BIP draft: Consensus ScriptPubKey Length Limit #2039
+97
−0
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,97 @@ | ||
| <pre> | ||
| BIP: ? | ||
| Layer: Consensus (soft fork) | ||
| Title: Consensus ScriptPubKey Length Limit In Most Blocks | ||
| Author: billymcbip@proton.me | ||
| Status: Draft | ||
| Type: Specification | ||
| License: MIT | ||
| Discussion: 2025-10-02: https://groups.google.com/g/bitcoindev/c/YO8ZwnG_ISs/m/cgnE52cSAgAJ | ||
| Version: 1.0.0 | ||
| </pre> | ||
|
|
||
| ==Abstract== | ||
|
|
||
| Limit the size of new ScriptPubKeys at the consensus level (including OP_RETURN outputs) in most (255/256) blocks. | ||
|
|
||
| ==Specification== | ||
|
|
||
| Transactions in blocks at or above the activation height (''tbd'') cannot include outputs with ScriptPubKeys that are longer than 260 bytes unless the block height is a factor of 256 (<code>block_height % 256 == 0</code>). | ||
|
|
||
| ==Motivation== | ||
|
|
||
| Bitcoin is money. Transactions embedding arbitrary data compete with financial transactions for block space, and many node operators clearly do not want to process, relay or store arbitrary data. | ||
|
|
||
| The motivation of this BIP is to reduce the amount of arbitrary data that can be embedded in transactions and in the UTXO set. | ||
|
|
||
| A system with N independent bits of freedom can carry at most N bits of information. Limiting the length of ScriptPubKeys reduces independent bits of freedom within a block. More non-arbitrary bytes would have to wrap arbitrary bytes embedded in ScriptPubKeys. | ||
|
|
||
| Since Bitcoin is money, we must avoid setting any precedent for confiscation, i.e. making previously spendable UTXOs unspendable. Some users may hold pre-signed transactions that create new ScriptPubKeys longer than 260 bytes and no longer control the private keys that signed them. To avoid invalidating these transactions, we allow them to be processed in one out of every 256 blocks (<code>block_height % 256 == 0</code>), i.e. in roughly one block every ~42 hours. BIP34 lets us extract the block height from the coinbase transaction. Of course, this exception also allows any other large OP_RETURN outputs to be included in those blocks, but such transactions are throttled. | ||
|
|
||
| ==Rationale== | ||
|
|
||
| '''Why limit OP_RETURN at all? Why not block OP_RETURN completely?''' | ||
|
|
||
| It is impossible to completely prevent arbitrary data in blocks. Therefore, it makes sense to continue offering a less harmful way to embed data, i.e. OP_RETURN. | ||
|
|
||
| However, OP_RETURN should only be ''marginally'' more attractive for data embedding than methods leading to arbitrary data in the UTXO set. | ||
|
|
||
| '''Why 260 bytes?''' | ||
|
|
||
| The length of ScriptPubKeys for all standard outputs is well below 260 bytes: | ||
billymcbip marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| * P2PK: up to 67 bytes | ||
| * P2MS: up to 201 bytes (max. 3 keys are standard) | ||
| * P2PKH: 25 bytes | ||
| * P2SH: 23 bytes | ||
| * P2WPKH: 22 bytes | ||
| * P2WSH: 34 bytes | ||
| * P2TR: 34 bytes | ||
| * WITNESS_UNKNOWN: up to 42 bytes | ||
|
|
||
| A 260 byte limit allows 256 bytes of data in OP_RETURN outputs: | ||
|
Contributor
There was a problem hiding this comment. This is true, though this is only the limit on UTXO set excluded outpoints (unspendable) One could literally just use all 260 bytes for data if they didn't care about the execution of the script that resulted.
Author
There was a problem hiding this comment. Correct, but a ~11 byte overhead per chunk would remain (see my other comment). |
||
| <pre> | ||
| 1 byte OP_RETURN | ||
| 1 byte OP_PUSHDATA2 | ||
| 2 bytes length | ||
| 256 bytes data | ||
| </pre> | ||
|
|
||
| Any limit is somewhat arbitrary, but 256 is a multiple of 32, i.e. 8 SHA-256 hashes could be embedded. | ||
|
|
||
| '''Why not limit non-OP_RETURN outputs to 34 bytes?''' | ||
|
|
||
| Firstly, simplicity: A simple length check is easier to implement, no need to discriminate between OP_RETURN outputs and other outputs. | ||
|
|
||
| Secondly, unknown unknowns: We may need longer scriptPubKeys in the future. | ||
|
|
||
| '''Why change consensus rather than mempool policy?''' | ||
|
|
||
| If we accept large OP_RETURN outputs in consensus but not in mempool policy, more transactions will be submitted directly to mining pools. This creates centralization pressure (see https://bitcoincore.org/en/2025/06/06/relay-statement/). | ||
|
|
||
| '''Why does this BIP not include other measures to limit data embedding?''' | ||
|
|
||
| The idea of this BIP is to allows the community to discuss the merits of a ScriptPubKey size limit in isolation. Limiting ScriptPubKey size can be an atomic change, it does not have to be implemented in conjunction with other, more complex anti-spam measures that constrain ''which'' UTXOs can be spent (rather than ''how'' UTXOs can be spent). | ||
|
|
||
| ==Backwards Compatibility== | ||
|
|
||
| Soft fork, backwards compatible. | ||
|
|
||
| ==Reference Implementation== | ||
|
|
||
| ''tbd'' | ||
|
|
||
| ==Deployment== | ||
|
|
||
| ''tbd'' | ||
|
|
||
| ==Credits== | ||
|
|
||
| This BIP is inspired by parts of the "Reduced Data Temporary Softfork" (https://github.com/bitcoin/bips/pull/2017). | ||
|
|
||
| @moonsettler and @portlandhodl provided direct feedback. | ||
|
|
||
| @portlandhodl suggested a 520-byte limit without a block height exception. See: https://groups.google.com/g/bitcoindev/c/YO8ZwnG_ISs/m/cgnE52cSAgAJ | ||
|
|
||
| ==Copyright== | ||
|
|
||
| This document is licensed under the MIT License. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This BIP only has a marginal effect on the total amount of data that could be stored as it only forces segmentation of the data into
.size()/260 + .size()%260 ? 1 : 0chunks.There is a reduction in the total usable space for arbitrary data by 5.625% with 9 bytes of overhead against 160 bytes of payload.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@portlandhodl I mostly agree - the effect is marginal. I think the ROI of this BIP is attractive because it can be implemented in very few LOC that are easy to reason about.
Nit: It might make more sense to split data into
.size()/255 + .size()%255 ? 1 : 0chunks to avoid having to useOP_PUSHDATA2(2 length bytes).Not following the numbers 9 and 160 here. I think the overhead is 14 bytes per chunk: