BIP Draft OP_TWEAKADD #1944

pull JeremyRubin wants to merge 11 commits into bitcoin:master from JeremyRubin:optweakadd changing 3 files +496 −0
  1. JeremyRubin commented at 10:43 pm on August 22, 2025: contributor

    Opening this PR for feedback & discussion on the specification for OP_TWEAKADD.

    Mailing list post: https://groups.google.com/g/bitcoindev/c/-_geIB25zrg

  2. BIP: OP_TWEAKADD b24c5049ed
  3. jonatack added the label New BIP on Aug 22, 2025
  4. BIP TweakAdd: note on commutativity of tweaking and add test cases 04f8c61905
  5. BIP TweakAdd: Invert Argument Order 601d45f16c
  6. BIP Tweakadd: fix typo & add note on even-y tweaking 7602e08769
  7. BIP TweakAdd -- add mailing list discussion 14f28051a7
  8. BIP TweakAdd: Add Alpen and MATT mentions 9415fbc4e4
  9. in bip-XXXX.md:240 in b24c5049ed outdated 
    235+This proposal extends the Taproot tweak mechanism (BIP340/341) into script, inspired by prior work on scriptless scripts and key-evolution constructions. There has been various discussion of OP_TWEAKADD over the years, including by Russell O'Connor and Steven Roose.
236+
237+## References
238+
239+- [CATT: Thoughts about an alternative covenant softfork proposal](https://delvingbitcoin.org/t/catt-thoughts-about-an-alternative-covenant-softfork-proposal/125)
240+- [Bitcoindev mailing list discussion](https://gnusha.org/pi/bitcoindev/e98d76f2-6f2c-9c3a-6a31-bccb34578c31@roose.io/)
    jonatack commented at 11:09 pm on August 22, 2025:
    Hi @JeremyRubin, is there a link to a recent discussion specific to OP_TWEAKADD? Suggest a new ML post about this draft.
    JeremyRubin commented at 5:40 pm on August 23, 2025:
    yes sir 🫡
  10. kash831 commented at 3:37 pm on August 24, 2025: none
    All in a hard days work
  11. in bip-XXXX.md:37 in 9415fbc4e4 outdated 
    32+
33+Input (top last):
34+
35+```
36+
37+... \[h32] \[pubkey32] OP\_TWEAKADD  ->  ... \[pubkey32\_out]
    murchandamus commented at 9:31 pm on August 25, 2025:

    I think these backslashes are unnecessary in the preformatted code. At least they render for me in the preview.

  12. in bip-XXXX.md:39 in 9415fbc4e4 outdated 
    34+
35+```
36+
37+... \[h32] \[pubkey32] OP\_TWEAKADD  ->  ... \[pubkey32\_out]
38+
39+````
    murchandamus commented at 9:32 pm on August 25, 2025:
    This has one backtick too many, although it doesn’t seem to change the rendering.
  13. in bip-XXXX.md:9 in 9415fbc4e4 outdated 
    0@@ -0,0 +1,317 @@
1+```
2+BIP: TBD
3+Layer: Consensus (soft fork)
4+Title: OP_TWEAKADD - x-only key tweak addition
5+Author: Jeremy Rubin <jeremy@char.network>
6+Status: Draft
7+Type: Standards Track
8+Created: 2025-08-22
9+License: BSD-3-Clause
    murchandamus commented at 9:37 pm on August 25, 2025:
    Please add the missing Copyright section.
    JeremyRubin commented at 2:28 pm on August 27, 2025:
    You meant at the end of the document right?
    murchandamus commented at 9:28 pm on August 27, 2025:
    Sure, that’s fine.
  14. in bip-XXXX.md:29 in 9415fbc4e4 outdated 
    24+## Specification
25+
26+### Applicability and opcode number
27+
28+- Context: Only valid in tapscript (witness version 1, leaf version 0xc0). In legacy or segwit v0 script, `OP_TWEAKADD` is disabled and causes script failure.
29+- Opcode: OP_TWEAKADD (0xBE, or TBD, any unused OP_SUCCESSx, preferably one which might never be restored in the future).
    murchandamus commented at 9:39 pm on August 25, 2025:
    What does “preferably one which might never be restored in the future” refer to?
    JeremyRubin commented at 11:31 pm on August 25, 2025:

    E.g., it’s desirable to not use 0x7f because that’s OP_SUBSTR and if we ever did a soft fork like that, it’s simpler to not change those opcodes.

    from bip-347:

    We specifically choose to use OP_SUCCESS126 rather than another OP_SUCCESSx as OP_SUCCESS126 uses the same opcode value (126 in decimal and 0x7e in hexadecimal) that was used for OP_CAT prior to it being disabled in Bitcoin. This removes a potential source of confusion that would exist if we had a opcode value different from the one used in the original OP_CAT opcode.

    JeremyRubin commented at 2:28 pm on August 27, 2025:
    assuming this doesn’t need more of a note in the BIP?
  15. murchandamus commented at 9:42 pm on August 25, 2025: contributor
    I had a first glance at this. Looks interesting. A few sections look still a bit bullet point heavy and I would hope to see them expanded a bit.
  16. BIP TweakAdd Formatting Edits e795d69693
  17. BIP TWEAKADD remove conventions section 3e5044215f
  18. BIP TWEAKADD formatting fix c7540025cd
  19. BIP TWEAKADD Move Vectors to end 4cb0456716
  20. BIP TweakAdd: Condense compatibility section 4500b0ad25


JeremyRubin jonatack kash831 murchandamus

Labels
New BIP

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-09-13 09:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me