Produced by: CGV Research
Author: Cynic
Bitcoin, as the first successful decentralized digital currency, has been the core of the digital currency field since its advent in 2009. As an innovative payment method and store of value, Bitcoin has triggered widespread attention around the world in cryptocurrency and blockchain technology. However, as the Bitcoin ecosystem continues to mature and expand, it also faces a variety of challenges, including transaction speed, scalability, security, and regulatory issues.
Recently, the inscription ecology led by BRC20 has taken the lead in detonating the market. Many inscriptions have achieved over 100-fold growth. Transactions on the Bitcoin chain are severely congested, with the average gas up to more than 300sat/vB. At the same time, the airdrop of Nostr Assets further attracted market attention. Protocol design white papers such as BitVM and BitStream were proposed. The Bitcoin ecosystem is in the ascendant and has potential to explode.
The CGV research team comprehensively takes stock of the current status of the Bitcoin ecosystem, covering technological progress, market dynamics, laws and regulations, etc., conducts in-depth analysis of Bitcoin technology, and examines market trends. We hope to provide a panoramic perspective on the development of Bitcoin. The article first reviews the basic principles and development history of Bitcoin, and then deeply discusses the technological innovations of the Bitcoin network, such as Lightning Network, Segregated Witness, etc., and also predicts its future development trends.
Asset Issuance: Starting from Colored Coins
The essence of Inscription Fire is that it provides ordinary people with the right to issue assets with a low threshold, while enjoying simplicity, fairness and convenience. The inscription protocol on Bitcoin was born in 2023, but as early as 2012, there was an idea of using Bitcoin to achieve asset issuance, called Colored Coin.
Colored coins: early attempts
Colored coins refer to a group of similar technologies that use the Bitcoin system to record the creation, ownership and transfer of assets other than Bitcoin. They can be used to track digital assets as well as tangible assets held by third parties and conduct ownership transactions through colored coins. The so-called dyeing refers to adding specific information to Bitcoin UTXO to distinguish it from other Bitcoin UTXO, thus bringing heterogeneity between homogeneous Bitcoins. Through colored coin technology, the assets issued have many of the same characteristics as Bitcoin, including prevention of double spending, privacy, security, transparency and censorship resistance, ensuring the reliability of transactions.
It is worth noting that the protocol defined by colored coins will not be implemented by general Bitcoin software, so specific software is required to identify transactions related to colored coins. Obviously, dyed coins only have value among groups that agree with the dyed currency protocol. Otherwise, heterogeneous dyed coins will lose their coloring properties and fall back to pure satoshi. On the one hand, the dyed currency recognized by the small-scale community can take advantage of the many advantages of Bitcoin for asset issuance and circulation; on the other hand, it is almost impossible for the dyed currency protocol to merge into the Bitcoin-Core software with the largest consensus through a soft fork. possible.
Open Assets
At the end of 2013, Flavien Charlon proposed the Open Assets Protocol as an implementation of colored coins. Asset issuers use asymmetric cryptography to calculate asset IDs to ensure that only users holding the asset ID private key can issue the same assets. For the metadata of the asset, the OP_RETURN operation code is used to store it in the script, and the metadata is called marker output. The coloring information is stored without polluting the UTXO. Due to the use of Bitcoin's public and private key cryptography tools, asset issuance can be carried out by multi-signature.
EPOBC
In 2014, ChromaWay proposed the EPOBC (enhanced, padded, order-based coloring) protocol. The protocol contains two types of operations, genesis and transfer. genesis is used for the issuance of assets, and transfer is used for the transfer of assets. The types of assets cannot be distinguished by coding. Each genesis transaction will issue a new asset, and the total amount will be determined at the time of issuance. EPOBC assets must be transferred through a transfer operation. If EPOBC assets are used as input for non-transfer operation transactions, the assets will be lost.
Additional information about the EPOBC asset is stored through the nSequence field in the Bitcoin transaction. nSequence is a reserved field in Bitcoin transactions, consisting of 32 bits. The lowest six bits are used to determine the transaction type, and the lower 6-12 bits are used to determine padding (used to meet the anti-dust attack requirements of the Bitcoin protocol). The advantage of using nSequence to store metadata information is that it does not add additional storage. Since there is no asset ID for identification, the transaction of each EPOBC asset must be traced back to the genesis transaction to determine its category and legality.
Mastercoin/Omni Layer
Compared with the above-mentioned agreement, Mastercoin’s commercial implementation is more successful. In 2013, Mastercoin conducted the first ICO in history, raising 5,000 BTC and opening a new era. USDT, as it is now known, was originally issued on Bitcoin through Omni Layer.
