BTC Ecological Expansion Solution Tour: Where the Inscription Goes

Where does the inscription go

Preface

On December 6, 2023, while Bitcoin investors were cheering the gains that Inscriptions had brought to Bitcoin, Luke Dashjr, the developer of the Bitcoin Core node client, poured cold water on him. He considers the inscription to be a "spam" attack and has filed a bug report on the fix code and CVE (CVE-2023-50428). Then the Bitcoin community exploded, and after the chaos of the 2017 hard fork, the Bitcoin community was once again locked in a heated debate.

So should Bitcoin focus more on security and discard some unexpected features, or should it be more tolerant of unexpected innovations and a little more tolerant of possible security issues?

We know that Bitcoin's journey is not just speculation and hype, but also an evolving ecosystem and security landscape. This article aims to delve into the dual narrative of Bitcoin's growth: the ever-expanding utility and the strengthening of security measures within its ecosystem. We will explore how the synergy of innovation and robust security protocols can pave the way for a new era of digital assets.

Overview and basic knowledge of the BTC ecosystem

WE KNOW THAT BITCOIN, THE CORNERSTONE OF THE CRYPTOCURRENCY REVOLUTION, HAS ALWAYS BEEN USED AS A STORE OF VALUE LIKE GOLD, AND PEOPLE SEEM TO HAVE FORGOTTEN ABOUT THE EXISTENCE OF BITCOIN WHEN OTHER PUBLIC CHAIN DEFI INNOVATIONS ARE IN FULL SWING.

However, it is precisely on Bitcoin that the pioneers were the first to start the experiment of stablecoins, Layer 2, and even DEFI, such as the hard currency USDT in the cryptocurrency circle was first issued on the Bitcoin Omnilayer network, and the following figure is a basic classification of the Bitcoin ecosystem from the perspective of technical implementation.

These include sidechains based on bidirectional anchoring, text parsing based on output scripts (OP_RETURN), inscriptions based on Taproot scripts, drive chains based on BIP300 updates, and lightning networks based on state channels.

There may be many of the above terms that you don't know yet, don't worry, let's first familiarize ourselves with the following basic knowledge, and then explain the technical principles of these ecosystems one by one and discuss the safety issues.

UTXO is the basic unit of Bitcoin transactions

Unlike Ethereum's account balance system, there is no concept of an account in Bitcoin's system. Ethereum has introduced four complex Merkle Patricia Tries to store and verify changes in account status. In contrast, Bitcoin cleverly uses UTXOs to solve these problems more succinctly.

Ethereum's Four Trees

Inputs and outputs of Bitcoin

UTXO (Unspent Transaction Outputs) may sound like a bad name, but it's easy to understand when you understand the three concepts of input, output, and transaction.

Inputs and outputs of transactions

Friends who are familiar with Ethereum should know that a transaction is the basic unit of communication in the blockchain network, and once the transaction is packaged into a block and confirmed, it means that the state change on the chain is determined. In Bitcoin transactions, it is not a single address-to-address state operation, but a combination of multiple input and output scripts.

The image above is a very typical Bitcoin 2-for-2 transaction. Theoretically, the amount of BTC input and the amount of BTC output should be equal, but in fact, the part of BTC that outputs less than the input is earned by the block miner as a miner's fee, which is equivalent to the gas fee in Ethereum.

We can see that when the two input addresses transfer BTC, they need to be verified in the input script to prove that the two input addresses can spend these two inputs (that is, the unspent output of the previous one, UTXO), and the output script stipulates the conditions for spending two outputs of Bitcoin, that is, what conditions should be met when the unspent output is used as input next time (for general ordinary transfers, the condition is the signature of the output address, for example, in the figure above, P2wPKH means that it is needed taproot address, P2PKH means that the signature of the legacy address's private key is required).

