CHIP-2025-05 Bitwise: Re-Enable Bitwise Operations

Even with solutions for loops, functions, and longer contract lengths, many critical algorithms for financial and cryptographic applications remain relatively inefficient if arithmetic and logical bitwise shifts must be emulated.

The cost of an emulated shift can easily be >10x native shifts, creating significant complexity in contract design, waste in transaction sizes, and unnecessary validation in full nodes.

Re-enabling OP_LSHIFT and OP_RSHIFT has been raised many times since the 2018 opcode restoration (e.g. 2023, 2024), but uncertainty about VM limits and BigInt support made it difficult to evaluate implementation details.

With the 2025 upgrade now behind us, I think we should consider re-enabling the remaining bitwise operations in 2026: OP_INVERT, arithmetic bitwise shifts, and logical bitwise shifts.

If you have thoughts on this topic, I’d love to hear them.

10 Likes

Yes please, it’s very annoying to miss basic operations present in most other programming languages

9 Likes

I’m a big fan of this and can go ahead and do a quick proof-of-concept implementation in BCHN.

Just give me the list of op-code names and numeric values and I can whip together a WIP POC.

10 Likes

Big fan of this. I’ve looked to use these about a half dozen times.

6 Likes

If you have thoughts on this topic, I’d love to hear them.

You have my sword :+1: :crossed_swords:

3 Likes

Least controversial proposal ever?

Without even a full CHIP document.

My instinct is that yeah this makes sense.

7 Likes

Yep, certainly not controversial. I like this proposal so much, I implemented a proof of concept here (after discussing the details with Jason):

8 Likes

Impressive, that was fast.

3 Likes

So, in the spirit of knowing where we come from and avoid the same mistakes.
LSHIFT was the main reason for removal of opcodes, it actually would make the full node crash when used in script. Common Vulnerabilities and Exposures - Bitcoin Wiki

The Internetz tell me that it was based on https://github.com/openssl/openssl/blob/master/crypto/bn/bn_shift.c#L104
so, hey, maybe that bug was there. So be careful. (cc: @cculianu)

1 Like

I would quote from Shadow as he already said what I wanted to say here

I think we should collect all the OP_Code that already has a consensus and implement them in a single upgrade

1 Like

Note that collecting together related upgrades into a ā€œpackageā€ feels nice, but there’s no actual reason it has to be done that way. If a couple of upgrades make it in this year, or next year, and some others the year after or never - that’s fine. BCH is doing really well at just taking small iterative steps which stack up to cumulative and enormous results without needing to rush things.

3 Likes

Thank you all for the responses! Pushed up an initial draft:

Still reviewing some of the edge-case behaviors, but hopefully this is 80% of the way there.

Thank you @cculianu for powering out an implementation for BCHN and helping to clarify the spec!

If you’d like to experiment: a draft implementation for OP_INVERT , OP_LSHIFTNUM , OP_RSHIFTNUM , OP_LSHIFTBIN , and OP_RSHIFTBIN now work in Bitauth IDE (click here for a little playground):

Screenshot 2025-05-31 at 3.32.50 AM

3 Likes

Yeah, I did not mean to ā€œrushā€ or anything like that.

Bundling together smaller upgrades into single bigger upgrade is just a matter of efficiency and decreasing overall implementation cost across the ecosystem.

When you have multiple tiny changes and you spread them all over multiple upgrades, this will effectively create more work for everybody and annoy lots of people.

If we are dealing with ā€œtinyā€ things, it’s therefore more efficient to bundle.

2 Likes

And OP_RSHIFT too! But Satoshi just added a comment in the code (in Feb. 2010), he doesn’t seem to have realized it was also a consensus issue until late July 2010.

Thanks for the warning, Tom. Indeed we don’t really depend on OpenSSL for this (or for much, really). I think we still only use openssl to provide a randomness source, and that’s it.

My personal view is openssl always was a problematic library – too many bugs for such a critical piece of infrastructure.

1 Like