Mastercoin is less dependent on Bitcoin and chooses more to maintain state off-chain, saving only minimal information on the chain. It can be thought that Mastercoin treats Bitcoin as a decentralized log system, publishing asset changes through any Bitcoin transaction. The verification of transaction validity is carried out by continuously scanning Bitcoin blocks and maintaining an off-chain asset database. This database saves the mapping relationship between addresses and assets, and the addresses reuse the Bitcoin address system.
Early dyed coins basically used the OP_RETURN operation code of scripts to store metadata about assets. After the upgrade of SegWit and Taproot, the new derivative protocol has more options.
SegWit is the abbreviation of Segregated Witness. Simply put, it separates Witness (the input scipt in the transaction) from the transaction. The main reason for separation is to prevent nodes from attacking by modifying the input script, but it also has a side benefit, which is to increase the capacity of the block in disguise and store more witness data.
An important feature of Taproot is MAST, which allows developers to use Merkle Tree to include metadata of any asset in the output, use Schnorr signatures to improve indirectness and scalability, and enable multi-hop transactions through the Lightning Network.
Ordinals&BRC20 and imitation disks: a grand social experiment
From a broad perspective, Ordinals consists of four components:
l A BIP to sequence sats
l An indexer that uses Bitcoin Core Node to track the location (serial number) of all satoshis
l A wallet for ordinal related transactions
l A block explorer to identify ordinal related transactions
Of course, the core is still BIP/protocol.
By defining a sorting scheme (starting from 0 according to the order in which it is mined), Ordinals assigns a serial number to the smallest unit Satoshi in Bitcoin, giving the originally homogeneous Satoshi a heterogeneous attribute and bringing scarcity.
You can reuse BTC's infrastructure, such as single signature, multi-money, time lock, height lock, etc., and there is no need to explicitly create ordinal numbers. It has good anonymity and no explicit on-chain footprint. The disadvantages are equally obvious. A large number of small and unused UTXOs will increase the size of the UTXO collection. In a more serious way, it can be called a dust attack. In addition, the index takes up a lot of space and needs to be provided every time a specific sat is spent
l Blockchain header
l The Merkle path to the coinbase transaction that created the sat
l Create a coinbase transaction for the sat
To prove that a specific sat is included in a specific output.
Inscription is to engrave any content on sats. The specific method is to put the content into taproot script-path spend scripts and completely upload it to the chain. The inscribed content is serialized according to the http response format and put into unexecutable scripts of spend scripts by OP_PUSH, called "envelopes" envelopes. Specifically, engraving is to add OP_FALSE before the conditional statement, and put the inscribed content into the inaccessible conditional statement in json format. The size of the inscribed content is limited by the taproot script and cannot exceed 520 bytes in total.
Since the taproot payment script requires the existing taproot output to be used, the inscription requires a commit&reveal two-step operation to complete. The first step is to create a taproot output that promises the inscription content; the second step is to use the inscription content and the corresponding Merkle Path to spend the taproot output of the previous step to reveal the inscription content on the chain.
The original purpose of Inscription was to introduce non-fungible tokens NFT to BTC. However, new developers imitated ERC20 and created BRC20 on its basis, bringing Ordinals the ability to issue fungible assets. BRC20 has Deploy, Mint, Transfer and other operations, but each operation requires commit&reveal two-step execution, making the transaction process more cumbersome and costly.
Example using real data:
The selected part is the inscribed content, and the result after deserialization is as follows:
ARC20 derived from the Atomics protocol is designed to reduce the complexity of transactions, bind each unit of ARC20 tokens to satoshi, and reuse the Bitcoin transaction system. After issuing assets through the two steps of commit&reveal, the transfer between ARC20 tokens can be completed directly by transferring the corresponding satoshi. The design of ARC20 may be more in line with the literal definition of a dyed coin, adding new content to the original token to make it a new token. The value of the new token will not be lower than the original token, similar to gold and silver. jewelry.
Client Validation and Next Generation Asset Protocol
Client-side validation (CSV) is a concept proposed by Peter Todd in 2017, along with the concept of single-use-seals. Simply put, the CSV mechanism is off-chain data storage, on-chain commitment, and client verification. The ideas are also partially reflected in the previous asset agreement. The asset protocols currently verified by the client include RGB and Taproot Assets (Taro).
RGB
In addition to the features of client verification, RGB uses Perdersen hash as the commitment mechanism and also supports output blinding. When sending a payment request, there is no need to disclose the UTXO of the received token, but instead send a hash value, providing stronger privacy. Sex and censorship resistance. Of course, when the token is spent, the blinded secret value needs to be disclosed to the recipient so that they can verify the transaction history.
Additionally, RGB adds AluVM for greater programmability. When users perform client verification, in addition to verifying the payment information sent, they also need to receive all the transaction history of the token from the payer, going all the way back to the genesis transaction of the asset issuance, to ensure the finality of the transaction. Only by verifying all transaction history can the validity of the assets received be guaranteed.
