StarkWare, in collaboration with researchers from the Weizmann Institute of Science, has announced a solution to various limitations in Bitcoin’s scripting capabilities.
A recent research paper outlines a new design that purportedly facilitates the implementation of intricate smart contracts on Bitcoin in a manner that is more capital-efficient. The system is also expected to be significantly more efficient in terms of computational resources.
ColliderVM is a protocol aimed at enabling stateful calculations on Bitcoin, permitting the secure execution of multi-step processes across several transactions. Historically, the output of Bitcoin scripts has been inaccessible to other scripts, rendering advanced computations almost unfeasible.
The researchers suggest that ColliderVM could enable the utilization of Scalable Transparent Arguments of Knowledge (STARKs)—a form of zero-knowledge proof—on Bitcoin without necessitating any changes at the consensus level. This architecture would allow Bitcoin to validate complex off-chain computations while requiring minimal on-chain data.
ColliderVM Addresses Bitcoin Limitations
Each Bitcoin block can accommodate up to 4 million OPCodes (commands) distributed across all transactions, with a single Bitcoin script being limited to a maximum of 1,000 stack elements (data entries). Moreover, the stateless nature of execution implies that each script runs without retaining memory of prior states or intermediate results from earlier transactions, complicating sophisticated calculations.
The BitVM implementation, detailed in a 2023 paper by Robin Linus from the Bitcoin research company ZeroSync, enabled complex smart contracts on Bitcoin but relied on fraud proofs. These proofs are cryptographic in nature and confirm whether a transaction or computation was executed incorrectly, potentially initiating corrective measures.
Implementing fraud proofs generally requires operators to advance funds for possible corrective actions. In BitVM, operators must prepay to cover potentially fraudulent transactions, recuperating that capital after the fraud-proof window lapses.
The new system also enhances efficiency from a computing perspective compared to previous implementations, though it remains costly. Earlier versions utilized cryptographic one-time signatures (Lamport and Winternitz), which were known to be computationally intensive.
ColliderVM draws on concepts from the November 2024 ColliderScript paper by StarkWare researchers, Cloudflare, and Blockstream. This system relies on a hash collision-based commitment that challenges participants to produce an input which, when run through a hash function, yields an output with predetermined attributes.
Related: A Beginner’s Guide to the Bitcoin Taproot Upgrade
This architecture demands significantly fewer computing resources from honest operators in contrast to malicious ones.
Computational resources required by honest and malicious actors based on collision difficulty. Source: ColliderVM paper
Hash, But No Food or Weed
A hash refers to a non-reversible mathematical function that can process arbitrary data to produce a fixed-length alphanumeric string. The non-reversible nature means that it’s impossible to reverse the computation to derive the original data from a hash.
This results in a data ID that identifies the data precisely, lacking any embedded original data.
Examples of hash functions. Source: Wikimedia
This system—to some extent analogous to Bitcoin (BTC) mining—necessitates significantly fewer hash operations compared to BitVM, leading to reductions in script size and processing time. Researchers behind ColliderVM assert that they have decreased the number of necessary operations by at least a factor of 10,000.
The researchers imply that this implementation is on the verge of making a STARKs-based Bitcoin sidechain feasible. The paper states:
“We estimate that the Bitcoin script length for STARK proof verification becomes nearly practical, permitting its use alongside other, pairing-based proof systems commonly utilized in applications.”
STARKs represent a zero-knowledge proof system acknowledged for their scalability and trustless characteristics (no trusted setup is involved). ZK-proofs are a cryptographic technology allowing users to validate specific attributes of data without exposing the underlying data.
Many early ZK-proof systems required a one-time secure setup dependent on “toxic waste” data. Retaining this toxic waste could enable the party to create fraudulent signatures and generate deceitful proofs. STARKs do not demand such a setup, making them inherently trustless.
Traditional implementations of STARK verifiers would necessitate scripts exceeding Bitcoin’s constraints. However, the ColliderVM researchers contend that their more efficient methodology brings on-chain verification scripts for STARK proofs to “nearly practical” levels.
Related: Bitcoin sidechains will drive BTCfi growth
Trustless Sidechains Based on Bitcoin?
Bitcoin is frequently regarded as the most secure and reliable blockchain, but critics point out its feature set is significantly more restricted than many alternative cryptocurrencies. While sidechains like Blockstream’s Liquid exist, they do not offer trustless solutions.
Andrew Poelstra, Director of Research at Blockstream and a mathematician, expressed in a Cointelegraph interview back in 2020 that ZK-proof-based systems are “one of the most exciting areas of development” within cryptography. Cypherpunk, a developer referenced in the Bitcoin white paper and a founder of Blockstream, noted in a 2014 paper that further work was needed to create trustless ZK-proof-based sidechains for Bitcoin.
Yet, even after a decade, a system based on ColliderVM would remain trust-minimized rather than trustless, as users would still need to rely on a minimal subgroup of network participants to behave honestly for the system to function correctly.
The lead authors of the study include Eli Ben-Sasson, co-founder of StarkWare, along with researchers Lior Goldberg and Ben Fisch. Ben-Sasson is among the original developers of STARKs and has been an advocate for leveraging zero-knowledge proofs to enhance blockchain scalability.
In a recent conversation with Cointelegraph, StarkWare co-founder Ben-Sasson remarked that a genuine Bitcoin layer-2 solution should possess “the security of Bitcoin itself.” Instead, the current solutions depend on trust in signers or fraud-proof-based economic incentives. However, he acknowledged the presence of the Lightning Network:
“We should also acknowledge there’s, of course, today, lightning networks, which have the security of Bitcoin.”
Magazine: ‘Bitcoin Layer 2s’ Aren’t Really L2s at All: Here’s Why That Matters
