BitVM: Quasi-Turing Complete Computation on Bitcoin

Lukas Aumayr; Zeta Avarikioti; Robin Linus; Matteo Maffei; Andrea Pelosi; Christos Stefo; Alexei Zamyatin

Paper 2024/1995

BitVM: Quasi-Turing Complete Computation on Bitcoin

Lukas Aumayr, TU Wien, Common Prefix

Zeta Avarikioti, TU Wien, Common Prefix

Robin Linus, Stanford University

Matteo Maffei, TU Wien, CDL-BOT

Andrea Pelosi, University of Pisa, University of Camerino, TU Wien, Traent, CDL-BOT

Christos Stefo, TU Wien

Alexei Zamyatin, BOB

Abstract

A long-standing question in the blockchain community is which class of computations are efficiently expressible in cryptocurrencies with limited scripting languages, such as Bitcoin Script. Such languages expose a reduced trusted computing base, thereby being less prone to hacks and vulnerabilities, but have long been believed to support only limited classes of payments. In this work, we confute this long-standing belief by showing for the first time that arbitrary computations can be encoded in today's Bitcoin Script, without introducing any language modification or additional security assumptions, such as trusted hardware, trusted parties, or committees with secure majority. In particular, we present $\mathsf{BitVM}$, a two-party protocol realizing a generic virtual machine by a combination of cryptographic and incentive mechanisms. We conduct a formal analysis of $\mathsf{BitVM}$, characterizing its functionality, system assumptions, and security properties. We further demonstrate the practicality of our approach: in the optimistic case (i.e., in the absence of disputes between parties), our protocol requires just three on-chain transactions, whereas in the pessimistic case, the number of transactions grows logarithmically with the size of the virtual machine. This work not only solves a long-standing theoretical problem, but it also promises a strong practical impact, enabling the development of complex applications in Bitcoin.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Contact author(s): lukas aumayr @ gmail com
georgia avarikioti @ tuwien ac at
robin @ zerosync org
matteo maffei @ tuwien ac at
andreapelosi @ protonmail com
christos stefo @ tuwien ac at
alexei @ gobob xyz
History: 2024-12-12: approved; 2024-12-10: received; See all versions
Short URL: https://ia.cr/2024/1995
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1995,
      author = {Lukas Aumayr and Zeta Avarikioti and Robin Linus and Matteo Maffei and Andrea Pelosi and Christos Stefo and Alexei Zamyatin},
      title = {{BitVM}: Quasi-Turing Complete Computation on Bitcoin},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1995},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1995}
}