This proposal is to implement lightweight proofs of a contract execution and the corresponding result that is accessible to SPV wallets as well as capable of being utilized in smart contracts and off-chain systems.
Motivation
One research concept, dubbed "Proton Network", requires some proof published to a secondary blockchain that a withdrawal has happened through a smart contract on the main (ie, Qtum) blockchain. I've seen other concepts requiring the same functionality. There are currently two workaround options in Qtum, neither of which are optimal:
Construct a proof within the state root tree to prove that some data exists or has changed in the smart contract -- this requires two proofs to emulate "execution", and state root proofs tend to be fairly heavy and large
Construct a proof showing that a contract execution transaction has been placed on the blockchain -- this works fine in theory, but requires complete inflexibility. Introducing flexibility can potentially cause out of gas errors or other errors which cause the contract to fail execution. There is no way to prove that a contract transaction failed with this method.
There is already a design for a new "delta tree" data structure for x86 which allows for proving that no contract execution is censored, as well as proving that a particular execution occurred and what the result is. However, this proposal goes further into making the proof lightweight and capable of being very explicitly tied to a particular transaction.
Specification
When an OP_CALL or OP_CREATE transaction occurs, even if the UTXO is 0 value, it is immediately spent as an AAL transaction. A new 0 value output is created which only encodes data (and thus can be safely trimmed without repercussions). The data included in the output:
SHA256 hash of execution result (this is a somewhat large data structure)
"Staggered" merkle tree root hash of a tree composing of the following nodes: address, error code (repeated)
Staggered in this case means that for example, if contract A and contract B were both executed and A was successful (0) but B was error (1), then the nodes would be encoded in this order:
Abstract
This proposal is to implement lightweight proofs of a contract execution and the corresponding result that is accessible to SPV wallets as well as capable of being utilized in smart contracts and off-chain systems.
Motivation
One research concept, dubbed "Proton Network", requires some proof published to a secondary blockchain that a withdrawal has happened through a smart contract on the main (ie, Qtum) blockchain. I've seen other concepts requiring the same functionality. There are currently two workaround options in Qtum, neither of which are optimal:
There is already a design for a new "delta tree" data structure for x86 which allows for proving that no contract execution is censored, as well as proving that a particular execution occurred and what the result is. However, this proposal goes further into making the proof lightweight and capable of being very explicitly tied to a particular transaction.
Specification
When an OP_CALL or OP_CREATE transaction occurs, even if the UTXO is 0 value, it is immediately spent as an AAL transaction. A new 0 value output is created which only encodes data (and thus can be safely trimmed without repercussions). The data included in the output:
Staggered in this case means that for example, if contract A and contract B were both executed and A was successful (0) but B was error (1), then the nodes would be encoded in this order:
Rationale
Strategy