A circuit. Image from bittbox via flickr.com. License: Creative Commons

The concept of a “BitVM” is currently exciting the Bitcoin community. The idea is not without problems – but it can usher in epochal progress for Bitcoin. And that is to be understood quite literally.

Ever since Satoshi upended the world of money with his white paper in just nine pages, brevity has been de rigueur in the crypto world. The eight-page paper “BitVM: Compute Anyting” by Robin Linus stays true to this rule – and what it says could become an unprecedented milestone for Bitcoin.

Chess and Go on Bitcoin

BitVM “is a computing paradigm for expressing Turing-complete Bitcoin contracts.” It allows any computing operation to be integrated into a Bitcoin transaction.

You can, writes Robin, accommodate “games like chess, Go or poker” in Bitcoin contracts, connect Bitcoin to other blockchains, create prediction markets or emulate new opcodes. And, perhaps best of all: without changing Bitcoin’s consensus rules.

That sounds too fantastic to be true. So how is it possible? The answer is, you guessed it, a bit complicated.

The simple explanation

First the simple version: Since the Taproot upgrade, a Bitcoin address contains the essence of a data structure called a Merkle tree or hash tree. This data structure allows data or other transaction conditions to be entered.

Ordinals Inscription use Taproot to store images, BRC-20 to integrate the logic of tokens. BitVM goes radically further: It creates a virtual machine in the hash trees that allows arbitrary computing operations.

If this explanation is enough for you, you can skip the following sections. For those who want to know more, here is a more thorough explanation. With her I will have to tread on thin ice at times.

Boolean circuits

BitVM simulates data processing at a very basic level. The exact explanation is therefore somewhat challenging. Below we present the four most important building blocks.

First, the “Boolean circuits”: BitVM simulates these in the hash tree. Boolean circuits are “digital circuits”: in a physical circuit there is either current or no current, while a digital circuit outputs either zero or one. That’s a bit.

Programs and data sets are built with such bits. The information flows through so-called gates, which take one or more bits as inputs, process them with simple logic and output an output that is either zero or one. BitVM uses the NAND gate, which in principle allows any logical connection.


Second, the hash tree: This cryptographic concept plays a key role in Bitcoin. A hash tree is made up of many hashes called “leaves” that are combined, hashed, combined and hashed until only one hash remains. This is the root or “Top Hash2. You can imagine it like a pyramid. A hash tree makes it possible to check the validity of an incredibly large amount of data based on the root alone.

This hash tree looks like an upside down tree: the crown is at the bottom, the root is at the top. Image from wikipedia.org.

The header of a Bitcoin block also contains proof of the validity of each individual transaction via the root of the hash tree. Taproot goes one step further: it makes the root of a hash tree part of an address. This means you can integrate not just individual data, but entire structures into Bitcoin’s transaction logic.

NAND circuits

Third, BitVM now uses the leaves of the hash tree to simulate bits. To do this, BitVM represents each bit with two hashes, hash0 and hash1. When you reveal the preimage of one of the hashes, i.e. the data that precedes it, the bit becomes a 0 or 1. These are processed by the NAND circuits.

BitVM therefore represents a digital circuit in the hash tree. This allows you to formulate infinitely complex conditions as to when the root of the hash tree and therefore a transaction is valid. This could be winning a game of chess, getting the correct names and dates of birth of one hundred people, passing an exam summa cum laude in theoretical quantum physics, or whatever you can imagine.

Prover and Verifier

Fourth, however, there is still a problem to be solved: How do you protect yourself from fraud? What prevents a party from not completing the program correctly? If you receive money via BitVM – how do you know that the sender has actually created the address correctly?

This building block is necessary, but a bit boring. BitVM defines two roles, prover and verifier: one makes a claim, the other checks it. To do this, the two agree on a sequence of questions and answers (challenges and responses). If the prover refuses to answer, he loses.

This sequence is stored as a pre-signed chain of onchain transactions by both parties. If fraud occurs, the verifier can redeem these transactions onchain and secure the funds on the address. Without such a security mechanism, BitVM would not function. However, it is not used in normal operation. He is there not to be needed.

Not an altcoin killer

How should you assess BitVM? Is it, as some Bitcoiners wish, the end of altcoins, DeFi and crypto, because everything they can do can be written into the BitVM?

Certainly not that. BitVM is so far just a pure concept, which even the inventor Robin Linus writes that it is inefficient and so far limited to two parties. It also introduces huge complexity for wallets and users. Putting an altcoin into BitVM is like running a Dos box in a Windows emulator on Fedora Linux.

BitVM will certainly not shake the existence of crypto and altcoins. But that doesn’t mean the concept isn’t fantastic. It has the potential to make Bitcoin so much better that it’ll make you dizzy if you really think about it.

Proteins fold instead of a signature

First of all, BitVM allows any transaction logic to be introduced. You could tie transactions to a chess game, to simulating protein folding, to performing AI calculations, or whatever you want.

This is extremely fascinating, but in reality it will suffer from enormous inefficiency: since each bit is represented by a hash consisting of 128 or 256 bits, the data load is enormous. BitVM is only likely to be suitable for complicated programs consisting of billions of bits and gates in absolutely exceptional cases.

Backup strategies and covenants

New backup or transaction strategies are more realistic. The only limits are your imagination.

You could back up using Google Authenticator, a verification service provider, signatures from other Bitcoin addresses, PGP keys, 10 questions you can only answer yourself, a tweet, a Nostr post, or whatever comes to mind. With BitVM, Bitcoin can get a much better and smarter “smart wallet” than anything that is currently being celebrated on Ethereum with “account abstractions”.

You can also introduce the “covenants” or whitelists for which the BIP-119 softfork was requested (and rejected) some time ago, i.e. that payouts are only possible to certain addresses. With BitVM you can maintain much more extensive white or black lists than the onchain covenants would ever have made possible.

You can set daily spending limits (which can be increased, for example, with a signature from a service provider), tie transactions to proof of age or proof of human, and so on.

Anonymity, sidechains and more

It would be possible to trigger a transaction by another Bitcoin transaction. This could make it possible to break the chain of transactions without a third party and thus create anonymity. Ring signatures like Monero would also be conceivable.

Theoretically, it would also be possible to weave a minimalist wallet for other cryptocurrencies or blockchains into the hash tree. This means that Bitcoin could finally listen to the other coins. You could exchange coins decentrally or form sidechains that, like the drivechain concept, do not require a middleman to trust.

Perhaps BitVM could also be integrated into the Lightning Network to improve liquidity management. You could also combine them with Ordinals Inscriptions, BRC-20 tokens or the decentralized Twitter alternative Nostr. And the scene will certainly find exciting applications that we aren’t even thinking about here.

However, a lot of work will still be necessary to develop these possibilities. There isn’t even a proof of concept yet. It will therefore be years before we see BitVM in wallets – if interest and perseverance in day-to-day business do not wane by then. That could happen, but it would be a tragedy. In theory, BitVM is an epoch-making milestone for Bitcoin.

Source: https://bitcoinblog.de/2023/10/11/bitvm-ermoeglicht-frei-programmierbare-bitcoin-transaktionen/

Leave a Reply