🐂 Not all bull runs are created equal. November’s AI picks include 5 stocks up +20% eachUnlock Stocks

New research proposes off-chain computations on Bitcoin

Published 10/10/2023, 05:03 AM
Updated 10/10/2023, 05:31 AM
New research proposes off-chain computations on Bitcoin
BTC/USD
-

Crypto.news - A new research paper titled “BitVM: Compute Anything on Bitcoin” proposes a novel method for executing complex computations and smart contracts on the Bitcoin network.

The paper — published on Oct. 9 — suggests that users verify Bitcoin (BTC) computations without executing them on-chain. This is done using a prover-verifier model, where the prover claims the result of a calculation, and the verifier can check if the claim is valid.

The prover first compiles the program into a large binary circuit of logic gates to achieve this. They commit to this circuit bit-by-bit using cryptographic commitments in a Taproot address. The verifier can then query the prover to reveal certain parts of the circuit and check if they are consistent.

The paper shows that by using cleverly constructed “challenge-response” transactions signed by both parties, the verifier can detect any false claims by the prover through a series of binary searches. This allows arbitrary computations to be verified succinctly on-chain.

The key benefit of this model, called “BitVM,” is that it requires no changes to Bitcoin’s consensus rules. All the heavy lifting is done off-chain, while the on-chain footprint remains small. The paper demonstrates BitVM’s capabilities through simple logic gates but notes it can be extended to any computable function.

Potential applications include verifying computational proofs for Bitcoin contracts, bridging assets across chains, hosting prediction markets directly on Bitcoin, and more. However, BitVM is limited to a two-party setting between a prover and a verifier.

While more research is needed to extend BitVM for real-world use, the paper presents a promising approach to expand Bitcoin’s smart contract capabilities while retaining its security model focused on low complexity to reduce the attack surface. Still, cypherpunk and Blockstream co-founder Adam Back pointed out that this paper is not as revolutionary as it may appear to non-experts.

For people getting (over) excited, this is cool but effectively a generalization of a two-party game – it says right in the abstract – so it’s a bit like Greg Maxwell’s 2016 ZKP contingent payments implemented example

Adam Back, Blockstream co-founder

Despite the system cited by Back being remarkably similar, it still features some significant differences compared to BitVM. The critical one is that Zero-Knowledge Contingent Payment (ZKCP) — proposed by renowned developer Gregory Maxwell in February 2016 — relies on zero-knowledge proofs (ZPKs), while BitVM uses fraud proofs based on hash locks and timelocks.

In ZKCP, the seller uses zero-knowledge proof to prove to the buyer that they have the information the buyer wants to purchase without revealing anything about the actual data. The buyer only needs to verify the proof.

In contrast, in BitVM, the prover (seller) commits to a program bit-by-bit in a large Taproot tree. The verifier (buyer) can then challenge the prover to reveal parts of the program to ensure consistency. If the prover makes a false claim, the verifier can construct a fraud proof to take their deposit.

Additionally, ZKCP requires significant cryptographic overhead in generating and verifying the proofs. BitVM relies more on hashes and digital signatures, making it more lightweight.

This article was originally published on Crypto.news

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.