BitVM: A Computational Revolution in Bitcoin

BitVM is a new computing paradigm that theoretically allows any computation within Bitcoin itself. This could open doors to more complex smart contracts, decentralized applications, and other functionalities.

BitVM: A Computational Revolution in Bitcoin
Image of a very old Bitcoin computer, made of metal, with a golden finish and many buttons, parts, wires, and gears.

The world of cryptocurrencies has been a stage for continuous innovations since the creation of Bitcoin. Each advancement aims to improve the efficiency, security, and versatility of transactions and contracts carried out on the blockchain. BitVM emerges as a revolutionary proposal, promising to bring arbitrary computation to Bitcoin without the need for a fork. This article seeks to elucidate the technical and practical aspects of BitVM, its advantages, disadvantages, and the challenges it faces.

BitVM is a new paradigm of computation that utilizes the NAND logic gate, along with other gates, within Taproot leaves with pre-signed transactions. This approach theoretically allows for any computation within Bitcoin itself. The central idea is that by using only NAND gates, it is possible to construct circuits for arbitrary computation, something that is already well-established in the theory of computation.

Watch the coverage on BitVM on Morning Crypto


The emergence of BitVM is not just a technical achievement but is also driven by clear incentives within the Bitcoin ecosystem. The ability to perform arbitrary computations directly on Bitcoin has the potential to significantly expand the applications of Bitcoin beyond simple monetary transactions. This could open doors to more complex smart contracts, decentralized applications, and other functionalities that were previously the domain of other blockchains, such as Ethereum.

BitVM operates by elevating the logic of computation off-chain and allowing only a few steps of the computation to be processed on-chain, even if one of the parties presents a dishonest result. This is achieved through the combination of NAND gates within Taproot leaves and pre-signed transactions. Essentially, BitVM enables the execution of Turing-complete computations on Bitcoin in a verifiable and enforceable manner.

NAND Logic Gate (NOT AND)

A NAND logic gate (acronym for NOT AND) is one of the fundamental logic gates in digital electronics. It has two inputs and one output. The NAND gate produces a FALSE (0) output only when both of its inputs are TRUE (1). In all other cases, it produces a TRUE output. Mathematically, the NAND operation is the negation of the AND operation, hence the name "NOT AND."

The significance of the NAND gate in computing is that it is a "universal" logic gate, meaning that any logical or computational function can be constructed using only NAND gates. This makes it fundamental in the construction of electronic circuits and computers.

Tapscript using NAND gates source: BitVM Paper

Taproot and Tapscript

Taproot is a proposed upgrade for Bitcoin aimed at improving its privacy and efficiency. One of the key features of Taproot is that it allows multiple spending conditions to be combined into a single condition, making transactions more efficient and private. On the other hand, Tapscript is the scripting language that enables the execution of these conditions. Each "Tapleaf" or "Taproot Leaf" represents a potential spending condition within a Taproot structure. It was introduced to Bitcoin through Bitcoin Improvement Proposal (BIP) 341.

The central idea behind Taproot is to combine the benefits of payment scripts (which allow for complex spending conditions for bitcoins) with regular single-signature transactions so that both appear indistinguishable on the blockchain. This is achieved using a combination of cryptographic techniques, including Schnorr signatures and Merkle trees.

The benefits of Taproot include:

  • Enhanced Privacy: All transactions, regardless of their complexity, will appear as regular single-signature transactions on the blockchain.
  • Reduced Space Usage: Complex transactions using payment scripts can be represented more efficiently, saving space on the blockchain.
  • Flexibility: It allows for the creation of more complex and flexible smart contracts on Bitcoin without revealing the full complexity on the blockchain.
Taproot circuit source: BitVM Paper

In summary, while the NAND gate is a fundamental concept in electronics and computer theory, Taproot is a specific innovation within Bitcoin that aims to improve how transactions and smart contracts are represented and processed on the blockchain. Both are crucial concepts when discussing BitVM and its implications for the future of Bitcoin.

Turing Complete

The term "Turing Complete" refers to the ability of a computing system to simulate any Turing machine. In simpler terms, if a system is Turing Complete, it means it has the capacity to solve any computational problem, given enough time and memory.

The Turing Machine, inspired by the renowned computer scientist Alan Turing, is a theoretical concept that represents how a computer works at its most basic level. Imagine a long tape containing information and a "machine" that follows specific rules to read and modify this information. Although not a real physical entity, this model is crucial in computer science as it sets a standard for determining the limits of computational capabilities.

When we say that a programming language or system is Turing Complete, we are essentially saying that it has the ability to simulate any Turing Machine and, therefore, can be used to perform any computation that a Turing Machine can execute.