Specifically, the data structure of Bitcoin transactions is as follows:

In Bitcoin trading, the basic structure consists of two key parts: inputs and outputs. The input part indicates the initiator of the transaction, while the output part indicates the receiver and change (if any) of the transaction. The transaction fee is the difference between the total amount of input and the total amount of output. Since the input of each transaction is the output of a previous transaction, the output of the transaction becomes the core element of the transaction structure.

This structure forms a kind of chain connection. In the Bitcoin network, every legitimate transaction can be traced back to the output of one or more previous transactions. These transaction chains start with mining rewards and end with transaction outputs that have not yet been spent. All unspent outputs in the network are collectively referred to as the Unspent Transaction Output (UTXO) of the Bitcoin network.

In the Bitcoin network, the input of each new transaction must be an unspent output. In addition, each input requires the corresponding private key signature of the previous output. Each node in the Bitcoin network stores all UTXOs on the current blockchain as a way to verify the legitimacy of new transactions. Through UTXO and signature verification mechanisms, nodes are able to verify the legitimacy of new transactions without going back to the entire transaction history, simplifying the operation and maintenance of the network.

Bitcoin's unique transaction structure is in line with its white paper, "Bitcoin: A Peer-to-Peer Electronic Cash System" By design, Bitcoin is an electronic cash system, and its transaction structure is to simulate the transaction process of cash, the amount that can be spent on an address depends on the amount of cash received before, and each transaction is to spend all the cash on this address as a whole, and the output address of the transaction is usually a receiving address and a change address, just like the change when using cash transactions in supermarkets.

script

In the Bitcoin network, scripts play a crucial role. In fact, each output of a Bitcoin transaction actually points to a script, not a specific address. These scripts are like a set of rules that define how the receiver can use the assets locked in the output.

Verification of the legitimacy of a transaction relies on two types of scripts: a locking script and an unlocking script. A locking script exists in the output of a transaction and is used to define the conditions required to unlock that output. The unlocking script, which is the counterpart, must follow the rules defined by the locking script to unlock UTXO assets, which are located in the input section of the transaction. The flexibility of this scripting language allows Bitcoin to implement a variety of combinations of conditions, demonstrating its characteristics as a "partially programmable currency".

In the Bitcoin network, each node runs a stack interpreter that interprets these scripts based on "first-in, first-out" rules.

There are two main types of Bitcoin scripts that are commonly used: P2PKH (Pay-to-Public-Key-Hash) and P2SH (Pay-to-Script-Hash). P2PKH is a simple type of transaction in which the recipient only needs to sign with the corresponding private key to consume the asset. P2SH is more complex, such as in the case of multisig, where a combined signature of multiple private keys is required to use the asset, or.

Together, these scripts and verification mechanisms form the core workings of the Bitcoin network, ensuring the security and flexibility of transactions.

For example, in Bitcoin, the output script rules for P2PKH are as follows:

Pubkey script: OP_DUP OP_HASH160 OP_EQUALVERIFY OP_CHECKSIG

Input requires a signature

Signature script: sig

The output script rules for P2SH are as follows:

Pubkey script: OP_HASH160 OP_EQUAL

Input needs to provide a multisig list

Signature script: [say] [say...]

In the above two types of scripting rules, Pubkey script represents the locked script and Signature script represents the unlocking script. The words that begin with OP_ are related script commands and instructions that can be parsed by the node. These command rules are divided according to the Pubkey script, which also determines the rules for unlocking the script.

The scripting mechanism in Bitcoin is relatively simple, just a stack-based engine that interprets relevant OP instructions, and there are not too many script rules that can be parsed to implement very complex logic. However, it provides a prototype for blockchain programmability, and some subsequent ecological projects are actually developed based on the principle of scripting. With the update of Segregated Witness and Taproot, the types of OP instructions have become more abundant, and the size of scripts that can be included in each transaction has been expanded, and the Bitcoin ecosystem has ushered in explosive growth.

Technical Principles of Inscriptions and Safety Issues

The popularity of inscription technology is inseparable from Bitcoin's Segregated Witness and Taproot updates.