Taproot Assets
Taproot Assets is another project developed by Lightning Labs, the development team of Lightning Network. The issued assets can be transferred instantly, in large quantities and at low cost on the Lightning Network. Taproot Asset is designed entirely around the Taproot protocol, improving privacy/expansibility.
The witness data is stored under the chain and verified on the chain. The off-chain storage can be stored locally or in an information warehouse (called "Universes", similar to a git warehouse). Verification of witnesses requires all historical data from the issuance of the asset, which is propagated through the Taproot Assets gossip layer. Clients can cross-validate with a local copy of the blockchain.
Taproot Assets uses Sparse Merkle Sum Tree to store the global status of assets. The storage overhead is high, but the verification efficiency is high. Transactions can be verified through proof of inclusion/non-inclusion without the need to trace back the transaction history of the asset.
Scaling: Bitcoin’s eternal proposition
Although Bitcoin has the highest market value, the highest security and the highest stability, it is getting further and further away from the original vision of "a peer-to-peer electronic cash system". Due to the limited capacity of the block, transaction TPS, fees and confirmation time, Bitcoin cannot handle large and frequent transactions. For more than ten years, various protocols have tried to solve this problem.
Payment Channels and the Lightning Network: The Bitcoin Fundamentalist Solution
The Lightning Network works by establishing payment channels. Payment channels can be established between any two users, and payment channels can be connected to each other to form a more connected payment channel network. Two users who do not directly have channels can also make payments through multiple jumps.
For example, if Alice and Bob want to make multiple transactions, without each transaction being recorded on the Bitcoin blockchain, they can open a payment channel between them. They can conduct an unlimited number of transactions in this channel, and the entire process only needs to be recorded twice on the blockchain: once when the channel is opened, and once when it is closed. This greatly reduces the time waiting for blockchain confirmation and also reduces the burden on the blockchain.
Currently, there are over 14,000 Lightning Network nodes, the number of channels exceeds 60,000, and the total capacity in the network exceeds 5,000 BTC.
Sidechains: The Ethereum Route into Bitcoin
Stacks
Stacks positions itself as the smart contract layer of Bitcoin and uses its own tokens as Gas tokens. Stacks uses a micro-block mechanism. Bitcoin and Stacks develop in a synchronized manner, and their blocks are confirmed at the same time. In Stacks, this is called an "anchor block". The entire Stacks transaction block corresponds to a single Bitcoin transaction, enabling higher transaction throughput. Since blocks are produced simultaneously, Bitcoin acts as a rate limiter for the creation of Stacks blocks, thus protecting its peer-to-peer network from denial-of-service attacks.
Stacks achieves consensus through the double helix mechanism of PoX. Miners send BTC to STX stakers to compete for block production qualifications. Miners who successfully win the block production qualifications can receive STX rewards after successfully completing the block production. In this process, STX pledgers can obtain the BTC sent by the miners in proportion. Stacks hopes to incentivize miners to maintain historical ledgers by issuing native tokens, but in fact incentives can be achieved without native tokens (see RSK).
For transaction data in the Stacks blockchain, the hash of the transaction data is saved to the Bitcoin transaction script through the OP_RETURN bytecode. The Stacks node can read the Stacks transaction data hash stored in Bitcoin through Clarity’s built-in function. .
Stacks can almost be regarded as a Layer 2 chain of Bitcoin. However, there are still some flaws in the entry and exit of assets. After the Nakamoto upgrade, Stacks supports sending Bitcoin transactions to complete the transfer of assets. However, the complexity of the transaction makes it impossible to verify on the Bitcoin chain, and verification of asset transfers can only be done through a multi-signature committee.
RSK
RSK uses the Merge-Mine algorithm. Bitcoin miners can help RSK generate blocks at almost no cost and obtain additional rewards. There is no native token in RSK, and BTC (RBTC) is still used as the Gas Token. RSK has its own execution engine, which is EVM compatible.
Liquid
Liquid is a consortium side chain of Bitcoin. Node access is permissioned, and fifteen members are responsible for producing blocks. The asset adopts the lock&mint method. By sending the asset to Liquid's multi-signature address on BTC, the asset crosses into the Liquid side chain; when crossing out, just send L-BTC to the multi-signature address on the Liquid chain. The security of multi-signature addresses is 11/15.
Liquid focuses on financial applications and provides developers with SDKs related to financial services. The current Liquid network TVL is approximately 3,000 BTC.
Nostr Assets: Further strengthening of centralization
The original project of Nostr Assets was called NostrSwap, which was a BRC20 trading platform. 2023-08-03, upgraded to Nostr Assets Protocol, supporting all asset transfers in the Nostr ecosystem, and the settlement and security of assets are handled by Lightning Network.
