StarkWare researchers propose smart contracts for Bitcoin with ColliderVM
Sidechain developer StarkWare and Weizmann Institute of Science researchers claim to have created a workaround for multiple Bitcoin script limitations.
According to a recent research , the new design claims to allow the deployment of complex smart contracts on Bitcoin in a more capital-efficient manner. The new system may also be vastly more efficient from a computing standpoint.
ColliderVM is a protocol designed to enable stateful computation on Bitcoin, allowing multi-step processes to be securely executed over multiple transactions. Traditionally, Bitcoin script output is not accessible to other scripts, making complex calculations nearly impossible.
The researchers argue that ColliderVM could allow the use of Scalable Transparent Arguments of Knowledge (STARKs) — a type of zero-knowledge proof — on Bitcoin without requiring consensus-level changes to the network. The architecture would let Bitcoin verify complex offchain computations with minimal onchain data.
ColliderVM targets Bitcoin limitations
Each Bitcoin block can contain up to 4 million OPCodes (commands) across all transactions, and a single Bitcoin can contain up to 1,000 stack elements (data entries). Furthermore, stateless execution means that each script executes without memory of previous state or intermediate computations from earlier transactions, making complex computations impractical.
The BitVM implementation from a 2023 by Robin Linus from Bitcoin research firm ZeroSync allowed for complex smart contracts on Bitcoin but required fraud proofs. Fraud proofs are cryptographic proofs that prove a particular transaction or computation was performed incorrectly, possibly triggering corrective actions.
Fraud-proof implementation typically requires operators to front capital for potential corrective actions. In BitVM, operators pay an advance to cover potentially fraudulent transactions, recovering the capital after the fraud-proof window closes.
The new system is also more efficient from a computing point of view, compared with previous implementations, but still expensive. Previous implementations used cryptographic one-time signatures () that were notably computationally heavy.
ColliderVM draws from the November 2024 ColliderScript by researchers from StarkWare, web services firm Cloudflare and Bitcoin sidechain developer Blockstream. This system relies on a hash collision-based commitment setting a challenge to produce an input that, when run through a hash function, produces an output with pre-determined features.
Related:
This setup requires significantly fewer computing resources from honest operators than from malicious actors.
Computational resources needed by honest and malicious actors depending on collision difficulty. Source: ColliderVM
Hash, but no food or weed
A hash is a non-reversible mathematical function that can be run on arbitrary data, producing a fixed-length alphanumeric string. Non-reversible means that it is impossible to run the computation in reverse to obtain the original data from a hash.
This results in a sort of data ID identifying data to the bit, without containing any underlying data.
Hash function examples. Source:
This system — somewhat resembling Bitcoin () mining — requires significantly fewer hash operations compared to BitVM, reducing both script size and processing time. ColliderVM researchers claim to have reduced the number of those operations even further, by at least a factor of 10,000.
The researchers seemingly suggest that this implementation is nearly making a STARKs-based Bitcoin sidechain practical. The paper reads:
“We estimate that the Bitcoin script length for STARK proof verification becomes nearly practical, allowing it to be used alongside other, pairing-based proof systems common today in applications.”
STARKs are a system recognized for their scalability and trustless nature (no trusted setup is needed). ZK-proofs are a cryptographic system that allows users to prove a particular feature of a piece of data without revealing the underlying data.
Many early ZK-proof systems necessitated a one-time secure setup that relied on “toxic waste” data. If a party were to keep hold of the toxic waste, it would allow them to forge signatures and generate fraudulent proofs. STARKs do not rely on such a setup, making them trustless.
Traditional implementation of STARK verifiers would require scripts that exceed Bitcoin’s limits. Now, researchers behind ColliderVM argue that their more efficient system approaches make an onchain verification script for STARK-proofs “nearly practical.”
Related:
Bitcoin-based trustless sidechains?
Bitcoin is widely , but its critics raise issues with its feature set being significantly more limited when compared to many altcoins. Sidechains such as Blockstream’s Liquid exist, but are not trustless.
Director of research at blockchain firm Blockstream and mathematician Andrew Poelstra told Cointelegraph as far back as 2020 that ZK-proof-based systems ” in the cryptography space. Cypherpunk, a developer cited in the Bitcoin white paper and Blockstream founder, explained in a 2014 paper that to implement trustless ZK-proof-based sidechains on Bitcoin.
Still, even 10 years later, a system based on ColliderVM would be trust-minimized rather than trustless. This is because users would still need to trust that at least a minimal subset of network participants will act honestly to ensure the correct functioning of the system.
The study’s lead authors include Eli Ben-Sasson, co-founder of StarkWare, along with researchers Lior Goldberg and Ben Fisch. Ben-Sasson is one of the original developers of STARKs and has long advocated for the use of zero-knowledge proofs to improve blockchain scalability.
In a recent interview with Cointelegraph, StarkWare co-founder Ben-Sasson noted that a real Bitcoin layer-2 solution would need to have “the security of Bitcoin itself.” Instead, current solutions rely on trust in signers or fraud-proof-based economic incentives. Still, he recognized the Lightning Network:
“We should also acknowledge there’s, of course, today, lightning networks, which have the security of Bitcoin.“