Technically, the more decentralized a blockchain is, the less efficient it is usually be. In the case of Bitcoin, for example, the size of each block is still maintained at 1MB, the same size as the first block originally mined by Satoshi Nakamoto. Faced with the problem of scaling, the Bitcoin community did not choose to simply and directly increase the block size. Instead, they adopted an approach called Segregated Witness (SegWit), an upgrade that does not require a hard fork and aims to improve the processing power and efficiency of the network by optimizing the data structure in the block.

SegWit

In Bitcoin transactions, the information of each transaction is mainly divided into two parts: the underlying transaction data and the witness data. The underlying transaction data includes key financial information such as account balances, while witness data is used to verify the user's identity. For users, their main concern is information directly related to the asset, such as account balances, and the details of identity verification do not need to take up too many resources in the transaction. In other words, the party receiving the asset is primarily concerned with whether the asset is available or not, and does not have to pay too much attention to the details of the sender.

However, in Bitcoin's transaction structure, witness data (i.e., signature information) takes up a lot of storage space, which leads to reduced transfer efficiency and increased transaction packaging costs. To solve this problem, Segregated Witness (SegWit) technology was introduced, the core idea of which is to separate witness data from the main transaction data and store it separately. The result of this is an optimized use of storage space, which increases transaction efficiency and reduces costs.

In this way, each block can accommodate more transactions while the original 1M block size remains the same, and the Segregated Witness data (that is, various signature scripts) can occupy an additional 3M space, laying a storage foundation for the enrichment of Taproot script instructions.

Taproot

Taproot is an important soft fork upgrade to the Bitcoin network, designed to improve the privacy, efficiency, and processing power of Bitcoin Script. This upgrade is considered a major improvement since the SegWit upgrade in 2017.

The Taproot upgrade includes three different Bitcoin Improvement Proposals (BIPs): Taproot (Merkle Abstract Syntax Tree, MAST), Tapscript, and a new multisig-friendly digital signature scheme called "Schnorr Signature". The purpose of Taproot is to provide Bitcoin users with a variety of benefits, including increased privacy of transactions and reduced transaction costs. In addition, it will also enhance Bitcoin's ability to perform more complex transactions, expanding its application.

The Taproot update has directly affected three ecosystems: one is the ordinals protocol, which uses Taproot's script-path spend scripts to implement additional data, the other is the upgrade of the Lightning Network to Taproot Asset, which has evolved from a simple peer-to-peer BTC payment to a peer-to-many and supports the issuance of new assets, and the other is the newly proposed BitVM, which uses the op_ in Taproot booland and op_not to "etch" the bool circuit into the taproot script to implement the smart contract virtual machine function.

Ordinals

Ordinals is a protocol invented by Casey Rodarmor in December 2022 that gives each Satoshi a unique serial number and tracks them through transactions. Ordinals allows anyone to attach additional data to UTXO's Taproot script, including text, images, videos, and more.

Friends who are familiar with Ordinals must know: the total amount of bitcoins is 21 million, and each bitcoin contains 10^8 Satoshi (satos), so there are a total of 21 million * 10^8 satoshis on the Bitcoin network, and the Ordinals protocol will distinguish these satos, and each satoshi has a unique number. This can be done in theory, but in practice it cannot be done.

Because the BTC network has a minimum of 546 satoshis (segwit minimum 294 satoshis ) for the reason of defending against dust attacks, that is, the transfer of 1 satoshi and 1 satoshi is not allowed, and according to the address type of the transfer, at least 546 satoshi or 294 satoshi must be transferred, and according to the Ordinals first-in-first-out numbering theory, at least 1~294 satoshi of each block is indivisible.

Therefore, the so-called inscription is not engraved on a certain satoshi, but engraved in the script of a transaction, and this transaction must contain at least 294 satoshis transfers, and then a centralized indexer (such as unisat) will track and identify the transfer of these 294 satoshi or 456 satoshis.

