Research Study
An Overview of Bitcoin Virtual Machine (BitVM)
Education and Insights
by Daniel Gray
July 22, 2024 • 10 min read
Addressing Bitcoin’s Lack of Complex Smart Contracts
For some members of the digital asset community, Bitcoin has a reputation for being the “boring blockchain.” This perception likely stems from the network’s comparatively slower block time, lack of complex smart contract capability, and inability to compute seemingly “intricate” calculations on the network. However, the rapid growth of decentralized finance (DeFi) and increasing demand for more complex financial applications within blockchain protocols has highlighted a need for more expressive and flexible smart contract capabilities.
In October 2023, a unique framework was proposed with the hopes of addressing this need: Bitcoin Virtual Machine (BitVM). Described as a novel computing paradigm, BitVM allows for the expression of Turing-complete Bitcoin contracts—without requiring any changes to the network’s consensus rules.
Put simply, attaining Turing completeness would allow Bitcoin to compute any computable problem, hypothetically extending its functionality far beyond its original creator(s)’ vision of a peer-to-peer electronic cash system. This process would be achieved through a unique mechanism that verifies all computations off-chain rather than executing them directly on the blockchain.
While BitVM represents what could be a significant breakthrough for Bitcoin’s long-term growth and maturity, it is important to acknowledge both that it is still in its early development as well as the network’s potential limitations.
Understanding Bitcoin’s Reputation as the “Boring Blockchain”
Bitcoin was originally created with the ability to support more complex smart contracts through its scripting system, also known as opcodes. Opcodes, or OP_CODEs, are commands or functions built into Bitcoin’s software. They can be compared to the buttons on a calculator—such as add, subtract, or multiply—in that they are limited to a specific functionality.
Opcodes are intended to minimize the complexity of the computations that are done on the network by creating predefined operations. For example, imagine an opcode for addition and multiplication. In terms of computation, adding the number five to the number five one million times (5+5+5…n) is more complex than multiplying five by one million (5*1,000,000). In this case, the opcode would multiply in favor of simplicity. However, due to an unforeseen bug, the creator(s) opted to remove some of the more powerful opcodes to limit the complexity of Bitcoin’s primary layer.1
These opcodes were removed in an effort to minimize the risk of protocol errors, bugs, or hacks that could be exploited in a more complex scripting system. With this trade-off, Bitcoin’s creator(s) seemingly prioritized the security, consensus rules, and scalability of nodes (decentralization) over the ability to support Turing-complete smart contracts.
Lower complexity—especially on the base layer—minimizes the resources required of nodes, thereby lowering fee variability. Bitcoin’s users ultimately pay for one resource when transacting: block space.
The lack of complexity on the base layer was an intentional choice. It enables full nodes—Bitcoin’s consensus layer—to remain decentralized through the verification of arbitrary transactions and scripts submitted to the network.
As a result of this decision, full node requirements are still relatively low after 15 years. Bitcoin’s blockchain does not need to store any complex computations or transactions and thus has yet to surpass one terabyte of storage space. Additionally, nodes can operate with minimal processing power and memory (RAM) due to the lack of compute-intensive transactions.
The most notable downside of this decision is that it greatly impacts the scalability of the network (Layer 1). Since block space is limited and costly, there is a point at which users are priced out of transacting. This has been the focal point of many debates happening today within the Bitcoin community. The argument against non-financial transactions—for example, inscriptions—remains a heated topic.
How BitVM Works
An Overview
BitVM starts by breaking down a program into small logic gates commonly used by computers. The makeup of these logic gates is also known as a circuit. Any program can be broken down into a binary circuit (bits). However, verifying data on the blockchain is a computationally intensive process. Large datasets on a distributed ledger can quickly become resource-intensive, outweighing any value brought by the computations alone.
Instead of verifying each bit on-chain, BitVM suggests a more efficient approach made up of two parties. The idea is that a verifier—the person or system checking claims—carefully crafts challenges to succinctly disprove a false claim of the prover, or the contract creator.
The prover and verifier then work together to sign a sequence of challenge-and-response transactions, which are later relied on in the event of a dispute. The prover’s job is to verifiably prove that their computations are correct and that the code is doing what it was originally designed to do. The verifier can be any second party that has an interest in ensuring the accuracy of these changes.
