|
December 21, 2021, 02:08:59 AM |
|
I think a sha256 operation in bitcoin script that took two operands would fill all the requirements for substring (ignoring sha256 collision).
OP_MEKLE(a, b) = SHA256(a OP_CAT b)
Proving substrings using OP_MERKLE
We assume there are no sha256 collisions. If we validate in script, that:
OP_MERKLE(x,y) = SHA256(z)
Then we can be sure that x is a prefix of z, and y is a suffix of z. If z is constant, sha calculation can be amortized.
Proving substring checking can be of course done recursively, to prove even smaller substrings.
I wonder if Eltoo or covenants are somehow made easier using this.
|