Martin from FairgateLabs created a Blake3 implementation in Bitcoin script. This is the shortest hash function ever implemented in script (only 45K bytes or 11.2K vbytes in a Taproot script).
Why implement a hash function when we have OP_HASH and OP_HASH256 and other opcodes ? Because Bitcoin script currently does not allow the manipulation of individual bytes of the hash digests produced by OP_HASH, so we cannot implement Lamport or Winternitz signatures based on existing opcodes.
Having signatures for arbitrary messages (not only the transaction) is essential for proving systems like
BitVMX.org. The shortest the code, the cheaper the onchain disputes.
(BitVMX is a optimistic proving system for arbitrary programs, based on a virtual CPU. It does not require any hard-fork or soft-fork to Bitcoin.)
Specs
The new implementation is compared with the previous one that existed in BitVM. These are the numbers:
Bytes Hashed Number of blocks Original Size New Implementation Size Improvement from original
64 1 103k 45k 55.60%
80 2 206k 91k 55.72%
Comparing the max stack height usage:
Bytes Blocks Original New New stack-optimized Size
64 1 384 671 550 47K
80 2 448 779 678 95K
You can take a look at the PR here:
https://github.com/BitVM/BitVM/pull/67Also you can learn more about BitVMX from its paper:
https://bitvmx.org/files/bitvmx-whitepaper.pdf. Or you can comment in this thread:
https://bitcointalk.org/index.php?topic=5494208.0
