Unlocking the Potential of Bitcoin Scripting with BitVM: Enforcing Arbitrary Computations on the Blockchain

Last October, Robin Linus from Zerosync introduced a groundbreaking concept in the world of Bitcoin with the unveiling of BitVM. One of the most persistent criticisms of Bitcoin has been its lack of programmability when it comes to controlling how money is spent or locked up. The scripting language of Bitcoin has always been limited in its capabilities, with only basic operations such as signature checks, timelocks, and data manipulation being possible.

However, Robin’s insight with BitVM was that a single primitive in the field of computing, the NAND gate, could be enforced in Bitcoin script. The NAND gate is a fundamental building block of computing at the physical electrical level, and every computation that is possible can be constructed using NAND gates. By utilizing a combination of OP_BOOLAND and OP_NOT operations in Bitcoin script, a NAND gate can be verified and enforced directly.

With the addition of hashlocks, a NAND gate script can be created where each input and output field has two possible hashlocks to unlock the spending path. This ensures that once a party commits to a specific input for the NAND gate, they cannot change their mind without facing financial consequences. The use of taproot trees allows for multiple NAND gate scripts to be compacted, and challenges can be made on individual steps in the computation to ensure correctness.

Despite its innovative approach, BitVM does have its limitations. Only the parties involved in creating a BitVM contract can participate, and the roles are limited to a prover and a verifier. This restricts the system to being trusted, as only those with access to the BitVM UTXO can challenge computations.

Another limitation is the potential length of the challenge response protocol. If a party stops responding during a challenge, the verifier must guess where the prover may be lying in the computation and reveal both preimages to a specific bit to claim the funds. This can be time-consuming and inefficient, potentially allowing a dishonest party to drag out the process.

Overall, BitVM represents a significant advancement in the programmability of Bitcoin, offering a powerful primitive for establishing two-way pegs to sidechains or other systems. However, further developments may be needed to address the limitations and ensure the system’s trustlessness and efficiency.