Why Bitcoin needs smart contracts

While the Bitcoin network is valued for its security and decentralization, its scripting language is limited when it comes to programmability. Adding a smart contract layer opens up new DeFi possibilities. Here’s an overview of projects bringing native smart contracts to Bitcoin.

By Bob Bodily

Bitcoin is a digital currency that relies on peer-to-peer software and cryptography and operates as an alternative payment system free of control from any organization or government. Every transaction is recorded on a publicly verifiable and immutable ledger accessible to the network and shared from node to node. Instead of relying on a central source of trust like a bank, consensus on who owns the bitcoin is determined cryptographically across the network’s nodes to ensure ultimate decentralization. With Bitcoin, people put their trust in the source code of the Bitcoin blockchain — this is in direct contrast to fiat money. While these attributes make the Bitcoin network robust, secure and trustless, its throughput is limited by design.

Every native bitcoin transaction is subject to long transaction times as a batch of transactions only gets mined in a new block every 10 minutes on average, and congestion to the network correlates with transaction fees that at their peak have reached $60 per transaction. And now with the current surge in inscribing and transferring Ordinals and BRC20 tokens, network congestion has reached unprecedented levels of pending transactions in the mempool and a 343% increase in transaction fees. While this spike in traffic may leave end users frustrated, it also indicates a demand for extended functionality. The Bitcoin blockchain now hosts over 14,000 BRC-20 tokens and over 10 million Ordinal inscriptions, so coming up with a scaling solution to mitigate the backlog with efficiency, and without compromising security, would be beneficial for Bitcoin users.

Some seem to believe that Layer-2 solutions are the answer, but in order for transfers to be fast, secure, inexpensive, and fully decentralized, the smart contracts hosted on any given blockchain must be able to create Bitcoin addresses as well as send and receive bitcoin directly on the Bitcoin network. Bringing native smart contracts to the Bitcoin network could be the ideal solution. Not only would they eliminate additional trust assumptions (beyond the L2 protocol itself) and keep transactions between chains, but they would also expand Bitcoin’s functionality greatly.

New DeFi possibilities

Beyond the Ordinals and BRC20 hype, DeFi is another good reason to extend smart contract capabilities to Bitcoin. As the Bitcoin network precedes the invention of smart contracts, it is not designed to work with DeFi platforms powered by smart contracts. So, it’s not surprising that only a tiny fraction of Bitcoin’s total supply has made it onto DeFi platforms. But due to a few key innovations this is slowly changing.

Currently, much of bitcoin is idle and locked up for value appreciation, so the overall volume on centralized and decentralized exchanges is nowhere near the network’s market cap. In 2022, the average daily bitcoin trading volume on major centralized exchanges was ~20 billion USD, only 3.6% of the network’s market cap. Perhaps the volume would increase if decentralized exchanges were more securely accessible. Adding a native smart contract layer to Bitcoin would not only make this possible, it would also open the gates to new DeFi services such as lending, staking, and secure payments — all fully on-chain.

Lightning isn’t light

Before exploring the various projects working on smart contract solutions, it’s worth taking a quick look at the Lightning network — the most well known Layer-2 for Bitcoin. Lightning aims to solve network congestion issues by providing instant and inexpensive transactions at a potential throughput of millions of transactions per second. While designed to speed up transaction processing times and decrease the associated costs of Bitcoin’s blockchain, Lightning has various limitations and vulnerabilities that can’t be overlooked.

First off, transactions are processed off the blockchain via peer-to-peer payment channels, which is not entirely trustless. Each channel is required to have enough liquidity to cover transaction loads, and Lightning users must also be online at all times for channels to remain reliably open. Going offline poses the risk that one party will settle on the Bitcoin network or close the channel unilaterally to intercept all funds within. And if payment channels get congested, the network can become susceptible to fraud or malicious attacks.

Finally, Lightning has many costs associated with it. Network latency has led to higher transaction fees as miners take longer to validate. Plus, separate routing fees defined by each node are charged for transfer payments over multiple channels with one or more “middlemen”. This means any business or exchange adopting the Lightning network as a payment method could also tack on additional fees. So even in the event that Taproot Asset Protocol or Taro enables Ordinal trading via Lightning, your Ordinal inscription still incurs unwanted fees.

Mechanisms like the Lightning network may have their perks, but bringing smart contracts to Bitcoin has the potential to offer more stable multi-chain functionality, security, and programmability for use cases well beyond a simple payment method.

Let’s take a look at the most promising projects with native cross-chain smart contracts.

Stacks

Stacks is a blockchain project with the goal of enabling bitcoin smart contracts. As a set rule, all block hashes of Stacks blocks are written into Bitcoin blocks, which means its smart contracts run relatively slowly (1 block per 10 minutes on average) and have slow finality. However, it also means that forks are extremely unlikely. Since every Stacks block hash is written into a Bitcoin block, the network runs in lockstep with the Bitcoin network, mirroring its robust security model. All Stacks miners also run a Bitcoin node, so that the execution of Stacks transactions in a Bitcoin block can use the current Bitcoin block state. The protocol envisions future upgrades, including running its own consensus protocol among its nodes and achieving a block time of 5 seconds. This will introduce a different trust model where blocks on Stacks are not anchored to the Bitcoin blockchain immediately.

