Bitcoin Wildlife Sanctuary

Intro

In this docs site you’ll find background information on the Bitcoin Wildlife Conservatorium project, its current focus areas, and how you can contribute.

Bitcoin Wildlife is a community project focused on developing, testing and iterating on primitives in Bitcoin Script with the introduction of OP_CAT. All implementations are tested on Catnet, a fork of Signet with OP_CAT activated that features a Circle STARK Verifier directly in Script.

Developers and researchers who are interested in showcasing why OP_CAT should, or shouldn’t, be activated on Bitcoin are invited to contribute to this project.

Developers and researchers are also invited to apply for a grant from the [insert fund name] for their work on OP_CAT R&D.

Background

Bitcoin Script, the native programming language on Bitcoin, is Turing-incomplete. However, its constraints foster innovation, allowing Bitcoin developers to build complex mechanisms even with a limited set of tools. Even small changes to Bitcoin can have serious effects on the overall functionality of the network, with many strategies going undiscovered for years (e.g., the publication of the BitVM paper in 2023 after the Taproot upgrade in 2021).

Bitcoin, in its current form, cannot scale to support billions of users. Offboarding execution to cheaper, and sometimes more expressive, environments is a scaling strategy that allows Bitcoin to see greater adoption without overhauling its core structure. Thus, Bitcoin serves as a base layer for various execution environments. Tools such as covenants and validity proofs address custody and state validation concerns, respectively.

One of the experimental areas in Bitcoin Script is the use of new opcodes, such as OP_CAT. Various proposed opcodes can enable covenants, but OP_CAT is seen as the most simple activation as it was already activated in the original Bitcoin software. OP_CAT, which concatenates two stack items, was removed from Bitcoin Script early on due to security concerns but has seen renewed interest as developers explore its potential applications.

One of those applications is improved bridging modules for second layer protocols. Bitcoin Wildlife is currently working on designs that would enable recursive covenants and a STARK verifier directly in Script for the purpose of creating trustless two-way pegs for second layer protocols.

Motivation

The Bitcoin Wildlife Conservatorium exists as a hub for research and experimentation with advanced Bitcoin Script functionalities, covenants, experimental opcodes, and cryptographic proofs such as STARKs/SNARKs. This collection of repositories represents a concerted effort to push the boundaries of Bitcoin’s scripting capabilities and cryptographic applications. By experimenting with new opcodes, arithmetic operations, and advanced proof systems, we aim to uncover novel ways to extend Bitcoin’s utility while maintaining its security and decentralization principles.

Our motivation is driven by the need to enhance Bitcoin's scalability, security, and functionality. By developing and testing these advanced mechanisms, we seek to contribute to the long-term robustness and adoption of the Bitcoin network. This involves not only advancing technical knowledge but also fostering a community of developers and researchers dedicated to Bitcoin’s evolution.

Outcomes

The desired outcome of this initiative is to consolidate the knowledge and tools necessary to evaluate and implement experimental Bitcoin features. By rigorously testing and documenting these advancements, we seek to provide the Bitcoin development community with a clearer understanding of the potential risks and benefits associated with these experimental features.

Ultimately, this body of work aims to inform the broader discussion on Bitcoin's evolution, offering a repository of tested ideas and implementations that can be referenced for future upgrades or soft forks. In doing so, we hope to ensure that any enhancements to Bitcoin are made with a comprehensive understanding of their implications, paving the way for more secure, scalable, and innovative applications on the network.

Bitcoin Circle STARK

Introduction

Bitcoin Circle STARK includes Bitcoin script implementations of various cryptographic primitives for STARK.

Essentially, it's a collection of building blocks of a Circle STARK verifier in Bitcoin script.

As outlined in the Motivation section, a Circle STARK verifier enables Bitcoin to support true second layer protocols where users are guaranteed a right to exit.

To contribute to this repository, please see this GitHub repo and join our community telegram chat.

For reference, see the Circle STARKs paper.

Primitives

M31, CM31, QM31, Circle Point

Implementation of add, sub, mul of Mersenne-31 (M31), its complex extension (CM31), and its degree-4 extension (QM31), which is imported from BitVM/rust-bitcoin-m31-or-babybear.

CirclePoint over QM31

Implementation of doubling of a circle point over QM31.

Implementation of drawing a random point on the circle over QM31, useful for Order-Optimal Data Structures (OODS).

Fiat-Shamir Transcript

Also known as "channel," which is the term used in Starkware's stwo library.

Absorbing commitments and QM31 elements through OP_CAT + OP_SHA256.

Squeezing random elements for Fiat-Shamir transform using hints and OP_CAT + OP_SHA256.

Proof-of-Work Check

Calculating a proof-of-work nonce for the "channel", based on specified security bits.

Verifying the proof-of-work nonce and computing the new "channel" state.

Merkle Tree

Implementation of Merkle path verification using hints and OP_CAT + OP_SHA256.

Other repositories

Developers are also welcome to contribute to the following repositories to support the Bitcoin Wildlife project.

1. Covenants and Experimental Opcodes

• covenants-gadgets: Gadgets for covenants: Schnorr trick and txid reflection.
• covenants-examples: Examples of covenants in Bitcoin script.
• catnet: Custom Bitcoin signet with OP_CAT enabled, used to test the implementation of Bitcoin Circle STARK Verifier.
• rust-bitcoin-m31-with-muldiv: Arithmetic over the M31 field assuming OP_MUL and OP_DIV in Bitcoin Script.

2. Bitcoin-friendly Cryptography

• bitcoin-circle-stark: Building blocks of a Circle STARK verifier in Bitcoin script.
• catgolfing: Bitcoin Circle Stark performance contest.
• stwo: A fork of stwo for Bitcoin-friendly proof systems.
• stwo-bedd93: A fork of stwo for Bitcoin-friendly proof systems (archived).
• rust-bitcoin-m31: Arithmetic over the M31 or BabyBear field in Bitcoin Script.

3. General Cryptography

• r1cs-to-circle-plonk: A transpiler, prover, and verifier for proving R1CS in Circle Plonk.
• circle-plonk: Using stwo to implement a Plonk prover and verifier over Circle STARK.
• circom-compat: Arkworks bindings to Circom's R1CS, for Groth16 Proof and Witness generation in Rust.
• circom: zkSnark circuit compiler.
• r1cs-std: R1CS constraints for bits, fields, and elliptic curves.
• fri-study: Study and implementation of the FRI (Fast Reed-Solomon Interactive Oracle Proofs of Proximity) protocol in Rust.

4. Bitcoin Script in Rust

• rust-bitcoin-scriptexec: Bitcoin Script interpreter implemented in Rust.
• rust-bitcoin-script: Inline Bitcoin scripts in Rust.

5. Development Tooling or Miscellaneous

• bitcoin-simulator: A simulator of a local Bitcoin testnet based on Rust and SQLite.
• reuse-bitcoin-pow-gadgets: Gadgets that navigate how to leverage the BTC consensus for PoW security.