BitVM3 promises cheaper Bitcoin bridges — but not yet

This can be a section from the 0xResearch e-newsletter. To learn full editions, subscribe.

The race to make Bitcoin programmable with no smooth fork has become one of the crucial artistic arms races in crypto.

On the middle is BitVM, a framework for proving off-chain computation on Bitcoin by way of fraud proofs. Its first iteration, now often called BitVM1, used a multi-round interactive protocol. BitVM2 simplified this to a single-round fault proof utilizing a break up SNARK verifier, and is already proving sensible for early adopters like Construct on Bitcoin (BOB), Citrea and Bitlayer.

Now, BitVM3 proposes to go even additional by slicing onchain fraud proof prices by ~1000x. However there’s a catch: It’s nonetheless within the analysis part, with essential safety, complexity and information availability challenges to unravel earlier than turning into production-ready.

“The general design of the BitVM bridge between BitVM2 and BitVM3 stays the identical,” BOB co-founder Alexei Zamyatin informed Blockworks. “The important thing distinction is swapping the SNARK verifier (BitVM2) with a garbled circuit (BitVM3), he stated, including “we’re exploring incorporating components of the newest BitVM design in our customised hybrid BitVM bridge.”

Garbled circuits are a time period for cryptographic devices that enable one get together to pre-commit to a computation that one other can confirm with out studying the personal inputs. In principle, this reduces Bitcoin’s onchain burden to tiny commitments per logic gate. Whereas it holds nice promise, it’s removed from confirmed at scale and analysis is ongoing to deal with shortcomings earlier than deployment.

In the meantime, present bridges are transferring forward on BitVM2. BOB not too long ago launched its newest BitVM2-based bridge testnet with main DeFi companions to allow Bitcoin-backed property on different chains. BitVM2 is being audited and is anticipated to be prepared for mainnet quickly.

“Garbled circuits are an thrilling improvement however they nonetheless want fairly a bit extra analysis earlier than they may very well be thought-about sensible to implement,” Zamyatin defined. “It is very important notice that almost all of the work to construct a bridge utilizing BitVM stays the identical [when] utilizing BitVM2 or BitVM3.”

BitVM2’s present prices aren’t trivial: Zamyatin estimates a worst-case onchain fraud proof at round $16,000 in transaction charges. However even that’s cheaper than Ethereum’s OP Stack fault proofs, which require 14 ETH or extra (over $40,000 at present) for bonds, and might run into lots of of ETH to really show fraud onchain.

In the meantime, different groups are experimenting with totally different flavors of garbled circuits, as Robin Linus stated within the BitVM Builders Telegram group this week:

“Citrea is exploring a traditional strategy of Yao-style garbling mixed with a cut-and-choose technique for verifying the circuits’ correctness. That comes on the expense of upper communication and storage value, however it’s properly easy and depends on very conservative assumptions. In distinction, Alpen [Labs] is exploring a designated-verifier SNARK, which reduces the communication overhead, however comes on the expense of extra unique cryptography, which isn’t battle-hardened but and doesn’t work as nicely with off-the-shelf tooling.”

In easier phrases, Citrea’s technique is like making a number of sealed envelopes (“garbled circuits”) that disguise every step, then letting the checker randomly open a few of them (“lower and select”) to verify you didn’t cheat. It’s easy and constructed on time-tested concepts, however you could ship and retailer piles of envelopes, which is cumbersome and gradual.

Alpen’s technique shrinks every thing right into a single, tiny postcard (“designated-verifier SNARK”) that the checker can learn rapidly, saving bandwidth and house. The catch is that this postcard depends on newer, extra experimental “cryptographic ink” that hasn’t confronted as many real-world stress checks and isn’t but suitable with the usual stationery most builders carry on their desks.