CHIP-2025-05 Bitwise: Re-Enable Bitwise Operations

CHIPs Standards Track
#1

Even with solutions for loops, functions, and longer contract lengths, many critical algorithms for financial and cryptographic applications remain relatively inefficient if arithmetic and logical bitwise shifts must be emulated.

The cost of an emulated shift can easily be >10x native shifts, creating significant complexity in contract design, waste in transaction sizes, and unnecessary validation in full nodes.

Re-enabling OP_LSHIFT and OP_RSHIFT has been raised many times since the 2018 opcode restoration (e.g. 2023, 2024), but uncertainty about VM limits and BigInt support made it difficult to evaluate implementation details.

With the 2025 upgrade now behind us, I think we should consider re-enabling the remaining bitwise operations in 2026: OP_INVERT, arithmetic bitwise shifts, and logical bitwise shifts.

If you have thoughts on this topic, Iā€™d love to hear them.

10 Likes
#2

Yes please, itā€™s very annoying to miss basic operations present in most other programming languages

9 Likes
#3

Iā€™m a big fan of this and can go ahead and do a quick proof-of-concept implementation in BCHN.

Just give me the list of op-code names and numeric values and I can whip together a WIP POC.

10 Likes
#4

Big fan of this. Iā€™ve looked to use these about a half dozen times.

6 Likes
#5

If you have thoughts on this topic, Iā€™d love to hear them.

You have my sword :+1: :crossed_swords:

3 Likes
#6

Least controversial proposal ever?

Without even a full CHIP document.

My instinct is that yeah this makes sense.

7 Likes
#7

Yep, certainly not controversial. I like this proposal so much, I implemented a proof of concept here (after discussing the details with Jason):

8 Likes
#8

Impressive, that was fast.

3 Likes
#9

So, in the spirit of knowing where we come from and avoid the same mistakes.
LSHIFT was the main reason for removal of opcodes, it actually would make the full node crash when used in script. Common Vulnerabilities and Exposures - Bitcoin Wiki

The Internetz tell me that it was based on https://github.com/openssl/openssl/blob/master/crypto/bn/bn_shift.c#L104
so, hey, maybe that bug was there. So be careful. (cc: @cculianu)

1 Like
#10

I would quote from Shadow as he already said what I wanted to say here

I think we should collect all the OP_Code that already has a consensus and implement them in a single upgrade

2 Likes
#11

Note that collecting together related upgrades into a ā€œpackageā€ feels nice, but thereā€™s no actual reason it has to be done that way. If a couple of upgrades make it in this year, or next year, and some others the year after or never - thatā€™s fine. BCH is doing really well at just taking small iterative steps which stack up to cumulative and enormous results without needing to rush things.

3 Likes
#12

Thank you all for the responses! Pushed up an initial draft:

Still reviewing some of the edge-case behaviors, but hopefully this is 80% of the way there.

Thank you @cculianu for powering out an implementation for BCHN and helping to clarify the spec!

If youā€™d like to experiment: a draft implementation for OP_INVERT , OP_LSHIFTNUM , OP_RSHIFTNUM , OP_LSHIFTBIN , and OP_RSHIFTBIN now work in Bitauth IDE (click here for a little playground):

Screenshot 2025-05-31 at 3.32.50 AM

4 Likes
#13

Yeah, I did not mean to ā€œrushā€ or anything like that.

Bundling together smaller upgrades into single bigger upgrade is just a matter of efficiency and decreasing overall implementation cost across the ecosystem.

When you have multiple tiny changes and you spread them all over multiple upgrades, this will effectively create more work for everybody and annoy lots of people.

If we are dealing with ā€œtinyā€ things, itā€™s therefore more efficient to bundle.

2 Likes
#14

And OP_RSHIFT too! But Satoshi just added a comment in the code (in Feb. 2010), he doesnā€™t seem to have realized it was also a consensus issue until late July 2010.

#15

Thanks for the warning, Tom. Indeed we donā€™t really depend on OpenSSL for this (or for much, really). I think we still only use openssl to provide a randomness source, and thatā€™s it.

My personal view is openssl always was a problematic library ā€“ too many bugs for such a critical piece of infrastructure.

2 Likes
#16

Fully support this effort to re-enable the remaining bitwise operators in 2026!
I see this sentiment is shared pretty universally as these are essential, basic computation primitives.

Thanks @bitjson for CHIPā€™in this! (even though you wanted to take a break from proposing CHIPs)

In November of '23 I had even started drafting a proposal with similar intent but never got it far enough along. I was mainly thinking about how to enable higher precision division for (bit127 / bit64), the need for which already got lifted with the BigIns upgrade.

This is awesome to see! :smiley: :muscle:

5 Likes