BitVM, or Bitcoin Virtual Machine, is a proposed system described in a whitepaper by Robin Linus that allows complex computations and smart contracts to be executed on the Bitcoin network.
BitVM utilizes a prover-verifier architecture with fraud proofs and a challenge-response protocol to verify computations. The prover and verifier first collaborate off-chain to compile the program into a binary circuit format.
The prover and verifier also jointly pre-sign a set of transactions to enable the challenge-response protocol. After setup, both parties make deposits on-chain to the Taproot address to activate the contract.
The prover can now execute the program off-chain and inform the verifier of the results. If the verifier believes the results are invalid, they can trigger a challenge transaction. This forces the prover to reveal the inputs and outputs of the disputed logic gate to prove it executed correctly. After multiple rounds of challenge-response, any false claims can be proven on-chain.
This approach minimizes on-chain computation and data by keeping the bulk of work off-chain. The blockchain only gets involved in instances of disputes between the parties.
The whitepaper points to several potential benefits of BitVM:
Enables Turing-complete smart contracts on Bitcoin without changing consensus rules
Minimizes blockchain congestion by keeping computation and data off-chain
Allows arbitrarily complex computations to be settled on Bitcoin between two parties
Succinct commitments to entire programs possible with Taproot addresses
Two parties can coordinate off-chain, enforced by on-chain verification when required
Lower costs than executing contracts on-chain
Fraud proofs guarantee security - false claims are provable on-chain
BitVM verifies off-chain computation while Ethereum natively runs contracts on-chain
BitVM requires more coordination off-chain, Ethereum is on-chain
BitVM minimizes fees and blockchain load versus Ethereum
BitVM is currently limited to two parties, while Ethereum supports multi-party contracts
BitVM pursues minimal on-chain impact at the cost of convenience. But it enables advanced Bitcoin contracts that are otherwise not possible.
Some limitations and challenges of the initial BitVM concept:
Two-party architecture makes complex multi-party contracts difficult
No native support yet for blockchain oracles and external data
Computationally demanding for participants to process complex circuits
No specified methods yet for monitoring or viewing the BitVM contract state
Taproot address space constraints limit maximum circuit complexity
BitVM introduces a novel architecture for Turing-complete smart contracts on Bitcoin without changing consensus rules. It discusses how verifying off-chain computations minimizes blockchain load while expanding functionality.
BitVM creates a new design space for more advanced Bitcoin contracts and off-chain computation models. It focuses solely on the core two-party BitVM concept as the starting point for further exploration and evolution.
Join the thousands already learning crypto!