Skip to content

BitVM

BitVM (Bitcoin Virtual Machine) is an innovative Bitcoin Layer 2 solution concept that leverages the Tapscript functionality from Bitcoin's Taproot upgrade to achieve Turing-complete computation on Bitcoin without modifying the core protocol. The core idea of BitVM is to execute complex computations off-chain while using the Bitcoin mainchain solely as the final Fraud Proof settlement layer.

Problems Addressed

Bitcoin's scripting language is limited in functionality, primarily designed for simple payment logic and not Turing-complete. This restricts the possibility of building complex smart contracts and decentralized applications (DApps) on Bitcoin. BitVM aims to solve:

  1. Programmability limitations of Bitcoin Script: Introducing Turing-complete smart contract capabilities without modifying the underlying Bitcoin protocol.
  2. Security and decentralization: Maximizing the inheritance of Bitcoin mainchain security while implementing complex functionality, avoiding the introduction of new trust assumptions.
  3. On-chain efficiency: Moving computation-intensive tasks off-chain to avoid burdening the Bitcoin mainchain.

Implementation Mechanisms and Principles

BitVM's principles are based on Fraud Proofs and a Challenge-Response Game, with the core being the construction of a binary circuit and on-chain verification of that circuit's execution.

Off-Chain Execution and On-Chain Commitments

  1. Off-chain computation: Both parties (Prover and Verifier) jointly execute a predefined Turing-complete program off-chain. This program can simulate arbitrarily complex computations, such as EVM smart contracts or machine learning algorithms.
  2. On-chain commitments: During execution, the Prover periodically submits intermediate states of the computation (or "commitments") to the Bitcoin chain. These commitments are typically implemented through Tapscript combined with Merkle trees, occupying minimal on-chain space.

Challenge-Response Game

  1. Dispute initiation: If the Verifier believes that a particular intermediate state commitment submitted by the Prover is fraudulent, or if the Prover refuses to submit the next commitment, the Verifier can initiate a challenge on the Bitcoin chain.
  2. Dispute resolution: After a challenge is initiated, both parties enter an on-chain "arbitration" process. The Prover must provide proof of a specific computation step. The Verifier selects a particular step from the Prover and demands that the Prover prove the correctness of that step on-chain.
  3. Minimized on-chain verification: This challenge-response game is designed for "minimized on-chain verification." That is, the Prover only needs to prove the correct execution of a single instruction or logic gate on-chain, rather than the entire program. By decomposing complex programs into extremely small binary logic gates and leveraging Bitcoin's OP_CHECKCONTRACTVERIFY and conditional statements, the input-output relationships of these tiny steps can be verified on-chain.
  4. Penalty mechanism: If the Prover fails to prove the correctness of their computation within the specified time, or if the Verifier's challenge is proven invalid, the losing party forfeits the funds staked on-chain as a penalty.

Role of Taproot and Tapscript

BitVM relies heavily on Bitcoin's Taproot upgrade. * Taproot addresses: Provide more flexible script paths (Tapscript), enabling multiple scripts to be embedded within a single UTXO, with only the relevant one revealed when needed. * MAST (Merkelized Abstract Syntax Trees): Allows multiple scripts to be committed in Merkle tree form, reducing on-chain storage requirements. * New opcodes: Such as OP_CHECKSIGFROMSTACK, which can support more complex script logic.

Key Features

  • Turing-complete simulation: Achieves theoretically Turing-complete computation on Bitcoin, greatly expanding Bitcoin's application scenarios.
  • Maximum security: Since its settlement layer resides on the Bitcoin mainchain, BitVM inherits Bitcoin's highest level of security.
  • Trust-minimized: Through fraud proofs and the challenge-response game, even if the Prover attempts to cheat, they will be detected and penalized by the Verifier.
  • No Bitcoin modifications required: All functionality is based on existing or already approved Bitcoin protocol improvements (such as Taproot), requiring no new consensus-layer changes.
  • Off-chain scalability: Most computation occurs off-chain, with the Bitcoin mainchain responsible only for dispute resolution, enabling efficient scaling.
  • Fraud Proof
  • Challenge-Response Game
  • Taproot / Tapscript
  • MAST (Merkelized Abstract Syntax Tree)
  • Layer 2 Scaling