BitVM: Ushering in Bitcoin's smart contract era

For Turing-complete smart contracts on Bitcoin, Twitter user @robin_linus proposed a new proposal - BitVM.

He claims that this can be achieved without any changes to Bitcoin's code.

Since Bitcoin's native scripting language is quite limited, this is why we need to extend Bitcoin with various layers.

These different layers act as various building blocks, ultimately bringing more functionality to Bitcoin. And today we have an important breakthrough: smart contracts.

This year, we've seen a dramatic increase in discussion about Rollups on Bitcoin, with the most common topics being sovereignty, zero-knowledge proofs, and Optimistic Rollups.

These scaling solutions run on L2, but eventually go back to the main chain cryptographically.

What is BitVM

BitVM uses technology similar to Optimistic Rollups.

Optimistic Rollups usually assume that the transaction is valid, but allocate a certain period of time for dispute resolution.

In the event of a dispute, Rollup returns to its previous state.

BitVM's actual smart contract computation takes place on a separate layer, and in the event of a dispute, these disputes are "saved" on Bitcoin's main chain. Therefore, all BitVM activity occurs off-chain.

** (Translator's note: A public, immutable record is kept on the main chain that can be used to resolve disputes.) If there is no dispute, all BitVM activity will take place off-chain, that is, outside the main Bitcoin chain. This off-chain activity can be carried out more quickly and the validity of transactions is ensured by using Bitcoin's main chain as the basis for security and trustworthiness. ）**

BitVM mainly depends on four components**

• Hash lock
• Time lock
• Merkle tree
• Multi-signature

Hash lock

A hash lock is a cryptographic hidden key generated by the person initiating the transaction, which ensures that the transaction can only be finalized after approval from the initiator.

Time Lock

A transaction under a time lock must be executed after a certain date, time, or block height.

Merkle Tree

The Merkle tree branch uses cryptography to record the results of executing a script into the blockchain, rather than recording all possible executions of a script.

This greatly reduces the space taken up by transactions, especially for more complex ones!

** In the past, in order to verify the validity of a transaction, it was necessary to record all possible execution paths and results, which took up a lot of storage space. With Merkle tree branching, we only record the results of the actual execution, and this optimization makes transaction processing more efficient while also reducing the storage requirements of the blockchain. ）**

Multisig

Multisig often allows multiple parties to share control over a single wallet. Under the design of BitVM, you would have a two-part multi-signature consisting of a prover and a verifier.

**So how does BitVM work? **

Provers and validators first compile the smart contract into an if-then statement map that contains all possible outcomes.

To save space, we use Merkle format to save on-chain.

Both parties must also pre-sign a series of challenge and answer transactions that can be used in the event of a dispute!

After completing these prerequisites, they can deposit Bitcoin into a Taproot address, which activates the smart contract and allows both parties to start exchanging data off-chain or on a separate layer.

Validators can use time locks to force the prover to make a decision within a defined amount of time.

If the prover makes a false claim, the verifier can dispute this and get his deposit back.

This ensures that any attackers lose their deposit and encourages good behavior.

Uses of BitVM

Now that we have a basic understanding of the structure of the BitVM contract, we can dive a little deeper into what it is used for.

Currently there are three "Commitment" :

• Bit Value Commitment
• Logic Gate Commitment
• Binary Circuit Commitment

Bit-value commitment

This enables approvers to set a bit value to "0" or "1" in different scripts and unused transaction outputs (UTXOs), allowing one script to run across multiple transactions, and these binary 0s and 1s are the basis for all calculations

** (Translator's note: By controlling the bit value, various calculation operations such as conditional judgment and logical operations can be realized.) This flexibility allows BitVM to support complex smart contract functions more robustly. ）**

Logic gate promise

This allows the use of NAND gates and implements the functionality of statements such as AND, NOT, and OR.

The AND AND gate generates an output based on the state of two inputs (such as two bit values).

** The logic gate commitment mechanism provides BitVM with more flexible and powerful functions by introducing AND NOT gates, enabling smart contracts to support complex calculations containing logical operations. ）**

Binary Circuit Promise

Once the various logic gates are defined, you can use binary circuits to build more complex digital systems.

Think of it as a complete smart contract structure formed by multiple NAND building blocks.

In BitVM, similarly, we can combine multiple logic gates to form a complete smart contract structure, just as multiple AND NOT gates form a concrete modular implementation. This modular approach to building makes the design of smart contracts more flexible and scalable. ）**

Additional Reference Resources

That's all for the technical details we can cover so far, and there are plenty of additional resources to check out if you want to dive deeper or learn more about BitVM.

Here are some resources worth considering:**

Change of attitude

By observation, we found an interesting phenomenon:**

There has been a huge shift in attitudes towards building applications on Bitcoin via BitVM.

Many people have reacted coldly or even openly opposed to the introduction of smart contracts into Bitcoin, but now they have begun to express support, which is encouraging!