One thing to note is that Stacks is only able to read from the Bitcoin network, and not yet able to write to it. In other words, smart contracts on the Stacks blockchain cannot be written to programmatically control bitcoin on Stacks. However, the project has a roadmap to introduce a synthetic bitcoin (sBTC) in the future that would be controllable by Stacks smart contracts. sBTC would be backed by real BTC held in a multisig address by a group of “Stackers”, or parties that have locked STX to earn rewards. End users would then be able to send BTC to that address to obtain sBTC, and convert it back by burning sBTC and making requests to Stackers to send real BTC from the multisig address. An sBTC launch is currently planned for Q3-Q4 of this year.

THORChain

THORChain is a cross-chain decentralized protocol that enables native swaps between different blockchains. Acting as a native layer, the protocol integrates with a growing number of high-market-cap blockchains using threshold ECDSA signatures. Smart contracts on THORChain facilitate multi-chain swaps with the main purpose of acting as a Layer 0 that brings liquidity from all the integrated chains together. The project makes asset swaps across multiple chains possible, the Bitcoin network included, with no user registration, natively secured assets and continuous liquidity pools without relying on centralized custodians.

While native integration is an ideal approach to bringing smart contracts to the Bitcoin network and other blockchains, there are some underlying security issues with their implementation. Perhaps the greatest disadvantage to THORChain’s technological approach is the fact that its GG20 implementation of threshold ECDSA relies on a synchronous network assumption, which means that the network would break down if a single honest node does not participate in the protocol work due to a crash or Byzantine fault. Synchronous assumptions are unrealistic for global-distributed systems. Take the Internet, for example, which is an asynchronous network. If today’s Internet were synchronous or dependent on the livelihood of individual computers, which fail all the time, the Internet would constantly crash and be highly vulnerable to malicious hacks.

THORChain uses staking in their native RUNE token to secure the value locked up on the chain, which identifies any misbehaving party that attempts to make the protocol fail. While staking does disincentivize operators from colluding and running off with locked-up funds, staking in the native RUNE token only prevents dishonest behavior of nodes, but not outside attackers who try to compromise these nodes. At the end of the day, possible node crashes do not allow for unstoppable smart contracts. Since the launch of its mainnet Ethereum integration, THORChain has lost millions of dollars due to successful hacks.

Threshold BTC

Threshold BTC is another trustless architecture using threshold ECDSA signing to bridge Ethereum and the Bitcoin network. Similar to THORChain, their implementation of threshold ECDSA relies on the synchronous network assumption, making it less suitable than a more relaxed assumption regarding the synchrony of the communication network. Locked BTC also needs to be 150% collateralized with ETH, which is an incentive not to run away with the BTC via node collusion. This is a stronger mechanism than that of THORChain, which uses its own RUNE governance token.

Threshold is governed by a DAO composed of token holders and an elected council. Each party holds the other accountable and has specific responsibilities that are ingrained in the governance structure. As per their 2019 whitepaper, fault attribution has not been initially deployed as part of their GG19-style threshold ECDSA protocol, so signers could misbehave and abort the protocol without being punished.

RenVM

RenVM is a decentralized network of machines called “Darknodes” that allows smart contracts on various blockchains to accept and spend tokens on other blockchains, including Bitcoin and ZCash. RenVM smart contracts are capable of maintaining custody of crypto assets in their respective blockchain, dividing the access between the Darknodes and the end user who has entered these assets into the system. The protocol also supports renBTC, an ERC-20 digital asset available on Ethereum that is 1:1 backed by bitcoin. A user sends bitcoin to a RenVM address on the Bitcoin blockchain. The RenVM syncs with the Bitcoin blockchain, and if it discovers added funds, it uses secure multi-party computation to generate a minting signature. The minting signature is then sent to the Ethereum blockchain, where the signature is verified and the corresponding amount of renBTC (minus fees) is minted.

At first glance, RenVM seems to be a solid scaling solution. However, the threshold ECDSA algorithm implemented in the protocol tolerates less than a quarter of malicious nodes, and like THORChain and Threshold BTC, it only works in a synchronous model where all messages are guaranteed to arrive in a fixed bounded time. Due to the asynchronous behavior of real-world global communication networks, such a model is not adequate for a global, decentralized network.

Finally, the decentralized nature of the Ren network is also highly questionable given a recent announcement that the Ren 1.0 network is shutting down due to the events surrounding Alameda. There is also speculation that renBTC has been used for money laundering.

Chainflip

Chainflip is a decentralized platform that eases swap assets natively across any chain through ordinary crypto wallets in one transaction. Its Automated Market Maker (AMM) protocol involves staked vaulted nodes that interface with multi-signature wallets. Using multi-party computation (MPC), AMM governs these high-threshold multi-signature wallets operating through a permissionless 150-node validator network. Validators operate a virtual AMM system that facilitates swaps between the industry’s most liquid and most traded assets, including bitcoin. Transactions are initiated only after amassing a minimum of ⅔ votes from all parties participating. And the transaction validation process is powered by daemons, a program that enables the protocol to automatically activate the validation process itself at selected events. Each vault node runs daemons from supported distributed networks.

