Confidential Script: Emulate soft forks using stateless TEEs

This innovative approach aims to facilitate developer testing of features such as OP_CAT, OP_CTV, OP_CCV, and Simplicity on the mainnet in a way that is permissionless and relies minimally on trust. It represents a potential compromise in ongoing discussions about soft forks by demonstrating real demand for certain upgrades. Central to this system is the use of a Trusted Execution Environment (TEE), specifically AWS's Nitro Enclave, which provides a secure space for code execution isolated from external threats, thereby protecting sensitive information from side-channel and physical attacks. This secure environment also offers reliable attestations regarding the executed code and its outcomes.

The library operates through a two-step emulation and signing process. Initially, it creates a transaction with an input spending a real previous outpoint but emulates a script-path spend from a P2TR script_pubkey. This transaction is then validated through a Verifier compatible with rust-bitcoinkernel, allowing for the emulation of Bitcoin protocol features not yet adopted. If validation succeeds, the transaction is signed using a derived child private key from the parent private key and the merkle root of the emulated script path. This methodology decouples script execution from on-chain settlement, improving privacy and enabling new functionalities with minimal trust dependence. Additionally, a failsafe mechanism through a backup script path ensures fund recovery if the primary TEE-based execution path fails.

For security, developers are advised to run the library within a Nitro Enclave tightly integrated with AWS Key Management System (KMS). This configuration secures the master private key and allows any AWS account to deploy a similar enclave, making the deployment nearly permissionless. It highlights the crucial role of irrevocable KMS policies for key creation, which prevent deletion and restrict access exclusively to specific, verified enclaves.

In essence, the "confidential-script-lib" introduces an advanced method for executing Bitcoin scripts confidentially and securely. By leveraging TEEs like AWS's Nitro Enclave and integrating with AWS KMS, it offers a powerful platform for developers to experiment with and implement new features on the Bitcoin mainnet, maintaining high security standards and minimal trust requirements.