* [bitcoindev] BitVMX: A Virtual CPU to optimistically execute arbitrary programs on Bitcoin
@ 2024-05-13  1:51 Sergio Demian Lerner
  0 siblings, 0 replies; only message in thread
From: Sergio Demian Lerner @ 2024-05-13  1:51 UTC (permalink / raw)
  To: Bitcoin Development Mailing List
[-- Attachment #1.1: Type: text/plain, Size: 3025 bytes --]
 Hi!
I'd like to share with you a paper we published a few weeks ago, and was 
presented in BTC++. Here is the abstract:
BitVMX is a new design for a virtual CPU to optimistically execute 
arbitrary programs on Bitcoin based on a challenge/response game introduced 
in BitVM. Similar to BitVM1 we create a general-purpose CPU to be verified 
in Bitcoin script. Our design supports common architectures, such as RISC-V 
or MIPS. Our main contribution to the state of the art is a design that 
uses hash chains of program traces, memory mapped registers, and a new 
challenge-response protocol. We present a new message linking protocol as a 
means to allow authenticated communication between the participants. This 
protocol emulates stateful smart contracts by sharing state between 
transactions. This provides a basis for our verification game which uses a 
graph of pre-signed transactions to support challenge-response 
interactions. In case of a dispute, the hash chain of program trace is used 
with selective pre-signed transactions to locate (via n-ary search) and 
then recover the precise nature of errors in the computation. Unlike 
BitVM1, our approach does not require the creation of Merkle trees for CPU 
instructions or memory words. Additionally, it does not rely on signature 
equivocations. These differences help avoid complexities associated with 
BitVM1 and make BitVMX a compelling alternative to BitVM2. Our approach is 
quite flexible, BitVMX can be instantiated to balance transaction cost vs 
round complexity, prover cost vs verifier cost, and precomputations vs 
round complexity. (1)
https://bitvmx.org/files/bitvmx-whitepaper.pdf
Note that since the paper publication we have already improved the protocol 
and halved the number of rounds required, and a new paper presenting these 
improvements will be published soon.
 
With our latest optimizations, verifying a SNARK would require ~19 rounds 
(38 transactions) in the worst case, consuming ~400K weight units (WU) in 
total (spread over all the transactions). This is as a back-of-the-envelope 
estimation, as we're still researching, and the exact resources consumed 
depend on many trade-offs that can be chosen by users.
Also, if we can set an upper bound on the money a party would be willing 
sacrifice (and force the other parties to sacrifice too in equal amount) to 
force the protocol to be extended one more round, then we can further 
reduce both the round complexity or transaction cost (~50%).
regards, Sergio.
(1) Paper authors are Sergio Demian Lerner, Ramon Amela, Shreemoy Mishra, 
Martin Jonas, and Javier Alvarez Cid-Fuentes
-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/5189939b-baaf-4366-92a7-3f3334a742fdn%40googlegroups.com.
[-- Attachment #1.2: Type: text/html, Size: 3433 bytes --]
^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2024-05-13  1:54 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-13  1:51 [bitcoindev] BitVMX: A Virtual CPU to optimistically execute arbitrary programs on Bitcoin Sergio Demian Lerner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox