StarkWare researchers propose smart contracts for Bitcoin with ColliderVM

Sidechain developer StarkWare and Weizmann Institute of Science researchers assertion to person created a workaround for aggregate Bitcoin publication limitations.

According to a caller probe paper, the caller plan claims to let the deployment of analyzable astute contracts connected Bitcoin successful a much capital-efficient manner. The caller strategy whitethorn besides beryllium vastly much businesslike from a computing standpoint.

ColliderVM is simply a protocol designed to alteration stateful computation connected Bitcoin, allowing multi-step processes to beryllium securely executed implicit aggregate transactions. Traditionally, Bitcoin publication output is not accessible to different scripts, making analyzable calculations astir impossible.

The researchers reason that ColliderVM could let the usage of Scalable Transparent Arguments of Knowledge (STARKs) — a benignant of zero-knowledge impervious — connected Bitcoin without requiring consensus-level changes to the network. The architecture would fto Bitcoin verify analyzable offchain computations with minimal onchain data.

ColliderVM targets Bitcoin limitations

Each Bitcoin artifact tin incorporate up to 4 cardinal OPCodes (commands) crossed each transactions, and a azygous Bitcoin script tin incorporate up to 1,000 stack elements (data entries). Furthermore, stateless execution means that each publication executes without representation of erstwhile authorities oregon intermediate computations from earlier transactions, making analyzable computations impractical.

The BitVM implementation from a 2023 paper by Robin Linus from Bitcoin probe steadfast ZeroSync allowed for analyzable astute contracts connected Bitcoin but required fraud proofs. Fraud proofs are cryptographic proofs that beryllium a peculiar transaction oregon computation was performed incorrectly, perchance triggering corrective actions.

Fraud-proof implementation typically requires operators to beforehand superior for imaginable corrective actions. In BitVM, operators wage an beforehand to screen perchance fraudulent transactions, recovering the superior aft the fraud-proof model closes.

The caller strategy is besides much businesslike from a computing constituent of view, compared with erstwhile implementations, but inactive expensive. Previous implementations utilized cryptographic one-time signatures (Lamport and Winternitz) that were notably computationally heavy.

ColliderVM draws from the November 2024 ColliderScript paper by researchers from StarkWare, web services steadfast Cloudflare and Bitcoin sidechain developer Blockstream. This strategy relies connected a hash collision-based committedness mounting a situation to nutrient an input that, erstwhile tally done a hash function, produces an output with pre-determined features.

Related: A beginner’s usher to the Bitcoin Taproot upgrade

This setup requires importantly less computing resources from honorable operators than from malicious actors.

Computational resources needed by honorable and malicious actors depending connected collision difficulty. Source: ColliderVM paper

Hash, but nary nutrient oregon weed

A hash is simply a non-reversible mathematical relation that tin beryllium tally connected arbitrary data, producing a fixed-length alphanumeric string. Non-reversible means that it is intolerable to tally the computation successful reverse to get the archetypal information from a hash.

This results successful a benignant of information ID identifying information to the bit, without containing immoderate underlying data.

Hash relation examples. Source: Wikimedia

This strategy — somewhat resembling Bitcoin (BTC) mining — requires importantly less hash operations compared to BitVM, reducing some publication size and processing time. ColliderVM researchers assertion to person reduced the fig of those operations adjacent further, by astatine slightest a origin of 10,000.

The researchers seemingly suggest that this implementation is astir making a STARKs-based Bitcoin sidechain practical. The insubstantial reads:

“We estimation that the Bitcoin publication magnitude for STARK impervious verification becomes astir practical, allowing it to beryllium utilized alongside other, pairing-based impervious systems communal contiguous successful applications.”

STARKs are a ZK-proof strategy recognized for their scalability and trustless quality (no trusted setup is needed). ZK-proofs are a cryptographic strategy that allows users to beryllium a peculiar diagnostic of a portion of information without revealing the underlying data.

Many aboriginal ZK-proof systems necessitated a one-time unafraid setup that relied connected “toxic waste” data. If a enactment were to support clasp of the toxic waste, it would let them to forge signatures and make fraudulent proofs. STARKs bash not trust connected specified a setup, making them trustless.

Traditional implementation of STARK verifiers would necessitate scripts that transcend Bitcoin’s limits. Now, researchers down ColliderVM reason that their much businesslike strategy approaches marque an onchain verification publication for STARK-proofs “nearly practical.”

Related: Bitcoin sidechains volition thrust BTCfi growth

Bitcoin-based trustless sidechains?

Bitcoin is wide considered the astir unafraid and reliable blockchain, but its critics rise issues with its diagnostic acceptable being importantly much constricted erstwhile compared to galore altcoins. Sidechains specified arsenic Blockstream’s Liquid exist, but are not trustless.

Director of probe astatine blockchain steadfast Blockstream and mathematician Andrew Poelstra told Cointelegraph arsenic acold backmost arsenic 2020 that ZK-proof-based systems are “one of the astir breathtaking areas of development” successful the cryptography space. Cypherpunk, a developer cited successful the Bitcoin achromatic insubstantial and Blockstream founder, explained successful a 2014 insubstantial that more enactment was needed to instrumentality trustless ZK-proof-based sidechains connected Bitcoin.

Still, adjacent 10 years later, a strategy based connected ColliderVM would beryllium trust-minimized alternatively than trustless. This is due to the fact that users would inactive request to spot that astatine slightest a minimal subset of web participants volition enactment honestly to guarantee the close functioning of the system.

The study’s pb authors see Eli Ben-Sasson, co-founder of StarkWare, on with researchers Lior Goldberg and Ben Fisch. Ben-Sasson is 1 of the archetypal developers of STARKs and has agelong advocated for the usage of zero-knowledge proofs to amended blockchain scalability.

In a caller interrogation with Cointelegraph, StarkWare co-founder Ben-Sasson noted that a existent Bitcoin layer-2 solution would request to person “the information of Bitcoin itself.” Instead, existent solutions trust connected spot successful signers oregon fraud-proof-based economical incentives. Still, helium recognized the Lightning Network:

“We should besides admit there’s, of course, today, lightning networks, which person the information of Bitcoin.“

Magazine: ‘Bitcoin furniture 2s’ aren’t truly L2s astatine all: Here’s wherefore that matters