveal them, combine them, and use the result to determine the winner," Lau said. Both parties put up collateral to prevent one from walking away. "Being uncooperative is more expensive than losing the bet. No one should be uncooperative," according to Lau. This mirrors practices BitMarkets uses to reduce friction in online transactions.
Payment channels could host unlimited bets with only final settlements hitting the blockchain.
Beyond these features, Lau mentioned larger multi-signature arrangements and the ability to commit data not enforced by consensus rules, both detailed in BIP 114. Bitcoin's multisig system currently tops out at 20 public keys, but constructing those addresses consumes resources. MAST could scale multisig schemes to 2000 addresses while taking up much less space than even a 20-key setup today.
Message-only keys represent another capability MAST opens up. Bitcoin users could sign a message with a key tied to an address without using that same key to unlock the bitcoin stored there. "People may keep the message-only key in a hot wallet, and keep the funding key in a cold wallet," Lau noted. Bitcoin voting systems might find this useful.
When these opcodes might activate remains uncertain. Lau pointed to Segregated Witness and BIP 9 (Version Bits) as tools that could streamline the process. He noted that Blockstream's Elements Alpha project already has most of these opcodes active, and sidechains offer "a good way for experimenting with new features." Lau wrapped up: "The implementation is not the difficult part. The difficult part is to make sure the opcodes are really safe, which requires extensive review and testing."