Nostr Assets allows Nostr users to use Nostr public and private keys to send and receive Lightning Network assets. Except for deposit and withdrawl, transactions on the Nostr Assets protocol are 0 gas and encrypted. Transaction details are saved on the Nostr Protocol relay and performed using IPFS. Fast and efficient access, while supporting natural language interaction without the need for complex pages.
Nostr Assets provides users with a simple and convenient method of asset transfer and transaction. Combined with the traffic effect of the Nostr social protocol, there may be great application scenarios in the future. However, essentially it is just a way to control (escrow) a wallet using Nostr messages. Users deposit assets into Nostr Assets' Relay by transferring money in the Lightning Network, which is equivalent to depositing assets into a centralized exchange. When users want to transfer and trade assets in Nostr Assets, a message signed with the Nostr key pair is sent to the server. After verification, the server only needs to record it on the internal ledger and does not need to be on the Lightning Network. Or the mainnet is actually executed, so it can achieve zero Gas and high TPS.
BitVM: Programmability and infinite scalability
"Any computable function can be verified on Bitcoin"
——Robin Linus, creator of BitVM
BitVM was proposed by ZeroSync founder Robin Linus. It uses Bitcoin's existing OP Code (OP_BOOLEAN, OP_NOT) to form a NAND gate circuit, decomposes the program into a combination of original NAND gate circuits, and puts the spend script root of the complex program into Taproot transactions. , on-chain storage at a lower cost. According to computing theory, all computing logic can be constructed using NAND gate circuits, so theoretically BitVM can achieve Turing completeness in Bitcoin and perform all calculations, but in practice there are still many limitations.
BitVM still adopts the P2P operating mode, drawing on the idea of OP Rollup. There are two roles, prover and verifier. Each time prover and verifier jointly construct a transaction, deposit the deposit, prover gives the result, and verifier calculates a different result As a result, a fraud proof is submitted to the chain to confiscate the prover's funds.
"The real killer app is scaling Bitcoin. [Robin Linus isn't] a big fan of smart contracts. He's not a big fan of increasing Bitcoin's expressivity. He really is interested in making it so that Bitcoin can process millions of transactions per second .”
—— Super Testnet, BitVM developer
BitVM provides better programmability, but how does it relate to expansion? In fact, BitVM has been serving the expansion of off-chain computing and on-chain verification from the beginning. The clues can be seen from the naming of prover and verifier.
The best use case for BitVM is actually trust-minimized bridge and ZKP expansion (ZK Rollup). The proposal of BitVM is actually a helpless move. If you want to gain support in the Bitcoin community, it is too difficult to increase OP_CODE through proposals, so you can only resort to the next best thing and use the existing OP_CODE to implement new functions.
BitVM proposes a new paradigm for capacity expansion, but there are many challenges in reality.
• Too early: EVM has a complete set of VM architecture, but BitVM has only one function that can verify whether a string is 0 or 1.
• Storage overhead: Building a program with NAND gates requires perhaps hundreds of MB of data, billions of taptree leaves
• P2P: Currently, it is still two-party interaction. The prover-challenger architecture has incentive problems. It is considering extending to 1-N or NN, like the ideal OP Rollup (single honesty assumption)
Conclusion
From the review of the full text, it is not difficult to see that due to the limitations of the mainnet's processing power and the lack of computing power, if Bitcoin wants to cultivate a more prosperous and diverse ecosystem, it must transfer computing off-chain.
On the one hand, the client verification scheme of off-chain computing and off-chain verification uses certain fields in Bitcoin transactions to store key information, treats the Bitcoin mainnet as a distributed log system, and uses its censorship resistance and reliability Ensuring the availability of critical data is similar to a sovereign rollup in a sense. This solution does not need to modify the protocol layer of Bitcoin, and you can freely build the protocol you need. It is more feasible at present, but it cannot fully inherit the security of Bitcoin.
On the other hand, there are also people who are promoting the work of on-chain verification, trying to use existing tools to achieve arbitrary calculations on Bitcoin, and then using zero-knowledge proof technology to achieve efficient expansion. However, the current solution is still very early, the calculation cost is too high, and it is not expected to be implemented in the short term.
Of course, some people will ask, since all blockchains headed by Ethereum have high-speed computing capabilities, why not turn to Ethereum, but must do things all over again on Bitcoin?
Because It's Bitcoin.
Because this is Bitcoin.
Reference documentation:
https://wizardforcel.gitbooks.io/masterbitcoin2cn/content/appdx8.html
https://github.com/chromaway/ngcccbase/wiki/EPOBC_simple
https://github.com/OpenAssets/open-assets-protocol/blob/master/specification.mediawiki
https://twitter.com/robin_linus/status/1723472140270174528
https://github.com/fiksn/bitvm-explained
https://twitter.com/AurtrianAjian/status/1723919714798178505