How the inscription is encoded in the transaction

In principle, the cost of a Taproot script can only be made from the existing Taproot output, so the inscription should theoretically be done through a two-stage commit/reveal procedure. First, in the commit transaction, create a Taproot input based on the content of the script path spend, and specify the signature condition of the cost/display in the output. Second, in the reveal transaction, the output created by the commit transaction is spent, revealing the inscription content on the chain.

However, in the real indexer scenario, we do not pay much attention to the role of displaying transactions, but directly read the input script from a OP_FALSE OP_IF ... OP_ENDIF composed of script fragments from which the contents of the inscription are read.

Because the combination of OP_FALSE OP_IF's instructions will cause the script to not be executed, bytes of arbitrary content can be stored in it without affecting the logic of the original script.

A string containing the string "Hello, world!" The textual inscriptions are serialized as follows:

OP_FALSE OP_IF OP_PUSH "words"OP_1OP_PUSH

"text/plain; charset=utf-8"OP_0OP_PUSH "Hello, world!" OP_ENDIF

The Ordinals protocol essentially serializes this piece of code into a Taproot script.

Let's take a transaction from the chain to elaborate on how ordinals are encoded:

https://explorer.btc.com/btc/transaction/885d037ed114012864c031ed5ed8bbf5f95b95e1ef6469a808e9c08c4808e3ae

We can view the details of this transaction:

We analyze the encoding of the witness field starting from 0063 (OP_FALSE OP_IF) to understand the serialized encoding content:

So as long as we can decode this part of the code in the witness script, we can know what is inscribed. This is encoded in plain text, and other data such as HTML, images, videos, etc. are similar.

Theoretically, you can define your own encoded content, even encrypted content that only you know, but it can't be displayed in the Ordinals browser.

BRC20

On March 9, 2023, an anonymous Twitter user named domo tweeted a tweet creating a fungible token standard on top of Ordinals Protocol, called the BRC20 standard. The idea is that JSON string data can be engraved in a Taproot script via the Ordinals protocol to deploy, mint, and transfer fungible BRC-20 tokens.

Figure 1: The humble beginnings of the BRC-20 token (domo's first post on the topic)

Source: Twitter (@domodata)

Figure 2: Three possible initial operations for BRC-20 tokens (p = protocol name, op = operation, tick = ticker symbol / identifier, max = maximum supply, lim = minting limit, amt = quantity)

来源：https://domo-2.gitbook.io/brc-20-experiment/，Binance Research

The initiator of the token deploys the brc20 token on the chain through deploy, and then the participants obtain the token at almost no cost through mint (only the gas fee), when the number of mint exceeds max, the inscription of the mint inscription will be considered invalid by the indexer. After that, the address that owns the token can transfer the token through the transfer inscription.

It's worth noting that Casey, the founder of Ordinals, is very unhappy that the BRC-20 deal accounts for the majority of the Ordinals protocol. He has openly stated that BRC-20 brought a pile of garbage to the Ordinals he created. Therefore, the Casey team publicly issued a letter asking Binance to remove Ordinals from the ORDI token introduction, and he did not want the Ordinals protocol to be related to ORDI.

Extended protocols

BRC20 swap

Unisat, the largest marketplace for inscription trading, indexer, and wallet provider, has proposed the BRC20 swap protocol for BRC20 trading, and is now available for early adopters to try it out.

Previously, inscription transactions could only be carried out through a method called PSBT (Partially Signed Bitcoin Transactions), which is similar to Opensea's off-chain signature scheme, which uses a centralized service to "match" the signatures of buyers and sellers. As a result, BRC20 assets can only be traded through pending orders like NFT assets, with low liquidity and trading efficiency.

BRC20 Swap introduces a mechanism called a module in the JSON string of the BRC20 protocol, in which a set of smart contract-like scripts can be deployed. Taking the swap module as an example, users can lock BRC20 into the module through transfer, that is, initiate a transfer transaction to themselves, but the inscription in the transaction is locked in the module, and the user can initiate a transaction and withdraw the BRC20 tokens after completing the transaction or withdrawing the LP.

