Introduction

Bitcoin, the world’s most secure and decentralized blockchain, has traditionally been seen as limited in programmability compared to other platforms like Ethereum. However, BitVM is changing that narrative by introducing a framework for advanced computation and programmability directly on Bitcoin. At its core, BitVM unlocks the potential for trust-minimized Bitcoin bridges and other applications, all while staying true to Bitcoin’s principles of decentralization and security.

This article explores the evolution of BitVM, its current status, the critical engineering efforts behind it, and the significant contributions made by Bitlayer, a key player in the BitVM ecosystem.

The Evolution of BitVM

BitVM represents a transformative step in expanding Bitcoin’s capabilities beyond its primary use as a digital currency. The journey of BitVM has been marked by key milestones:

1. Initial Proposal: Robin Linus first introduced BitVM as a general-purpose computing solution for Bitcoin.
2. Interactive Bisection: Robin refined the concept by incorporating interactive bisection using RISC-V instructions, enabling more efficient computation.
3. BitVM2: The latest iteration, BitVM2, eliminated bisection and introduced permissionless challenge mechanisms, making it a robust framework for Bitcoin bridging.

Today, the BitVM community focuses almost entirely on BitVM2, which is the version referred to throughout this article.

About the BitVM Alliance

The BitVM Alliance was founded by Robin Linus and Lukas George to accelerate the development and adoption of BitVM. The alliance brings together leading projects and teams to push the boundaries of Bitcoin’s programmability. Learn more on the BitVM project page.

BitVM Project Status

How BitVM Works: Simplified

BitVM enables a Bitcoin bridge that connects Bitcoin to programmable environments, facilitating workflows like asset transfers. The process can be broken down into three key steps:

1. Peg-in: A user locks BTC in a BitVM smart contract and mints wrapped BTC (YBTC) on a secondary system.
2. Peg-out: The user requests a withdrawal, and a bridge operator provides liquidity by transferring BTC to the user on Bitcoin.
3. Claim: The operator retrieves the fronted funds from the BitVM smart contract, provided no one challenges the claim.

Source: BitVM2 paper

The Role of BitVM Smart Contracts

A BitVM smart contract is essentially a pre-signed Bitcoin transaction graph, which defines the rules and workflows that all participants must follow. Key characteristics include:

• Pre-signed Transactions: These transactions are signed by all participants beforehand to enforce protocol rules.
• Multi-signature Control: Funds are locked in a multi-signature wallet controlled by all actors in the workflow.

Once the transaction graph is published, the peg-in user locks BTC into the BitVM contract and mints wrapped BTC on the secondary system, initiating the entire workflow.

Ensuring Integrity: Dispute Resolution

To ensure claims are valid, BitVM employs a dispute resolution protocol:

1. Pre-commitment: The operator pre-commits a Groth16 verifier result, computed off-chain using a checker program. This ensures the claim is valid (e.g., wrapped BTC has been burned, and the peg-out transfer has been completed).
2. Challenge: If challenged, the operator must reveal all intermediate values from the verifier computation.
3. Verification: The challenger runs the verifier off-chain to identify any invalid chunk. If fraud is detected, the challenger submits a transaction to replay the invalid chunk on Bitcoin, invalidating the claim.

Key Engineering Efforts

1. Groth16 Verifier Development

The Groth16 verifier is a cornerstone of BitVM, enabling efficient zero-knowledge proof verification directly on Bitcoin. Key achievements include:

• Building the Verifier:
  • A monolithic Groth16 verifier was implemented entirely in Bitcoin Script, mirroring the functionality of general-purpose programming languages.
  • Foundational primitives were developed, including BIGINT arithmetic, BLAKE3 hashing, BN254 elliptic curve pairing, and Winternitz signatures for bit commitments.
• Optimization:
  • Advanced cryptographic techniques reduced the verifier’s size from 7.4 GB to 1 GB.
• Chunking the Verifier:
  • The monolithic verifier was divided into smaller chunks, each small enough to fit within a single Bitcoin transaction (less than 4MB). These chunks serve as fraud proofs, ensuring disputes can be resolved on-chain.

2. Protocol Implementation

With the Groth16 verifier in place, the next step was developing a robust transaction graph to connect all components. This involved:

• Monitoring on-chain events and storing necessary data.
• Constructing and validating transactions like ASSERT and DISPROVE.
• Managing connector outputs and ensuring reliable transaction broadcasting.

Current Status

Groth16 Verifier

• The monolithic verifier has been reduced to 1 GB in size.
• The chunked verifier consists of fewer than 1,000 chunks, making it feasible for deployment.

Protocol Implementation

• The transaction graph is nearly complete.

Next Steps

1. The BitVM Alliance is conducting a comprehensive code audit.
2. Plans are underway to showcase the first end-to-end BitVM bridge.

Bitlayer Contributions

Bitlayer has been a major contributor to the BitVM project, particularly in two areas:

1. Groth16 Verifier Contributions

• Optimization:
  • Developed a batched Multiple Scalar Multiplication (MSM) technique, reducing script size from 7.4 GB to 5.6 GB.
  • Implemented a new MSM algorithm using affine coordinates, further reducing the verifier size to 1 GB.
• Verifier Chunker:
  • Contributed the first feasible chunker implementation, splitting the monolithic verifier into logical parts (e.g., MSM, G2 group checks, Miller loop accumulation).
  • Fine-tuned the chunking process to balance input/output granularity and achieve optimal chunk sizes.

2. Bridge Protocol Contributions

• Developed key components like the ASSERT transaction and DISPROVE transaction.
• Plans to contribute additional protocol implementations to the BitVM project.

Bitlayer: Beyond the Official BitVM Project

Bitlayer recognizes the transformative potential of BitVM and is exploring its applications beyond Bitcoin bridging:

1. Abstracting BitVM: Developing reusable components like BitVM-style smart contracts, fraud proofs, and zero-knowledge proofs.
2. Finality Bridge: Launching its own BitVM bridge implementation, with the Finality Bridge testnet now live.
3. Bitcoin Rollups: Working on a rollup protocol based on the BitVM abstraction, featuring a recursive BitVM smart contract and zkVM.

A Recap of Bitlayer’s Contributions

1. Delivered groundbreaking Groth16 verifier optimizations, significantly reducing script size.
2. Developed the first feasible verifier chunker implementation.
3. Contributed core components of the BitVM bridge protocol, including ASSERT and DISPROVE transactions.
4. Exploring innovative use cases like Bitcoin-native rollups and zkVM.