Bitcoin Virtual Machine (BitVM)


BitVM, or Bitcoin Virtual Machine, is a proposed system described in a whitepaper by Robin Linus that allows complex computations and smart contracts to be executed on the Bitcoin network.

What Is BitVM?

BitVM, or Bitcoin Virtual Machine, is a proposed system described in a whitepaper by Robin Linus that allows complex computations and smart contracts to be executed on the Bitcoin network. The key innovation of BitVM is that rather than running computations on-chain, the computations are verified on-chain using a novel prover-verifier model.
The whitepaper states that BitVM introduces a new paradigm for Bitcoin contracts and off-chain computation, providing Turing completeness while avoiding changes to Bitcoin's consensus rules. It does this by enabling arbitrary computations to be verified on the blockchain without needing to be executed there.

How BitVM Works

BitVM utilizes a prover-verifier architecture with fraud proofs and a challenge-response protocol to verify computations. The prover and verifier first collaborate off-chain to compile the program into a binary circuit format. 

Each logic gate in the circuit is represented by a leaf script in a Taproot address controlled by the prover. The prover commits to the full circuit within this Taproot address, using it as a succinct commitment to the entire program.

The prover and verifier also jointly pre-sign a set of transactions to enable the challenge-response protocol. After setup, both parties make deposits on-chain to the Taproot address to activate the contract.

The prover can now execute the program off-chain and inform the verifier of the results. If the verifier believes the results are invalid, they can trigger a challenge transaction. This forces the prover to reveal the inputs and outputs of the disputed logic gate to prove it executed correctly. After multiple rounds of challenge-response, any false claims can be proven on-chain.

This approach minimizes on-chain computation and data by keeping the bulk of work off-chain. The blockchain only gets involved in instances of disputes between the parties.

Potential Benefits

The whitepaper points to several potential benefits of BitVM:

  1. Enables Turing-complete smart contracts on Bitcoin without changing consensus rules

  2. Minimizes blockchain congestion by keeping computation and data off-chain

  3. Allows arbitrarily complex computations to be settled on Bitcoin between two parties

  4. Succinct commitments to entire programs possible with Taproot addresses 

  5. Two parties can coordinate off-chain, enforced by on-chain verification when required

  6. Lower costs than executing contracts on-chain

  7. Fraud proofs guarantee security - false claims are provable on-chain

The whitepaper also compares BitVM to Ethereum's architecture. Some differences highlighted:
  1. BitVM verifies off-chain computation while Ethereum natively runs contracts on-chain

  2. BitVM requires more coordination off-chain, Ethereum is on-chain

  3. BitVM minimizes fees and blockchain load versus Ethereum

  4. BitVM is currently limited to two parties, while Ethereum supports multi-party contracts

BitVM pursues minimal on-chain impact at the cost of convenience. But it enables advanced Bitcoin contracts that are otherwise not possible.


Some limitations and challenges of the initial BitVM concept:

  1. Two-party architecture makes complex multi-party contracts difficult

  2. No native support yet for blockchain oracles and external data 

  3. Computationally demanding for participants to process complex circuits

  4. No specified methods yet for monitoring or viewing the BitVM contract state

  5. Taproot address space constraints limit maximum circuit complexity

BitVM introduces a novel architecture for Turing-complete smart contracts on Bitcoin without changing consensus rules. It discusses how verifying off-chain computations minimizes blockchain load while expanding functionality.

BitVM creates a new design space for more advanced Bitcoin contracts and off-chain computation models. It focuses solely on the core two-party BitVM concept as the starting point for further exploration and evolution.