In other words, imagine a trial where the “prover” (program creator) is the defendant and the “verifier” is the prosecutor. Instead of exhaustively examining every single piece of evidence in the case, the prosecutor can ask strategically designed questions to assess the validity of the defendant’s claims. If the defendant is proven to be lying, the prosecutor wins.
One of the main capabilities of BitVM is enabling state change computations to occur off-chain. In other words, this means large data storage requirements for the prover and verifier. On-chain computations are only ever needed in the event of a dispute between the two parties. If the prover makes an incorrect claim, the verifier can take the prover’s deposit. This is integral to the design as it ensures attackers or fraudulent provers always lose their funds.
On-Chain Storage
The resulting program or smart contract is committed as a binary circuit on Bitcoin’s base layer. By employing Taproot Trees (Taptree), a feature of the Taproot upgrade that enabled multiple spending conditions to be committed to a single output, all the logic gates inside a circuit can be stored in a leaf script.2 Put simply, a Taptree could be made up of hundreds or thousands of leaf scripts that all individually define a specific set of logic used by the overarching program.
The Taptree allows for the program to have a minimal footprint on the base layer because only the hashes of the data are necessary, keeping storage requirements low for node runners. Additionally, the absence of on-chain computations keeps processing power requirements low for nodes as well, ensuring the decentralization of the consensus layer.
Possible Applications and Benefits for Bitcoin
It is important to note that BitVM is still in the early development stages. The whitepaper was originally put forward simply as a proof of concept with multiple directions for research to branch off into.3 However, there are several possibilities this framework could eventually enable for Bitcoin, as it demonstrates that a trust-minimized Turing-complete framework can be coupled to Bitcoin.
Readers should note that this article is intended to function as an overview of how BitVM works at its current stage and offer an analysis of how it could affect current markets. All proposed ideas are highly dependent on additional research and a multitude of other factors, including the enablement of some of Bitcoin’s original opcodes.
Examples of the top prospects BitVM could enable include:
Trust-Minimized Bridges
The fraud proof challenge-response verification process could allow for trustless dispute resolution on sidechains.4,5 For context, a fraud proof is a method to challenge and revert invalid transactions on a blockchain by proving they are fraudulent, ensuring only valid state transitions are recorded. This would enable users to interact with sidechains without the risk of potentially losing their bitcoin to fraud by empowering verifiers to make a claim. If the claim is verified then the prover would lose their funds, thus incentivizing fair play.
DeFi
BitVM would allow Bitcoin to move beyond its current market of monetary transactions and store of value. More complex smart contracts open the door to a wider range of market participants. Additionally, minimizing perceptions of Bitcoin being “boring” could attract new users and incentivize old ones to return to the protocol for their DeFi-related needs. A similar effect was seen when inscription and rune speculation brought an influx of demand for block space back to the protocol.
Decentralized Applications (dApps)
BitVM could significantly increase the capabilities of Bitcoin by empowering users to build a diverse array of sophisticated dApps and other decentralized services that go far beyond basic financial transactions. This could have a significant impact on the growth and evolution of the current digital asset landscape.
Limitations and Challenges
The Two-Party Setting
Currently, BitVM only works in a two-party setting. This means that each prover can only have one verifier at a time, ultimately limiting more complex contracts such as multi-party sidechain applications. However, further research could enable a wheel and spoke model where a central party acting as the prover has two-of-two relationships with a variety of verifiers similar to the Lightning Network.
If this is achieved then BitVM could also theoretically be used to emulate every opcode imaginable, unleashing a wave of possibilities and innovation on Bitcoin. Additionally, BitVM could combine with various off-chain protocols, enabling more sophisticated “channel factories.”6 For example, this could translate to creating, managing, and updating the state of multiple Lightning channels within a single contract without requiring on-chain transactions for each individual channel.7
Data Storage
Another challenge is the storage requirements for these contracts. While the circuits are layered into a Taptree in the contract address, the program itself must exist elsewhere. The prover is ultimately in charge of initiating computations, sharing data with the verifier, and storing any other contract data.
The result could be an exceptionally large data set. However, none of the data or computations are happening on-chain and are therefore not restricted by Bitcoin’s base layer capabilities. BitVM could ultimately enable an Ethereum-like Layer 2 to be built, where complex computations are run off-chain before being batched and submitted to the Layer 1 protocol.