A vault includes liquidity pools, which fuel liquidity mining. Liquidity pool providers earn rewards through transaction costs on the pools, and liquidity provisions allow providers to contribute only one side of the asset, unlike other approaches where both sides of the asset are required. The network rebalances the assets by implicitly swapping assets in a pool.

Chainflip interacts with blockchains using an EdDSA signature scheme and smart contract platforms with EdDSA support. It can also interact with platforms that do not have smart contract or EdDSA capabilities. The network is also designed to discourage malicious actors. Vault collateralization, randomization, stake slashing, and a penalty system enhance the platform’s security.

This platform specifically targets decentralized spot trading, considering it the biggest market opportunity in the cross-chain space, and aims to offer a secure, efficient, and simple avenue to win users over from centralized exchanges.

The Internet Computer

The Internet Computer (ICP) is a Layer-1 blockchain that not only aims to facilitate cross-chain swaps, its vision is to achieve blockchain singularity where one day all IT systems and software run on smart contracts without the need for a centralized cloud. In building the foundation to realize blockchain singularity, ICP has an architecture with 35+ subnets that function as their own blockchains that continuously talk to each other. This means that the overall capacity of the network can scale by adding more nodes and forming more subnets from the nodes. What’s more, each subnet runs its own instance of the ICP’s consensus protocol that offers low latency and allows transactions to finalize in seconds.

Beyond its capacity to scale, ICP smart contracts called ‘canisters’ have more capabilities than most other chains. For example, canister smart contracts can communicate natively across subnets and process HTTP requests — a feature that enables them to host frontends of dapps, making them directly accessible through web browsers. They can also be written in any language that compiles to Wasm. SDKs are available in Rust, Motoko, Python, and TypeScript.

So, how does all of this benefit Bitcoin? First of all, canisters can read and write the state of the Bitcoin network without introducing new trust assumptions beyond the protocol itself. To read, ICP nodes directly pull blocks from the Bitcoin network to maintain Bitcoin’s current UTXO set, allowing canisters to query the balance of Bitcoin addresses and their UTXOs. Submitting bitcoin transactions and querying UTXO sets of Bitcoin addresses are made available to any canister on the Internet Computer via a Bitcoin API. Essentially, the Internet Computer not only reads the Bitcoin blockchain, it can also write to it via sending signed transactions to the Bitcoin network using chain-key ECDSA signing.

In short, chain-key ECDSA is a set of cryptographic protocols that allow Internet Computer nodes to cooperatively sign Bitcoin transactions, using a highly fault-tolerant, decentralized network that is resilient to attacks by malicious nodes. The secret key is never stored anywhere, instead it is broken down into key shares held by ICP nodes, and the shares are re-shared periodically so that if an attacker has been able to obtain some shares, those become worthless after re-sharing. When requested by a canister, nodes use their key shares to collectively sign BTC transactions without ever recreating the original secret key. This signing protocol assumes a threshold of nodes to be honest. The Internet Computer is secure in the asynchronous network model but in order to allow for blocks to be created, partial synchrony or periods of synchronicity is required. The Internet Computer can tolerate up to less than 1⁄3 of failing replicas. And should a replica fail or become malicious, the Internet Computer can hot swap.

While the Bitcoin network integration on the Internet Computer is extremely powerful in terms of security and interoperability, every bitcoin transaction still is processed with the same low throughput, high latency, and high fees native to the Bitcoin network — because it is processed on the Bitcoin network. To get around this, ckBTC was launched. ckBTC is a digital bitcoin twin created by chain-key cryptography (advanced cryptography that powers the Internet Computer) and a pair of canister smart contracts.The two canisters work in concert to create ckBTC and to ensure that the total value of ckBTC is cryptographically secured 1:1 with real bitcoin.

ckBTC can be sent with 2–5 second finality and negligible fees. All transfer activity and metrics of the two canister smart contracts are verifiable on chain. Issuing and redeeming ckBTC also goes through Know Your Transaction (KYT) checks to protect end users by ensuring no tainted bitcoin enters the Internet Computer blockchain or is transferred out to tainted Bitcoin addresses.

It’s all about trust

Satoshi Nakamoto once wrote in defense of Bitcoin: “The root problem with conventional currencies is all the trust that’s required to make it work. The central bank must be trusted not to debase the currency, but the history of fiat currencies is full of breaches of that trust.”

While native smart contracts as a scaling solution are still in their infancy, various blockchains are making fast progress. What it comes down to is trust. Successful solutions will depend on the level of trust assumptions. In the case of smart contracts, users have to trust the protocols of the blockchains involved, not central banks, custodians or bridges. That’s a huge leap forward.

Originally published at https://www.bitcoininsider.org on August 9, 2023.