-
@ Max
2025-06-15 15:54:40
BitVM 3 is published!
And following the OG cypherpunk tradition of crazy short groundbreaking research, it's only three pages long.
https://bitvm.org/bitvm3.pdf
BitVM3 is a protocol for verifying SNARK proofs on Bitcoin that improves efficiency by moving most computation off-chain. It builds on earlier BitVM designs but reduces the data required for on-chain transactions by over 1000 times.
The protocol uses garbled circuits based on RSA cryptography. During setup, the garbler generates wire labels for each circuit component using modular arithmetic. These labels are tied to secret exponents that allow the circuit to reveal a fraud proof only if an invalid SNARK claim is made. Adaptor elements adjust labels when a single output connects to multiple inputs, resolving conflicts from prior schemes that failed with complex circuits.
Key improvements include smaller transaction sizes. Submitting a SNARK proof (assertTx) now requires ~56 kB instead of 2-4 MB. Disproving an invalid claim (disproveTx) takes just 200 bytes compared to 2-4 MB previously. This makes disputes vastly cheaper on-chain.
The trade-off is a massive one-time off-chain data transfer of ~5 TB for a SNARK verifier circuit with 5 billion gates. This data encodes the garbled circuit and adaptors needed to handle fan-out connections. Setup takes about 1.8 days at 250 Mbps upload speed but is a single upfront cost.
Verification works by checking the circuit structure in plaintext. The garbler proves they reblinded labels correctly using zero-knowledge methods, which involves ~2400 exponentiation operations. Reblinding allows the evaluator to compute adjusted labels non-interactively through exponent manipulation.
BitVM3 demonstrates how Bitcoin can securely settle complex computations despite its limited scripting language. While it enables trust-minimized bridges for layer-2 systems like rollups, the protocol's main challenge is reducing the 5 TB off-chain data burden for broader adoption. Future work will focus on optimizing this requirement.