At present, BRC20 Swap operates in the extended mode of the black module, which is for security reasons, and determines the funds that users can withdraw by the sum of funds in the module without consensus and verification, that is, any user cannot withdraw more than the sum of the assets locked in the module.

When the behavior of the black module is understood and executed by users, gradually becomes reliable, and is gradually accepted by more indexers, the product transitions from the black module to the white module, and a consensus is reached. Users can also freely deposit and withdraw assets.

In addition, because the brc20 protocol and the entire Ordinals ecosystem are still in their early stages, Unisat has a large influence and reputation, and it provides complete indexing services such as transactions and balance queries for the protocol, which has a unique centralized risk. Its modular architecture allows more service providers to participate, thus making indexing more decentralized.

BRC420

The Brc420 protocol was developed by RCSV. On the basis of the original inscription, they added the expansion of the recursive index. More complex asset formats are defined recursively. At the same time, Brc420 establishes a binding relationship between usufruct and royalties on the basis of a single inscription. When users mint assets, they need to pay royalties to creators, and when they own an inscription, they can allocate their usage rights and set a price for them, which can incentivize more innovation in the Ordinals ecosystem.

The proposal of BRC420 provides a broader imagination space for the inscription ecology, in addition to building a more complex metaverse through recursive references, and also through the recursive references of code inscriptions, to build a smart contract ecology.

ARC20

The ARC20 token standard is provided by the Atomicals protocol, in which the "atom" is the basic unit built on top of Bitcoin's smallest unit, sat. This means that each ARC20 token is always backed by 1 SAT. In addition, ARC20 is the first token protocol to be minted via proof-of-work (PoW) inscriptions, allowing participants to mine inscriptions or NFTs directly in a similar way to mining Bitcoin.

Equating 1 ARC20 token to 1 sat brings several benefits:

1. First of all, each ARC20 token is never worth less than 1 sat, which makes Bitcoin act as a kind of "digital gold anchor" in the process.

2. Second, only the UTXO corresponding to the sat needs to be queried to validate the transaction, in contrast to the complexity of BRC20, which requires off-chain ledger state records and third-party sequencers.

3. In addition, all operations with ARC20 can be done through the Bitcoin network without additional steps.

4. Finally, due to the composability of UTXOs, it is theoretically possible to achieve a direct exchange of ARC20 tokens with Bitcoin, which opens up the possibility of future liquidity.

The Atomicals protocol sets a special prefix parameter for Bitwork Mining for the ARC20 token. Token issuers can choose a special prefix, and users need to calculate a matching prefix through CPU mining to be eligible to mint the ARC20 token. This "one CPU, one vote" model is in line with the philosophy of Bitcoin fundamentalists.

Is the inscription safe

The inscription seems to be just a "harmless" piece of text on the chain and parsed through a centralized indexer, as if the security issue is only a security consideration on the centralized service, but in terms of on-chain security, the following points still need to be noted:

On-chain security issues

1. Increase the burden on nodes

The inscription increases the size of Bitcoin blocks, which increases the resources required by nodes to propagate, store, and validate blocks on the network. If there are too many inscriptions, it can reduce the decentralization of the Bitcoin network, making the network more vulnerable to attacks.

2. Reduced security

Inscriptions can be used to store any type of data, including malicious code. If malicious code is added to a Bitcoin block, it can lead to a cybersecurity breach.

3. Transactions need to be structured

The trading of inscriptions requires the construction of the transaction and the first-in, first-out rule of the ordinals to prevent the indexability of the inscription from being broken due to negligence.

4. There are risks involved in buying and selling

The trading market for inscriptions, whether OTC or PSBT, carries the risk of asset loss.

Specific security issues

1. The orphan block rate and bifurcation rate increase

The inscription increases the size of the block, which leads to an increase in the orphan block rate and the bifurcation rate. An orphan block is a block that is not recognized by another node, and a fork is when there are multiple competing blockchains in the network. Orphan blocks and forks can reduce the stability and security of the network.