In the context of BitVM and Bitcoin, the assertion that BitVM allows for the execution of "Turing-complete" computations on Bitcoin means that BitVM has the theoretical capability to execute any kind of calculation or program on Bitcoin, making it an extremely powerful and versatile platform for decentralized application development.

Bristol Format in BitVM

The Bristol format is a standard adopted to describe how circuits that verify information without revealing it (known as zero-knowledge proofs) are structured. In simple terms, it serves as a guide or template that shows how to organize and interpret these circuits. Here is a simplified representation of what it looks like:

127 191
1 64 
1 1 
1 1 63 65 INV
1 1 60 64 INV
2 1 65 64 69 AND
  • The first line, 127 191, defines the number of "wires" required in the circuit.
  • The second line. 1 64, specifies how many "input wires" will contribute input bits to the function.
  • The third line, 1 1, indicates how many "output wires" will exit the circuit.
  • Subsequent lines represent the logical gates within the circuit, such as INV (Inverter) and AND.

The Bristol format is a compact and efficient representation of boolean circuits. In the context of BitVM, it is used to define circuits that can be evaluated and verified within Bitcoin.

To convert, execute, and validate a Bristol circuit into a Taproot address, several dependencies are required. The proof of concept provides functions to convert each line into an array, set some necessary variables using the first three lines, and then tailor the circuit only for the logical gates.

Zero-Knowledge Proofs

Zero-knowledge proofs are a cryptographic concept that allows one party (the prover) to prove to another party (the verifier) that a certain statement is true without revealing any specific information about the statement itself. In other words, it is possible to prove that you know something without disclosing what you know.

For example, imagine you want to prove that you know the password to a system but don't want to reveal the password itself. By using zero-knowledge proofs, you can convince someone that you know the password without actually showing it.

Alibaba Cave with Alice and Bob: Zero-Knowledge Proof Source: Wikipedia

Benefits of Zero-Knowledge Proofs for BitVM:

  • Enhanced Privacy: By using zero-knowledge proofs in BitVM, it would be possible to perform calculations and transactions without revealing the specific details of these operations. This means that the details of smart contracts or other operations could remain private while still verifying their validity.
  • Efficiency in Disputes: In scenarios where there are disputes over the execution of a contract in BitVM, zero-knowledge proofs could be used to quickly validate claims without the need to process the entire computation or transaction in detail.
  • Reduced Data Volume: Since zero-knowledge proofs do not require the disclosure of all the details of a transaction or calculation, they could help reduce the amount of data that needs to be stored and transmitted on the network.
  • Expansion of BitVM Capabilities: By incorporating zero-knowledge proofs, BitVM could support a broader range of applications and contracts that require advanced privacy and security, making it more versatile and powerful.

Second-Layer Networks (Layer 2):

Second-layer networks are solutions built "on top" of an existing blockchain (such as Bitcoin or Ethereum) to increase its capacity and speed. They allow transactions to be processed off-chain and then consolidated and recorded on the main chain at a later time. This helps alleviate congestion and reduce fees.

How Zero-Knowledge Proofs Would Facilitate Second-Layer Networks:

  • Compact Transaction Validation: ZKPs can be used to create "proofs" of a large number of off-chain transactions. Instead of submitting each transaction individually to the main chain, a single ZKP proof that validates all these transactions can be submitted. This saves space and reduces fees.
  • Privacy in Transactions: In second-layer networks, where many transactions occur off-chain, ZKPs can ensure that the details of these transactions remain private while still proving their validity.
  • Secure Interoperability: ZKPs can facilitate secure communication between different second-layer networks or between a second-layer network and the main chain without revealing sensitive details.
  • Efficient Dispute Resolution: In second-layer systems, where transactions are typically confirmed between parties and then recorded on the main chain, disputes can arise. ZKPs allow one party to prove they acted correctly without revealing the exact details of the transaction, facilitating more efficient dispute resolution.
  • Improved Scalability: By combining second-layer networks with ZKPs, it is possible to process a significantly larger number of transactions off the main chain and then consolidate them into a single proof on the main chain. This can dramatically increase the number of transactions a blockchain can support.
  • Development of ZK Rollups: One of the most notable advancements combining second-layer networks with ZKPs is "ZK Rollup." In this system, transactions are processed off the main chain and then "rolled up" into a single ZKP proof that is recorded on the main chain. This combines the efficiency of second-layer networks with the security and privacy of ZKPs.
Sidechains (CoinDesk)
Sidechains Source: Blockstream

In summary, zero-knowledge proofs have the potential to revolutionize the functioning of second-layer networks, making them more secure, private, and scalable. In doing so, they can play a crucial role in overcoming the scalability challenges faced by many blockchains today.

