This is the fifth article series Deeply studying the various covenant proposals, which have reached maturity and deserve deep collapse.
OP_CAT is reactivated in Bip 347 by Ethan Heilman and Armin Sabouri in Tapscript, which is not a covenant. This is an initially included in the first version of Bitcoin to manipulate data elements on the stack. It was deactivated in 2010 and Bitcoin 0.3.10 was released along with many other Opcodes, as a result of fears of rejecting service attacks using nodes that could crash. Also added is the global maximum limit of any single item on the stack when executing the script to 520 bytes.
You should have a basic understanding of script evaluation on the stack and the basic parts of Bitcoin transactions, so OP_CAT really doesn’t have much prerequisite explanations.
While OP_CAT may not be a covenant by itself, it can mimic the covenant due to the way Schnorr signature works. This is a very in-depth topic, which is fully explained here by Andrew Poelstra of Blockstream, so I will stick to a high level of vision. Each elliptic curve has a generated point, essentially “0”, used in elliptic curve mathematics for key generation and signature. With Schnorr, you can use generator points as keys to sign and give or take a few bytes, you have to repeat the signature to be correct, and in fact, the signature is actually the same hash of the transaction you signed.
Shelved the mechanism of how math works now, and then remember later on that these “weird” signatures allow you to get the current transaction TXID on the stack.
How OP_CAT works
OP_CAT takes up two data items on the stack and joins them together. So if the first two items on the stack are “1” and “2”, OP_CAT removes them both and then puts “12” on the top of the stack. That’s it.
What is op_cat useful
OK, what’s the big deal? Why does everyone feel scared of op_cat even if it is so simple that the explanation of how it works doesn’t even cost full paragraph writing?
Although given the nature of op_cat, I can’t guarantee that these two reasons are the only two. OP_CAT allows Merkle trees to be built and validated directly on the stack, which opens the door for some interesting behaviors and features. Thanks to the aforementioned “weird” schnorr signature, it also allows imitation of the covenant, thus achieving full granular introspection.
Merkle proof verification is a key component of Taproot, but it implements Merkle tree verification only happens in the root Schnorr public key in the root Schnorr public key in the root Schnorr public key in the coins spent, in the output script of the coins spent. Taproot does not support common Merkle proof verification.
OP_CAT allows for a fully general way. Just provide the leaf hash (ES) in the correct order, then provide the internal hash nodes, and then call OP_CAT in turn, which will allow you to rebuild a Merkelgen hash and compare it with the predetermined hash in the script. You can do this to provide a one-sided withdrawal path for shared UTXO in CATVM, you can depend on other transactions that are already included in the block that works effectively, and you can trade with almost any condition that can be verified by Merkel proof.
Now, for covenant simulations that can fully reflect on one’s own. What you want to do is make sure that the transaction must have certain characteristics to be effective. Now remember that the “weird” signature gets the transaction hash on the stack. The actual transaction has not actually completed the transaction signature, it is done via hash. This allows us to do something interesting.
You can use OP_CAT to build very complex and puzzling scripts to put the individual original parts of the transaction as part of the witness and slowly put them on the stack with OP_CAT. Along the way, you can check various parts of the transaction by has hass and using OP_Equal. At the end of the script, you can do a full transaction on the stack itself and you can attach the necessary data to it, then place it, and compare it to OP_Equal again, this time with the “weird” signature. If that check passes, a normal check can be run and everything will be executed as long as it is “weird” signature in the transaction.
The OP_E equality check of individual parts of the transaction along the way ensures that those parts of the transaction are exactly what they should be. If any of them fails to verify, the transaction is invalid. This implemented the Mock Covenant. Finally, if the transaction hash built with OP_CAT matches the “weird” signature, the final check ensures that the transaction built with OP_CAT and checks against the mock covenant to match the actual transactions spent at the time.
End thought
OP_CAT opens the door for introspective and forward data to be fully carried. Introspection can reach any granularity required, while each field of the transaction can be independently committed. It has all the same introspection that TXHASH has, and then some.
Verifying the ability to prove universal Merkel proof is also a powerful feature, but questioning how to use the feature and what types of incentives can be created. Just use a Merkel tree built using the hashing feature available to the Bitcoin script, and you can build Bitcoin scripts on an external blockchain system to make some transactions on the external blockchain system.
While OP_CAT is not a covenant by itself, it allows full simulation to have a less efficient blockchain footprint (and the potential for developers to make mistakes and make money). The suggestion is that while it is very simple in itself, its large amount of design space should be treated with caution.
