BitVM, as it is known, was laid out in an October 9 whitepaper by Robin Linus, a core contributor to ZeroSync, which is building tools for developers to use zero-knowledge proofs on Bitcoin

A research paper published this week outlined a new paradigm to bring Ethereum-style smart contracts to the Bitcoin network.

BitVM, as it is known, was laid out in an October 9 whitepaper by Robin Linus, a core contributor to ZeroSync, which is building tools for developers to use zero-knowledge proofs on Bitcoin.

The goal of BitVM is to enable Turing-complete Bitcoin contracts without making the network more complex for other users. Turing completeness is a computing term for a system that can compute any possible calculation or program.

Under BitVM, computations would be performed off-chain and then confirmed on-chain, similar to the mechanics of optimistic rollups on Ethereum.

In theory, there should be no restrictions on the complexity of the computations as they are carried out off-chain, so there is no risk of jamming up the network at the expense of other users.

This allows for more expressive smart contracts on Bitcoin, Linus stated on X (formerly Twitter). Especially, it enables functionality that we thought we would require a soft fork for.

The protocol involves two parties: a “prover” and a “verifier”. The prover makes a claim of a particular function producing a specific output when given specific inputs. They pre-sign a sequence of transaction, enabling a challenge-response game between the two of them.

They then make on-chain deposits to a Bitcoin address, turning on the contract and they begin to exchange off-chain data, with the verifier able to take the prover’s deposit if any wrong claim is made. This should mean that attackers always lose their deposits, Linus stated.