Original author: Wilson Lee, core contributor of Biteye

Original editor: Biteye core contributor Crush

1. Introduction

It is a well-known limitation that Bitcoin cannot achieve general computing. A large number of old public chains, including Ethereum, are committed to breaking through this limitation and bringing general computing to the blockchain, while Bitcoin firmly sits in the position of "digital gold".

After new Bitcoin assets such as inscriptions and runes became popular, the market realized the huge potential for expanding the capacity of "digital gold". Various Bitcoin expansion plans came to the fore, creating a prosperous situation. Among them, the most eye-catching one is the plan for the return of OP_CAT.

With the introduction of OP_CAT, STARK technology will be able to help Bitcoin realize the verification of zero-knowledge proofs, thereby introducing true general computing power to Bitcoin.

In July of this year, StarkWare launched a $1 million OP_CAT research fund to promote research on the pros and cons of activating OP_CAT on Bitcoin. It is not difficult to see that StarkWare has great potential to demonstrate its strength in the Bitcoin OP_CAT era.

II. OP_CAT’s past and present

OP_CAT's Departure

OP_CAT is an opcode in Bitcoin script, which concatenates two elements in the stack into one. This is very useful when building complex transaction scripts, which can increase the flexibility of the script.

Bitcoin Script is a stack-based programming language, and opcodes are the basic instructions at the bottom. Bitcoin Script uses these opcodes to perform functions such as conditional judgment and signature verification, but its computing power is relatively limited.

Ethereum has given blockchain more powerful computing power by introducing a virtual machine (EVM). EVM allows developers to write arbitrarily complex smart contracts. EVM also relies on opcodes to issue basic instructions to the computer, similar to Bitcoin's opcodes, but with more extensive functions.

The core is that Bitcoin's opcodes are mainly used to verify the validity of transactions, while Ethereum's opcodes are used to execute more complex logic. This difference enables Ethereum to achieve general computing, while Bitcoin's computing power is relatively limited.

The decentralized nature of blockchain determines that computing resources are very valuable, so it is necessary to prevent malicious attacks (such as DDOS) from excessively consuming resources. Ethereum uses gas limit to control the computing resource consumption of each transaction. When the gas is consumed, the transaction stops executing, preventing the entire Ethereum network from falling into endless calculations of a transaction.

OP_CAT can introduce more logic into a single calculation by connecting stack elements, which gives Bitcoin scripts a certain degree of flexibility, but also faces the risk of DDOS.

For security reasons, Satoshi Nakamoto deleted the OP_CAT opcode in 2010 to reduce the attack surface, which also caused Bitcoin to lose a certain degree of script flexibility, especially when data splicing was required.

OP_CAT’s Road to Return: Scaling and Controversy

As the Bitcoin network expands and more functional requirements emerge, the community has begun to re-examine OP_CAT, believing that it may play an important role in the expansion plan.

In recent years, discussions on reintroducing OP_CAT have been heating up, especially in terms of its potential connection with Bitcoin expansion and smart contracts. At the same time, as Bitcoin protocol updates such as Taproot have gradually addressed concerns about security and memory usage, calls to re-enable OP_CAT have begun to rise.

In October 2023, the OP_CAT proposal proposed by developers Ethan Heilman and Armin Sabouri received widespread attention.

The proposal aims to restore the OP_CAT opcode through a soft fork, which will greatly improve the functionality of Bitcoin scripts, especially for implementing complex contract functions in Tapscript (Bitcoin Taproot transaction script language).

With the popularity of inscriptions and runes, the discussion around OP_CAT has become more formal this year. Driven by the community, the OP_CAT proposal was officially numbered BIP-420 (BIP is a Bitcoin Improvement Proposal).

The number was later changed to BIP-347. The main purpose of BIP-347 is to introduce more complex conditions (i.e. "protocols"), thereby allowing more complex smart contracts, cross-chain bridges, and on-chain transactions. The implementation of the protocol will be able to introduce features such as "vault"-style transactions, reversible payments, periodic payments, complex financial instruments (such as custody and bonds) in Bitcoin.