Summary of Each Relevant Technical Feature:

  1. NAND Gates in Bitcoin: BitVM utilizes the NAND logic gate, which is a universal gate, allowing the construction of any logical function. In the context of BitVM, these gates are constructed using Bitcoin script, specifically with the help of hashlocks and opcodes like OP_BOOLAND and OP_NOT.
  2. Bristol Format: The Bristol format is a standardized representation for boolean circuits. In the context of BitVM, it is used to represent and process circuits in a compact and efficient manner. This format is crucial for creating and validating circuits in BitVM, enabling the execution of more complex functions directly on the Bitcoin blockchain. The ability to represent circuits so compactly is vital for optimizing space and efficiency, especially considering the limited storage and processing capabilities of the blockchain.
  3. Taproot and Pre-Signed Transactions: BitVM integrates with Taproot leaves to create a tree that covers every step of arbitrary computation. Pre-signed transactions are used to create a challenge-response game that can be executed on-chain.
  4. Arbitrary Computation: Through the combination of NAND gates and the Taproot structure, BitVM can represent and execute any computation, making Bitcoin a more versatile platform for application development.
  5. Off-Chain Infrastructure: Given BitVM's nature of elevating computation logic off-chain, robust off-chain infrastructure is required to support computation and verification.
  6. Zero-Knowledge Proofs (ZKPs): ZKPs are cryptographic proofs that allow one party to prove to another that a statement is true without revealing any information beyond the statement's validity. In the context of BitVM, the successful integration of ZKPs could revolutionize how transactions and contracts are validated. While the direct application of ZKPs to BitVM has not been confirmed yet, if possible, it would open a vast array of opportunities, enabling more efficient and private validations.
  7. Second-Layer Networks (L2s): These are solutions built "on top" of the main blockchain (Layer 1) to increase transaction capacity and reduce transaction times and costs. The potential integration of ZKPs into BitVM could facilitate the creation of L2s on Bitcoin, allowing for faster, more private, and cheaper transactions. This is because, with the efficient validation provided by ZKPs, transactions in a second layer could be aggregated and verified more compactly on the main blockchain.

Use cases: Secure and Verifiable Transactions with BitVM

In a growing digital world, the need for secure and verifiable transactions is crucial. Bitcoin, with its decentralized and immutable nature, offers a robust solution for value transfers. However, its current structure does not allow for chargebacks, which can be problematic in situations where trust between parties is low or nonexistent.

Currently, simplistically, a buyer and a seller would agree on a deal and define all the values and documents that would result from that agreement. All this information would be passed through a system that would transform it into circuits, and the final result would be some hashes and Taproot wallets.

The buyer would deposit the purchase amount, and the seller would deposit insurance in case they fail to meet the requirements. At each step or certified document, it would be submitted to Bitcoin through a transaction to prove that that step was completed on time.

In case of attempted fraud or delay in document delivery by the seller, for example, the total purchase amount plus insurance would be awarded to the buyer as a penalty to the seller.

In the traditional model, we would use an escrow for this critical business. With the use of BitVM, Bitcoin itself could validate and certify that the business occurred correctly so that the funds could only be unlocked until every step was proven as true.

Consider the scenario of buying and selling a vehicle or real estate. Traditionally, fund transfer and the exchange of documents or keys occur almost simultaneously, often with intermediaries, to ensure that both parties fulfil their part of the agreement. However, with Bitcoin, once the transaction is confirmed, there is no way to reverse the funds, even if one of the parties fails to fulfil their part of the agreement.

This is where BitVM comes in. Imagine a smart contract on BitVM where the buyer deposits the value of the vehicle or real estate in Bitcoin. This amount is only released to the seller once all documents or keys are verified and transferred to the buyer. This ensures that both parties fulfil their obligations before the transaction is finalized.

This mechanism could have been extremely useful for platforms like OpenBazaar, a decentralized marketplace that unfortunately had to cease its operations due to a high rate of fraud related to the non-delivery of products. Although OpenBazaar attempted to mitigate these frauds using escrow systems, these intermediaries often charged prohibitive fees or refused to participate in certain agreements.

With BitVM, the need for intermediaries like escrow systems could be eliminated. The smart contract on BitVM would act as an automatic guarantor, ensuring that payment is only released upon confirmation of product or service delivery. This would not only reduce fees associated with intermediaries but also increase trust in transactions, potentially revolutionizing the way we conduct business in a digital environment.

