BitVM aims to enhance Bitcoin smart contract capabilities without fork

Quick Take

  • BitVM proposes a new method for expressing Turing-complete Bitcoin smart contracts without altering the network’s consensus rules.
  • The system leverages fraud proofs and a challenge-response protocol, enabling any computable function to be verified on Bitcoin, according to a whitepaper.

Blockchain developer ZeroSync's co-founder Robin Linus unveiled a whitepaper for BitVM, aiming to enhance Bitcoin BTC -0.25% smart contract capabilities without requiring a soft fork upgrade to the network's consensus rules.

"Any computable function can be verified on Bitcoin," Linus posted on X (formerly Twitter). "This enables more expressive smart contracts on Bitcoin. Particularly, it enables functionality that we thought we'd need a soft fork for" — potentially bringing more DeFi use cases and scalability to the network.

BitVM means Bitcoin can now be as Turing-complete as any other chain, according to reviewer Sam Parker. Turing completeness refers to a system that can perform any computation given enough time and resources.

However, "Bitcoin really isn’t any more Turing Complete by the technical definition as it was before, it simply has been given a runtime to its programs that we can reasonably say it's 'Turing complete enough' for any program that we could realistically want to execute," Parker added.

"This is probably the most exciting discovery in the history of Bitcoin script," pseudonymous reviewer Super Testnet said. "It seems to knock down practically every door and gives us access to covenants, sidechains and powers similar to Liquid or the Ethereum Virtual Machine, all at once with no forks required. I can't wait to publish my demo.”

Potential applications include games and the verification of validity proofs in Bitcoin contracts, according to the whitepaper. It may also be possible to bridge bitcoin to other chains, build a prediction market or emulate novel smart contract operations, it noted.

How BitVM works

Bitcoin's built-in smart contract capabilities are limited to basic operations by design. BitVM enables more enhanced smart contract functionality by running computations off-chain.

Instead of executing computations directly on Bitcoin, BitVM verifies them in a manner akin to optimistic rollups, utilizing fraud proofs, a challenge-response protocol and Bitcoin's Taproot upgrade.

A prover claims that a specific function, when given certain inputs, produces a particular output. If this claim is false, a verifier can perform a fraud-proof and penalize the prover. This mechanism allows any computable function to be verified on Bitcoin.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

While committing to extensive programs in a Bitcoin Taproot address demands considerable off-chain computation and communication, the on-chain footprint remains minimal. So, as long as the parties collaborate, complex computation can be carried out off-chain, only requiring on-chain execution in the event of a dispute, according to the whitepaper.

BitVM limitations and criticism

While optimistic about its potential, pseudonymous Bitcoin educator Shinobi warned the cost of off-chain data management is "massive," adding that the other major limitation of BitVM is that it only works with two parties (the prover and the verifier).

Bob Bodily, CEO of Ordinals marketplace and launchpad Bioniq, said BitVM is not as good as the Ethereum Virtual Machine, being slower, more complex and more expensive. "The core benefit of BitVM is we get additional programmability right now on Bitcoin without an upgrade," he added.

Blockstream CEO Adam Back said people were getting "over excited" about BitVM, adding that it could run into "pragmatic scalability limits." Though Linus said that was a misunderstanding.

Dan Robinson, a researcher at crypto investment firm Paradigm was more critical. "This is not Turing completeness. This is functional completeness," he said, adding it "just won’t work in practice for anything you might want to use it for." Functional completeness means a set of operations that can perform any logical task.

Ethereum-like smart contract capabilities

BitVM is not the only protocol looking to bring Ethereum-like smart contract capabilities to Bitcoin, with the Botanix EVM Layer 2 also tackling the objective via a sidechain solution called Spiderchain.

Last week, ZeroSync implemented the first Stark-based ZK client for Bitcoin, enabling Bitcoin users to validate the network's state without downloading the entire blockchain. "The chain state proof is not necessarily related to that," Linus told The Block. "But the BitVM can verify a STARK on Bitcoin, so you can have Bitcoin contracts which use the chain state proof."

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

James Hunt is a reporter at The Block, based in the UK. As the writer behind The Daily newsletter, James also keeps you up to speed on the latest crypto news every weekday. Prior to joining The Block in 2022, James spent four years as a freelance writer in the industry, contributing to both publications and crypto project content. James’ coverage spans everything from Bitcoin and Ethereum to Layer 2 scaling solutions, avant-garde DeFi protocols, evolving DAO governance structures, trending NFTs and memecoins, regulatory landscapes, crypto company deals and the immersive metaverse. You can get in touch with James on Twitter or Telegram via @humanjets or email him at [email protected].


To contact the editor of this story:
Nathan Crooks at
[email protected]