BitVMX: A CPU for Universal Computation on Bitcoin (2405.06842v1)

Abstract: BitVMX is a new design for a virtual CPU to optimistically execute arbitrary programs on Bitcoin based on a challenge response game introduced in BitVM. Similar to BitVM1 we create a general-purpose CPU to be verified in Bitcoin script. Our design supports common architectures, such as RISC-V or MIPS. Our main contribution to the state of the art is a design that uses hash chains of program traces, memory mapped registers, and a new challenge-response protocol. We present a new message linking protocol as a means to allow authenticated communication between the participants. This protocol emulates stateful smart contracts by sharing state between transactions. This provides a basis for our verification game which uses a graph of pre-signed transactions to support challenge-response interactions. In case of a dispute, the hash chain of program trace is used with selective pre-signed transactions to locate (via $n$-ary search) and then recover the precise nature of errors in the computation. Unlike BitVM1, our approach does not require the creation of Merkle trees for CPU instructions or memory words. Additionally, it does not rely on signature equivocations. These differences help avoid complexities associated with BitVM1 and make BitVMX a compelling alternative to BitVM2. Our approach is quite flexible, BitVMX can be instantiated to balance transaction cost vs round complexity, prover cost vs verifier cost, and precomputations vs round complexity.

• The paper introduces BitVMX’s novel design that simplifies Bitcoin program verification by replacing complex Merkle proofs with efficient hash chains.
• The paper demonstrates the use of memory-mapped registers and a unique message linking protocol to enhance dispute resolution in challenge-response setups.
• The paper’s methodology reduces verification rounds and transaction costs, paving the way for more secure and scalable on-chain computations.

Exploring BitVMX: A New Design for CPU Verification on Bitcoin

Introduction to BitVMX

BitVMX is an innovative virtual CPU design enhancing the verification of arbitrary programs executed on Bitcoin. By building upon the foundational ideas of BitVM and utilizing challenge-response games, BitVMX introduces mechanisms such as hash chains of program traces and memory-mapped registers without the complexities of previous implementations. This design aims to optimistically execute programs on Bitcoin, providing a potentially more efficient and flexible solution compared to earlier versions like BitVM1 and BitVM2.

Key Contributions and Features

BitVMX avoids using Merkle trees for verifying CPU instructions and memory words, reducing the complexity seen in prior solutions. Instead, it implements a mechanism involving hash chains for traces and a novel message linking protocol.

• Hash Chain Mechanism: Simplifies the execution trace, optimizes the dispute identification process by using n-ary search instead of binary, and cuts down the needed rounds for verification.
• Memory-Mapped Registers: Introduces an efficient way of tracking memory access and modifications, vital for verifying state changes.
• Challenge-Response Protocol: Enhanced with a new design that allows for more streamlined and specific responses to disputes in program executions.

Practical Implications

BitVMX's design ensures that two crucial roles, the prover and the verifier, can interact efficiently regarding the execution of programs on-chain:

• Prover/Operator: Claims correct execution of a program to unlock certain transactions or UTXOs.
• Verifier: Challenges the claim in the event of a disagreement, which triggers the dispute resolution game.

This ability to lock funds conditionally based on program execution opens possibilities not just for more complex financial products on Bitcoin but also for other high-security applications that need reliable computational verification.

Technical Innovations

1. Message Linking Scheme: Facilitates authenticated sequences of responses between parties, addressing Bitcoin’s limitations around stateful contracts.
2. CPU Specification: BitVMX supports multiple architectures, making it adaptable for various applications without custom modifications for compatibility.
3. Challenge-Response Game Modifications: The use of incremental hashes and segmented checks reduces the transaction costs and complexity in verifying chain computations, enhancing scalability and efficiency.

Towards Future Research

The introduction of BitVMX lays the groundwork for several potential research directions:

• Multiple Verifiers: Extending the framework to support multiple verifier scenarios securely could further decentralize the verification process.
• Economic Incentives: There is a need to explore different economic models to suit specific use cases for bitwise oracles, bridges, or verifier roles.
• Optimization: Continued efforts to balance between the round complexity and transactional costs can make BitVMX more usable in real-world scenarios.

Conclusive Thoughts

BitVMX represents a significant step in making Bitcoin's blockchain more versatile for complex computation verification, bridging the gap between robust security and operational efficiency. Its no-consensus change approach, combined with a robust and flexible design, permits a wider range of applications while maintaining the trustless nature of blockchain technologies. Moving forward, the challenge lies in practical implementations and potential adaptations to the ever-evolving blockchain ecosystem.