Rushing OP_CAT on Bitcoin could come at an immense security cost

Operation Concatenate (OP_CAT) could be a game-changer for Bitcoin. But if its security risks are not diligently addressed, it could also undermine Bitcoin.
Operation Concatenate (OP_CAT) could be a game-changer for Bitcoin. But if its security risks are not diligently addressed, it could also undermine Bitcoin.

There has been a storm of recent support for reenabling Bitcoin’s (BTC) Operation Concatenate (OP_CAT), a code that Satoshi Nakamoto introduced in the original Bitcoin script that allows Bitcoin users to combine two data sets into a single transaction script. Potential security concerns from overly large stack elements led Nakamoto to disable the code in 2010. 

Reintroducing OP_CAT could facilitate asset tokenization, building on the initial success of Ordinals. The proposed opcode addition would streamline manipulating asset metadata and advanced data structures within transaction scripts. However, rushing its implementation could topple Bitcoin’s reign as the most secure blockchain.

The OP_CAT and Ordinals Renaissance (and resistance)

The easiest way to understand why Ordinals and OP_CAT are on the rise is to look at Bitcoin’s history of tokenization and nonfungible tokens (NFTs). Before Ethereum (ETH) and CryptoKitties became mainstream, NFTs first appeared on Bitcoin via metaprotocols such as Colored Coins. Proposed in 2012 by Yoni Assia, Colored Coins used small fractions of Bitcoin (satoshis) to represent real-world assets (with limited success). Counterparty was another attempt in this vein, responsible for creating the "Rare Pepe Nakamoto" in 2016. But these early attempts at NFTs were held back by three Bitcoin limitations: reduced speed, poor scalability, and high transaction costs.

Related: Bitcoin could grow by strides by being more like Ethereum

More than 10 years later, eager Bitcoin enthusiasts want to bring NFTs back to Bitcoin. Ordinals supporters are utilizing the OP_RETURN output to embed arbitrary data into Bitcoin transactions. In doing so, they circumvent the 80-byte limit by spreading data across multiple outputs. Many applaud their technical workaround. Others see it as spam on the otherwise secure Bitcoin network.

For example, teams like Ocean Mining are actively trying to remove Ordinals data, considering it a form of DoS attack. In a December 2023 tweet, Ocean Mining CTO Luke Dash noted, “Bitcoin Core has, since 2013, allowed users to set a limit on the size of extra data in transactions they relay or mine (`-datacarriersize`). By obfuscating their data as program code, Inscriptions bypass this limit. This bug was recently fixed in Bitcoin Knots v25.1.”

Responding to a user who suggested that Ordinals had been "allowed" on Bitcoin, he offered a straightforward reply writing, “Nobody ever allowed ordinals. It's been an attack on Bitcoin from the start.” As a Bitcoin Core developer, his opinion does hold weight.

Bitcoin developer Luke Dash is not a fan of Ordinals or inscriptions. Source: X

It should also be noted that Ocean Mining — formerly known as Eligius — has found more than 11,000 blocks, mining nearly 350,000 Bitcoin. Several hundred node operators agree with Ocean’s views and have decided to mine Bitcoin by filtering out “spam” generated by Ordinals inscriptions.

OP_CAT versus Bitcoin purists

This might seem like the end of Bitcoin NFTs in 2024. Not only is Ordinals dealing with node operators filtering out their inscriptions, but they are also facing the same issues the metaprotocols before them faced: network congestion and high fees on a low TPS protocol. With numerous mounting obstacles, how will Bitcoin support the demand for secure and scalable tokenization/NFTs? Are Ordinals destined to go down in Bitcoin history as easily forgotten as Colored Coins?

The focus is now on introducing OP_CAT onto the Bitcoin protocol to improve base layer limitations. StarkWare recently announced a $1 million fund dedicated to researching OP_CAT and its potential to promote Bitcoin adoption. Individuals are excited about the potential of use cases like secure document signing and vaults.

Bitcoin Magazine editor "Brian_Trollz"  wrote on X that "activating OP_CAT alone" would create a "nightmare mess that is more dangerous than useful." Source: 

That being said, the same potential security vulnerabilities that were problematic in 2010 are now partly the same reason developers are not rushing to conclude the discussion on OP_CAT’s BIP 420. This conflict has sparked debate within the community about the legitimacy and future of Ordinals, but like many innovations, insider communities can sometimes run counter to mainstream signals for demand.

Related: Ether ETF approvals show staking may still be a security in SEC's eyes

Introducing OP_CAT could simplify asset tokenization on Bitcoin. However, this change requires a soft fork, and any backward-compatible update to the Bitcoin protocol, OP_CAT included, risks potential hacks. Rushed adoption without additional opcode integration will also limit its functionality.

Security above all

Bitcoin’s history and main use case as a secure protocol face an existential threat with rushed OP_CAT adoption. Missing posters for OP “CATs” and #BIP420 appearing in X bios show an undeniable demand for tokenization and NFTs. Instead, these should be pursued through layer-2 solutions that don’t compromise Bitcoin’s base layer security and functionality. Until the community reaches a consensus, teams like RSK, Liquid, Lightning, BSquared and my own company (AYCE) are developing infrastructure to meet this demand without risking Bitcoin’s core stability.

This isn’t the first time hype and investor pressure have encouraged rushed protocol adoption. Bitcoin must stand apart, prioritizing security above all else. It’s up to the community, not just those with the loudest voices, to protect it. The future of cryptocurrency and blockchain technology hinges on Bitcoin’s unblemished security record. Why hurry to fix something that isn’t inherently broken?

Afnan Rahman is the co-founder and CEO of AYCE & Co. He previously co-founded OpenNode and helped build the Bitcoin wallet Zap (Strike). He is a graduate of UC Santa Barbara.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.