OP_CAT: The New Tapscript Opcode That Can Help Make Bitcoin Magical Again

Bitcoin tapscript has long been limited by its lack of a general-purpose way of combining objects on the stack. This limitation restricts the expressiveness and power of tapscript, preventing the ability to construct and evaluate merkle trees and other hashed data structures in tapscript. However, with the introduction of OP_CAT, this limitation can be overcome, and the functionality of tapscript can be greatly increased.

OP_CAT is a new tapscript opcode that allows the concatenation of two values on the stack. This opcode would be activated via a soft fork by redefining the opcode OP_SUCCESS80. When evaluated, the OP_CAT instruction pops the top two values off the stack, concatenates the popped values together, and then pushes the concatenated value on the top of the stack. OP_CAT fails if there are less than two values on the stack or if a concatenated value would have a combined size of greater than the maximum script element size of 520 Bytes.

OP_CAT aims to expand the toolbox of the tapscript developer with a simple, modular, and useful opcode in the spirit of Unix. To demonstrate the usefulness of OP_CAT, below we provide a non-exhaustive list of some use cases that OP_CAT would enable:

1. Tree Signatures provide a multisignature script whose size can be logarithmic in the number of public keys and can encode spend conditions beyond n-of-m. For instance, a transaction less than 1KB in size could support tree signatures with a thousand public keys. This also enables generalized logical spend conditions.
2. Post-Quantum Lamport Signatures in Bitcoin transactions. Lamport signatures merely require the ability to hash and concatenate values on the stack.
3. Non-equivocation contracts in tapscript provide a mechanism to punish equivocation/double spending in Bitcoin payment channels. OP_CAT enables this by enforcing rules on the spending transaction’s nonce. The capability is a useful building block for payment channels and other Bitcoin protocols.
4. Vaults, which are a specialized covenant that allows a user to block a malicious party who has compromised the user’s secret key from stealing the funds in that output. As shown in , OP_CAT is sufficient to build vaults in Bitcoin.
5. Replicating CheckSigFromStack, which would allow the creation of simple covenants and other advanced contracts without having to presign spending transactions, possibly reducing complexity and the amount of data that needs to be stored. Originally shown to work with Schnorr signatures, this result has been extended to ECDSA signatures.

In conclusion, OP_CAT is a powerful tool that can help make Bitcoin magical again by expanding the functionality of tapscript and enabling new use cases. However, it is important to note that there may be valid reasons to argue against OP_CAT, and it is up to the Bitcoin community to weigh the pros and cons of this new opcode.