What Is BitVM? A Guide to Turing-Complete Smart Contracts on Bitcoin
December 5, 2023
2023 has been a big year for Bitcoin in terms of innovation, thanks to numerous ambitious developers striving to expand the blockchain’s utility and functionality.
In this guide, you will discover BitVM, yet another innovation that has emerged in the Bitcoin ecosystem.
What is BitVM?
BitVM, short for Bitcoin Virtual Machine, is a proposed virtual engine that seeks to bring complex smart contract-like functionality to Bitcoin without making any changes to the protocol.
It will give Bitcoin the option to mimic functionalities normally known from Turing-complete blockchains like Ethereum. Turing completeness in blockchains refers to the capability of a blockchain's programming language to execute any computable function, allowing for the creation of complex and diverse smart contracts and decentralized applications (dApps).
However, Bitcoin’s virtual machine differs from a “full VM” like the Ethereum or Solana Virtual Machine because it can only support two-party transactions instead of multi-party transactions beyond two participants.
Also, BitVM performs most computations off-chain to avoid clogging the network. Conversely, common VMs like the Ethereum Virtual Machine (EVM) are integrated into the blockchain and conduct computations on-chain.
Although BitVM will help Bitcoin handle Turing-complete smart contracts, BitVM contributor Sam Parker observes that the proposed virtual machine will not make the blockchain any more Turing-complete in the technical definition than it is now.
Rather, BitVM will increase the length of the programs that one can run on Bitcoin, making the blockchain Turing-complete enough for smart contracts or programs to be executed.
A system is considered Turing-complete if it can carry out any computation given enough resources and time. Native Bitcoin smart contracts are simple and not Turing-complete.
Robin Linus released BitVM’s whitepaper on October 9, 2023. Linus is the Project Lead of ZeroSync, an organization focused on scaling Bitcoin with zero-knowledge proofs. BitVM’s first proof-of-concept was developed by the pseudonymous developer Super Testnet.
How Does BitVM Work?
BitVM acts as a middle layer that minimizes on-chain footprint by performing computations off-chain. Like optimistic rollups, the VM bundles multiple off-chain transactions and posts them to the base layer for storage.
Optimistic rollups are blockchain layer-2 scaling solutions that move data storage and computation off-chain and bundle transactions before submitting them to the main chain. They presume that transactions are valid unless proved otherwise through fraud proofs. A fraud-proof is a security model initiated when fraud is suspected. It scrutinizes a transaction to determine whether or not dishonest behavior did, in fact, take place.
BitVM leverages one of Bitcoin’s existing smart contracts, the hashed time lock. This smart contract allows funds not to be spent until a certain period has elapsed. Additionally, BitVM uses Taproot, a Bitcoin upgrade that enhances smart contract functionality and improves transaction privacy.
Notably, BitVM is optional, which means you can transact on the Bitcoin blockchain as usual without using the virtual machine.
Provers and Verifiers
BitVM is a two-party system. The two actors involved are the Prover and the Verifier.
The Prover first commits to a certain output and deposits funds to a Taproot address. Next, the Prover shares the inputs that make the code generate the expected output with the Verifier. This process is known as initiating a claim.
The Verifier’s job is to check that the code plus the inputs produce the expected output. This verification process entails an off-chain challenge-response game, which is enabled when the two parties pre-sign a sequence of transactions.
The two parties also make on-chain deposits to activate the contract. Once they have done this, they can start exchanging data off-chain.
During the challenge-response game, the Verifier uses the pre-signed transactions to challenge the Prover to reveal the correct “answer” and any additional necessary proof. If the Prover fails to produce a valid response, the Verifier wins the challenge and takes the Prover’s deposit.
This scheme deters bad actors from initiating illegitimate claims because they will be penalized for doing so.
When a claim is false, the Verifier uses the pre-signed transactions as fraud proofs and submits them on-chain to expose the Prover’s dishonesty. Relevant data and computations are only posted and verified on-chain when there’s suspicion of dishonest behavior and, thus, a dispute. Otherwise, all verifications occur off-chain.
Another possible opportunity to claim the deposit occurs when one party stops cooperating after a specified period. On the other hand, the Prover wins the challenge and gets to claim the deposit if they can respond to each challenge accurately.
After a few rounds of fully cooperating in the challenge-response game (this can go on until all pre-signed transactions run out), the two parties get to settle the contract.
Benefits & Drawbacks of BitVM
Now, let’s take a look at the pros and cons of BitVM.
- Scales Bitcoin by enabling expressive smart contracts without creating an excessive on-chain footprint
- Opens Bitcoin to use cases such as gaming, automated payments, and DeFi
- Doesn’t require any changes to the Bitcoin blockchain
- Possible compatibility with the Lightning Network and rollups
- Still in the early stages of development, which means BitVM has yet to prove itself
- Requires a great deal of work before it can allow developers to compute anything on Bitcoin
- Limited to interactions between two parties
- Enormous data requirements for the two parties, meaning they need enough bandwidth to handle this amount of data
What Could BitVM Bring to Bitcoin?
Now, let’s take a look at what BitVM could bring to the Bitcoin ecosystem.
BitVM’s expressive smart contracts can help developers create a vibrant gaming ecosystem for Bitcoin by integrating complex monetary features into games.
BitVM gives Bitcoin additional programmability, permitting developers to build decentralized applications (dApps) for DeFi, prediction markets, and other purposes.
BitVM’s complex smart contracts can enable automated payments between two parties, potentially encouraging more companies to adopt Bitcoin as a payment rail.
By adding a zero-knowledge verifier in BitVM, the power of Bitcoin layers would be fully unlocked. That means Bitcoin L2s could achieve trustless bridging, higher transaction throughputs, improved privacy, and enhanced programmability.
Are there smart contracts for Bitcoin?
Yes. Bitcoin has several native smart contracts, like hashed time locks, multisigs, discreet logs, and pay-to-public-key-hash. These smart contracts are simple and non-Turing-complete.
Moreover, Bitcoin layers like Stacks, RSK, RGB, and MintLayer have introduced advanced Bitcoin-secured smart contracts, enabling developers to build decentralized applications and NFTs.
How does BitVM differ from EVM?
Although they are both called virtual machines, BitVM and EVM aren’t the same. BitVM only supports two-party interactions, while EVM allows multi-party interactions. Additionally, BitVM is an optional virtual engine, and it handles almost all computations off-chain. On the other hand, EVM is an integral part of Ethereum’s base-layer blockchain. Thus, all computations occur on-chain. These differences have led some critics to claim that BitVM is not a “full VM.”
All in all, BitVM is a unique computational engine that cannot be truly likened to anything in existence today.