Conclusion
BitVM has a long development path ahead of it before it can significantly impact Bitcoin and the wider digital asset landscape. However, it still represents what could be an important breakthrough for Bitcoin’s long-term growth. BitVM is proof that developers are still innovating on Bitcoin, and Turing-complete virtual-machine-like computations are possible on the “boring blockchain.”
Many of BitVM’s most powerful applications might not even be fathomable today. Alternatively, the data storage requirements among other complex cryptographical problems may not have an efficient solution, therefore resulting in a failed experiment. It is noteworthy that a subsequent iteration of BitVM, referred to as BitVM2, was proposed earlier this year. This new variant builds upon the original concept and introduces additional features and improvements.8
However, the possibilities associated with a successful launch of BitVM do raise an interesting question: If Bitcoin is considered to be the best digital money and most secure network, will users continue to use other forms of money to interact with their preferred smart contract platform? As Bitcoin’s capabilities continue to evolve, possibly enabling trust-minimized smart contract functionality, there is the possibility that users may choose to interact directly within the Bitcoin ecosystem’s Layer 2 solutions and sidechains rather than utilizing other assets to access smart contracts.
Interested in learning more about Bitcoin and its latest developments? Get in touch.
1https://github.com/bitcoin-core/gui/commit/6ac7f9f144757f5f1a049c059351b978f83d1476#diff-27496895958ca30c47bbb873299a2ad7a7ea1003a9faa96b317250e3b7aa1fef
2https://github.com/bitcoinops/taproot-workshop/blob/master/2.4-taptree.ipynb
3https://bitvm.org/bitvm.pdf
4https://docs.citrea.xyz/technical-specs/characteristics/bitcoin-settlement-trust-minimized-btc-bridge
5https://docs.zulunetwork.io/core-concepts/bitvm-zulu
6https://bitcoinops.org/en/topics/channel-factories/
7https://bitcoin.stackexchange.com/questions/67158/what-are-channel-factories-and-how-do-they-work
8https://bitvm.org/bitvm2
The information herein was prepared by Fidelity Digital Asset Services, LLC (“FDAS LLC”) and Fidelity Digital Assets, Ltd (“FDA LTD”). It is for informational purposes only and is not intended to constitute a recommendation, investment advice of any kind, or an offer to buy or sell any asset. Perform your own research and consult a qualified advisor to see if digital assets are an appropriate investment option.
Digital assets are speculative and highly volatile, can become illiquid at any time, and are for investors with a high-risk tolerance. Investors in digital assets could lose the entire value of their investment.
Custody and trading of digital assets are provided by Fidelity Digital Asset Services, LLC, which is chartered as a limited purpose trust company by the New York State Department of Financial Services to engage in virtual currency business (NMLS ID 1773897). FDA LTD relies on FDAS LLC for these services. FDA LTD is registered with the Financial Conduct Authority under the U.K.’s Money Laundering Regulations. The Financial Ombudsman Service and the Financial Services Compensation Scheme do not apply to the cryptoasset activities carried on by FDA LTD.
To the extent this communication constitutes a financial promotion in the U.K., it is issued only to, or directed only at, persons who are: (i) investment professionals within the meaning of Article 19 of the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 (the "FPO"); (ii) high net worth companies and certain other entities falling within Article 49 of the FPO; and (iii) any other persons to whom it may lawfully be communicated.
This information is not intended for distribution to, or use by, anyone in any jurisdiction where such distribution would be contrary to local law or regulation. Persons accessing this information are required to inform themselves about and observe such restrictions.
FDAS LLC and FDA LTD do not provide tax, legal, investment, or accounting advice. This material is not intended to provide, and should not be relied on, for tax, legal, or accounting advice. Tax laws and regulations are complex and subject to change. You should consult your own tax, legal, and accounting advisors before engaging in any transaction.
Views expressed are as of the date indicated, based on the information available at that time, and may change based on market or other conditions. Unless otherwise noted, the opinions provided are those of the speaker or author and not necessarily those of Fidelity Digital Assets or its affiliates. Fidelity Digital Assets does not assume any duty to update any of the information.
Fidelity Digital Assets and the Fidelity Digital Assets logo are service marks of FMR LLC.
© 2024 FMR LLC. All rights reserved.