OP_CAT can bring potential benefits, but also faces some challenges. For example, implementing this improvement may increase the complexity of Bitcoin, bringing risks of security and network forks. In addition, some community members are concerned that the new features may affect the simplicity and popularity of Bitcoin.

Therefore, the impact of OP_CAT's return requires continued discussion and exploration.

Why STARK?

STARK is a zero-knowledge proof system developed by StarkWare. Similar to the well-known SNARK, STARK also achieves scalability by converting the execution process of complex programs into easily verifiable zero-knowledge proofs. This method can greatly reduce the computational complexity of a large number of transactions and quickly verify their correctness.

The basic idea of ​​zero-knowledge proof

The core idea of ​​zero-knowledge proof technology is to convert the result of complex calculations into a simple "proposition" that can be quickly verified, and the verifier can confirm the correctness of the result without having to re-execute the calculation process.

For example, if a complex calculation process takes several seconds or even minutes to complete, the verifier wants to verify the result of the calculation. The most direct way is to repeat the calculation in a few seconds or even minutes. However, if the entire calculation process is converted into zero-knowledge proof, the verification process can be reduced to milliseconds.

Technical Differences Between STARK and SNARK

The key difference between STARK and SNARK lies in the mathematical basis they use, that is, what kind of mathematical method is used to calculate and verify zero-knowledge proofs.

SNARK mainly relies on elliptic curve pairing operations. Although this operation method can achieve concise zero-knowledge proof, it does not involve hash operations. In addition, the operation of SNARK depends on the properties of elliptic curves, which may limit it in certain application scenarios.

Unlike SNARK, STARK relies entirely on hash functions and polynomial commitments as its core operations. Hash functions are a cryptographic tool widely used in blockchain systems such as Bitcoin, which provides efficient computing and strong security by mapping inputs of arbitrary length to outputs of fixed length.

Compatibility: STARK and Bitcoin

Since the Bitcoin system itself is built around hash calculations, this makes STARK's operating method highly consistent with Bitcoin's native operating method.

STARK’s hashing operation can be more directly integrated with Bitcoin’s existing hashing logic. This compatibility means that STARK can implement zero-knowledge proofs more efficiently on the Bitcoin network without making major changes to Bitcoin’s existing computing mechanism.

Why is OP_CAT a prerequisite?

OP_CAT is used to connect the elements in the stack, which is essential for building complex zero-knowledge proof verification scripts. Through OP_CAT, Bitcoin scripts can more flexibly handle the combination of multiple data segments, thereby supporting more complex logical structures during the verification process. This makes the introduction of STARK possible, because OP_CAT provides the necessary scripting capabilities to implement the verification of STARK proofs.

Specifically, the introduction of OP_CAT allows Bitcoin to support complex data operations required for STARK proofs, such as concatenation, verification, and iterative operations. These operations are indispensable in the generation and verification of zero-knowledge proofs. Through OP_CAT, Bitcoin can maintain efficient verification and security without introducing Turing completeness, thereby realizing the application of STARK on the Bitcoin network.

IV. Summary and Outlook

As a new main line in the industry, Bitcoin's expansion is crucial to the sustainable development of the industry. In this track, StarkWare has demonstrated strong innovation capabilities with its leading position in zero-knowledge proof and expansion technology.

However, the successful application of STARK still depends on the further development of functions such as OP_CAT. We look forward to the continuous efforts and exploration of various technical teams in this field to jointly promote the evolution of the Bitcoin ecosystem.

Looking ahead, with the introduction of OP_CAT, StarkWare is expected to shine in this new era and further consolidate its leading position in blockchain expansion. We are optimistic about StarkWare's potential in promoting Bitcoin expansion and improving network efficiency, and look forward to them bringing more breakthroughs and innovations to blockchain technology.

Risk warning: The above is for information sharing only, not investment advice. Readers are requested to comply with local laws and regulations.