Emulating OP_RAND in Bitcoin
Oleksandr Kurbatov
TL;DR
The paper tackles the challenge of encoding randomness-driven spending flows in Bitcoin despite scripting limitations by proposing a trustless two-party protocol that emulates an OP_RAND-like operation. It introduces an EC Point covenant and a structured OP_RAND emulation protocol with Challenger and Accepter roles, supported by commitments and zero-knowledge-like proofs, and demonstrates the approach with a concrete Thimbles Game example. Key contributions include a concrete two-party covenant construction, a detailed randomness-emulation protocol, and a game-based demonstration showing how on-chain outcomes can depend on verifiable randomness without protocol updates. The work hints at broader use cases for constrained on-chain state evolution and off-chain-like interactions, potentially enabling new forms of trustless games and stateful contracts on Bitcoin.
Abstract
This paper proposes a method of emulation of \verb|OP_RAND| opcode on Bitcoin through a trustless interactive game between transaction counterparties. The game result is probabilistic and doesn't allow any party to cheat, increasing their chance of winning on any protocol step. The protocol can be organized in a way unrecognizable to any external party and doesn't require some specific scripts or Bitcoin protocol updates. We will show how the protocol works on the simple \textbf{Thimbles Game} and provide some initial thoughts about approaches and applications that can use the mentioned approach.