This is a segment of the 0xResearch newsletter. Subscribe to read the full edition.
The race to make Bitcoin programmable without a soft fork has been transformed into one of the most creative weapon races in cryptography.
In the center is BITVM. This is a framework for proofing off-chain calculations in Bitcoin via fraud proof. The first iteration, now known as BITVM1, used a multi-round interactive protocol. BITVM2 simplifies this to a single round of tomographic proof using Split Snark Verifier, and has already proven practical for early adopters such as Bitcoin (Bob), Citrea, and Bitlayer builds.
Currently, BITVM3 proposes to go further by reducing the cost of proofing the Onchain scam by about 1000 times. But there’s a catch. It is still in the research phase and has critical security, complexity and data availability challenges to solve before it becomes a production response.
“The overall design of the BITVM bridge between BITVM2 and BITVM3 remains the same,” Bob co-founder Alexei Zamyatin told BlockWorks. “The key difference is that the Snark Verifier (BITVM2) is swapped for the dial (BITVM3). It said, “We are exploring the incorporation of elements of the latest BITVM design into a customized hybrid BITVM bridge.”
Carled Circuits is a term for cryptographic gadgets that allows a party to precommit to calculations that can be verified without learning a private input. In theory, this reduces the on-chain burden of Bitcoin to a small commitment per logic gate. It has a huge promise, but it is far from proven on a large scale, and research is underway to address pre-development shortcomings.
Meanwhile, the existing bridges are moving forward with BITVM2. Bob recently launched the latest BITVM2-based Bridge Testnet with leading Defi partners enabling Bitcoin-assisted assets in other chains. BITVM2 is being audited and is expected to be ready for MainNet soon.
“Carled Circuits is an exciting development, but more research is needed before it can be considered practical to implement,” Zamyatin explained. “It is important to note that most of the work of building bridges using BITVM remains the same using BITVM2 or BITVM3.”
The current costs of BITVM2 are not trivial. Zamyatin estimates the worst on-chain fraud proof with transaction fees of around $16,000. But even that’s cheaper than Ethereum’s OP stack failure proof, which requires 14 ETH (more than $40,000 today) on bonds.
Meanwhile, as Robin Linus mentioned this week in the BITVM Builders Telegram Group, other teams are experimenting with different flavors of garbled characters.
“Citrea explores the classic Yao-style girling approach combined with the cut-and-chew method to verify circuit accuracy, which sacrifices higher communication and storage costs. It relies on highly conservative assumptions, but in contrast, Alpen (Lab) seeks communication. The combat is still struggling and doesn’t work well on ready-made touring.”
Simply put, Citrea’s method is like making many sealed envelopes (“Garled Circuits”) that hide each step, making sure the checker randomly opens some of them (“cut and select”) and doesn’t cheat. It’s simple and built on planned ideas, but you’ll need to send and store a pile of envelopes.
Alpen’s method reduces everything to a single small postcard (“specified verifier Snark”) that the checker can read quickly, saving bandwidth and space. The catch is that this postcard has not faced many real-world stress tests and relies on newer, more experimental “crypto inks” that are not yet compatible with the standard stationery that most developers keep on their desks.