Advantages and Disadvantages:


  1. Expansion of Bitcoin's Capabilities: BitVM allows Bitcoin to go beyond monetary transactions, opening doors to more complex smart contracts and decentralized applications.
  2. No Immediate Need for Upgrade: One of the biggest advantages of BitVM is that it enables this expansion without the need for an immediate fork or significant protocol upgrade in Bitcoin. However, it is widely recognized by the developer community that, while not strictly necessary, an upgrade would be desirable to accelerate progress and optimize the functioning of BitVM.
  3. Enhanced Privacy: With the integration of Taproot, BitVM transactions can appear as regular transactions, improving user privacy at a reduced cost.
  4. Efficiency: Although still in its early stages and far from being a cost-efficient solution, BitVM has the potential to be an efficient on-chain computing solution, especially as optimizations are implemented.
  5. Reduction of Intermediaries: BitVM can eliminate the need for intermediaries like escrows in transactions, reducing costs and increasing efficiency.


  1. Initial Limitations: As a developing system, BitVM has various limitations, such as being a two-party system and the need to create a new Bitcoin transaction for each smart contract interaction.
  2. Transaction Volume and Data Requirements: BitVM implementation, especially in dispute scenarios, may require a large number of transactions to resolve and verify computations. Additionally, building a virtual machine using NAND gates can result in massive data requirements. This implies sharing large volumes of data among participating peers, which can be a challenge in terms of scalability and efficiency.
  3. Computational Complexity: Creating the necessary circuits for BitVM, especially at more advanced levels of computation, requires a significant amount of computational power. This can be a barrier to broader implementations until optimizations are made.
  4. Possibility of Fork: While BitVM can operate without the need for a fork, many developers see a fork, such as BIP119, as desirable to accelerate developments and further optimize the system.
  5. Reuse: Currently, BitVM is unable to reuse its smart contracts, requiring the preprocessing of all requirements to establish a new contract, involving high data transfer volumes as well as the high processing required for off-chain circuit creation.


BitVM, while promising, is still in its early stages of development and presents several technical challenges. In addition to the limitations mentioned, such as the need for large data volumes and the complexity associated with circuit creation, there are other aspects that deserve attention.

One such challenge is the ability to create sidechains. Currently, BitVM does not yet support the creation of sidechains, which are chains parallel to the Bitcoin main blockchain. These sidechains have the potential to increase the scalability and functionality of Bitcoin, enabling faster transactions and the implementation of features not possible on the main blockchain. However, integrating sidechains with BitVM is still a goal to be achieved.

Furthermore, BitVM, in its current form, does not support the creation of altcoins or other cryptocurrencies. This can be seen both as a limitation and as a safeguard. The creation of new coins or tokens, especially those with no intrinsic value or clear purpose, can attract fraudulent schemes and scams. These not only harm investors but can also attract unwanted regulatory attention to Bitcoin. BitVM's inability to create altcoins can therefore be seen as a protective measure against potential threats to the Bitcoin ecosystem.

One notable limitation of BitVM is its "single-use" nature for smart contracts. Unlike platforms like Ethereum, where contracts have persistent addresses that anyone can call at any time, BitVM requires the creation of a new contract for each interaction.

However, it is important to note that as BitVM evolves, new features and capabilities may be added. The developer community and stakeholders will need to address these challenges cautiously, ensuring that any innovation introduced into BitVM does not compromise the security, integrity, and reputation of Bitcoin.


BitVM, with its revolutionary proposal to introduce arbitrary computation capabilities into Bitcoin, represents a significant step in the evolution of the world's most renowned cryptocurrency. By using the NAND logic gate and the potential integration of technologies like Zero-Knowledge Proofs, BitVM aims to expand the functionalities of Bitcoin, allowing it to go beyond simple monetary transactions and enter the realm of smart contracts and decentralized applications.

A practical and relevant use case for BitVM would be secure transactions, such as buying and selling vehicles or real estate. In traditional situations, fund transfers and document exchanges occur almost simultaneously, often with intermediaries to ensure transaction integrity. However, with BitVM, it would be possible to create smart contracts that ensure payment is only released after proper verification and transfer of all necessary documents.

However, like any innovation, BitVM is not without challenges. The inability to reuse smart contracts, the need for large data volumes, the inherent complexity of circuit creation, the current limitation to a two-party system, and the high cost associated with a large number of on-chain transactions are obstacles that developers will need to overcome. Additionally, BitVM does not yet support the creation of sidechains or altcoins, which can be seen as a safeguard against potential threats to the Bitcoin ecosystem.

Although BitVM can operate without the need for a fork, the developer community sees a fork, such as BIP119, as a desirable way to accelerate and optimize developments. The integration of such upgrades may be crucial to overcoming current challenges and unlocking the full potential of BitVM.

In summary, BitVM represents one of the most exciting technical innovations in the Bitcoin space in recent times. While it is in its early stages and comes with significant challenges, the potential it offers to expand Bitcoin's capabilities is undeniable. The global community eagerly awaits future developments, hoping that BitVM can fulfill its promise and further solidify Bitcoin's position as a dominant force in the digital world.

Send sats if you liked.