2. The attacker tampered with the inscription

Attackers can exploit the openness of the inscription to carry out tampering attacks.

For example, an attacker can replace the information stored in the inscription with malicious code that can infiltrate the indexer's servers or compromise the user's device via a Trojan.

3. Improper use of the wallet

If the wallet is not used properly and the wallet cannot index the inscription, it is likely that the inscription will be transferred by mistake, resulting in the loss of assets.

4. Phishing or scams

Attackers may steal user assets by tricking users into inscription transactions through fake indexer websites such as Unisat.

5. Missing PSBT signatures

Atomicals Market has a history of user assets being damaged due to the use of incorrect signature methods.

Related Reading:

https://metatrust.io/company/blogs/post/the-analysis-of-the-atomicals-market-user-asset-loss

Actions that can be taken

1. Limit the size of the inscription

It is possible to limit the size of the inscription to reduce the impact on the node load, which Luke mentioned at the beginning of the article is already doing.

2. Encrypt the inscription

Inscriptions can be encrypted to prevent attacks by malicious code.

3. Use credible sources of inscriptions

Trusted sources of inscriptions can be used to prevent signature issues and being phished.

4. Use a wallet that supports inscriptions

Use a wallet that supports inscriptions for transfer activities.

5. Pay attention to the review of inscription code and related scripts

In the new experiments with brc20-swap and recursive inscriptions, the security of the code and related scripts needs to be ensured due to the introduction of these codes.

summary

From a technical and security point of view, the Bitcoin inscription is essentially a rule-bypassing vulnerability, and the taproot script does not appear to store data, and there are some security issues with it. Luke's modification to the bitcoin core code is correct from a security perspective. Rather than making direct changes to Bitcoin's consensus layer, Luke chose to tweak the Spam Filter module so that nodes can automatically filter out Ordinals transactions when they receive P2P broadcast messages. In this strategy filter, there are several functions called isStandard that are used to check if all aspects of the transaction are up to standard. If the transaction does not meet the criteria, the transaction received by the node will be quickly discarded.

In other words, while Ordinals transactions can eventually be added to the blockchain, most nodes will not add this type of data to the transaction pool, which will increase the delay for Ordinals data to be received by mining pools willing to package it on-chain. However, if a mining pool broadcasts a block containing a BRC-20 transaction, other nodes will still recognize it.

Luke has introduced changes to the policy filter in the Bitcoin Knots client and plans to introduce similar changes in the Bitcoin Core client terminal. In this modification, he introduced a new parameter called g_script_size_policy_limit that limits the size of the script in several different places. This change means that there will be an additional limit on the size of the script when processing transactions, affecting how transactions are accepted and processed.

Currently, the default value for this parameter is 1650Bytes, which can be set by any node client at startup with the parameter -maxscriptsize:

However, even if the code is updated, it will be a long time before all miner nodes are updated to the new version, and during this time, the innovators in the inscription community should be able to create a more secure protocol.

Metatrust Labs has scored and monitored the investment risk of inscriptions on the metaScore platform through on-chain data and asset tracking, and has also launched a rules engine for Bitcoin network monitoring on the metaScout platform, which can help investors monitor real-time data of Bitcoin inscriptions.

In this issue, we explore the technical principles and possible security issues of the popular inscription ecology, and in the next issue, we will bring you a more complex Taproot circuit etching technology - bitVM, so stay tuned.

About MetaTrust Labs

MetaTrust Labs is a leading provider of Web3 AI security tools and code audit services incubated by Nanyang Technological University in Singapore. We provide advanced AI solutions that empower developers and project stakeholders to secure Web3 applications and smart contracts. Our comprehensive services include AI security scanning, code auditing, smart contract monitoring, and transaction monitoring. By integrating AI, we ensure a secure ecosystem that strengthens trust between users and developers.

Official website: https://www.metatrust.io/

Twitter: https://twitter.com/MetaTrustLabs

Linkedin: https://www.linkedin.com/in/metatrust