Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ESSPI: ECDSA/Schnorr Signed Program Input for BitVMX

Sergio Demian Lerner, Martin Jonas, Ariel Futoransky

TL;DR

The paper introduces ESSPI, a method to sign BitVMX program inputs with ECDSA or Schnorr, achieving $1:1$ data expansion and enabling verification of uncompressed inputs such as SPV proofs and STARKs. It embeds signed program inputs in Bitcoin transactions by double-signing the input hash and validating equivalence across a primary and a secondary BitVMX instance, while addressing data availability with two DA schemes (Insertion-Proof SPV-based and Timelock-based). A new Input Check Mode CPU (ICM) accompanies a partitioned execution trace and disagreement-search mechanisms to verify unsigned inputs and detect fraud with minimal on-chain overhead. The envelope-based DA scheme further leverages Taproot and covenants to publish UI data in a tamper-evident, auditable manner, offering a scalable, data-efficient path for BitVMX to handle larger proofs such as STARKs.

Abstract

The BitVM and BitVMX protocols have long relied on inefficient one-time signature (OTS) schemes like Lamport and Winternitz for signing program inputs. These schemes exhibit significant storage overheads, hindering their practical application. This paper introduces ESSPI, an optimized method leveraging ECDSA/Schnorr signatures to sign the BitVMX program input. With Schnorr signatures we achieve an optimal 1:1 data expansion, compared to the current known best ratio of 1:200 based on Winternitz signatures. To accomplish this we introduce 4 innovations to BitVMX: (1) a modification of the BitVMX CPU, adding a challengeable hashing core to it, (2) a new partition-based search to detect fraud during hashing, (3) a new enhanced transaction DAG with added data-carrying transactions with a fraud-verifying smart-contract and (4) a novel timelock-based method for proving data availability to Bitcoin smart contracts. The enhanced BitVMX protocol enables the verification of uncompressed inputs such as SPV proofs, NiPoPoWs, or longer computation integrity proofs, such as STARKs.

ESSPI: ECDSA/Schnorr Signed Program Input for BitVMX

TL;DR

The paper introduces ESSPI, a method to sign BitVMX program inputs with ECDSA or Schnorr, achieving data expansion and enabling verification of uncompressed inputs such as SPV proofs and STARKs. It embeds signed program inputs in Bitcoin transactions by double-signing the input hash and validating equivalence across a primary and a secondary BitVMX instance, while addressing data availability with two DA schemes (Insertion-Proof SPV-based and Timelock-based). A new Input Check Mode CPU (ICM) accompanies a partitioned execution trace and disagreement-search mechanisms to verify unsigned inputs and detect fraud with minimal on-chain overhead. The envelope-based DA scheme further leverages Taproot and covenants to publish UI data in a tamper-evident, auditable manner, offering a scalable, data-efficient path for BitVMX to handle larger proofs such as STARKs.

Abstract

The BitVM and BitVMX protocols have long relied on inefficient one-time signature (OTS) schemes like Lamport and Winternitz for signing program inputs. These schemes exhibit significant storage overheads, hindering their practical application. This paper introduces ESSPI, an optimized method leveraging ECDSA/Schnorr signatures to sign the BitVMX program input. With Schnorr signatures we achieve an optimal 1:1 data expansion, compared to the current known best ratio of 1:200 based on Winternitz signatures. To accomplish this we introduce 4 innovations to BitVMX: (1) a modification of the BitVMX CPU, adding a challengeable hashing core to it, (2) a new partition-based search to detect fraud during hashing, (3) a new enhanced transaction DAG with added data-carrying transactions with a fraud-verifying smart-contract and (4) a novel timelock-based method for proving data availability to Bitcoin smart contracts. The enhanced BitVMX protocol enables the verification of uncompressed inputs such as SPV proofs, NiPoPoWs, or longer computation integrity proofs, such as STARKs.

Paper Structure

This paper contains 20 sections, 8 equations, 10 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Overview of BitVMX
  3. BitVMX Program Input
  4. Signed Data Availability on Bitcoin
  5. Proving Data Availability to BitVMX
  6. Inclusion-Proof DA
  7. Timelock-based DA
  8. BitVMX for OT-Signed Program Input Hash
  9. The ICM CPU Mode
  10. Execution Trace Sections
  11. Disagreement Search Protocol
  12. Partition Search
  13. Using Enveloping for the Timelock-based DA Scheme
  14. The DA-DAG
  15. Invalid Transaction $C^A$
  16. ...and 5 more sections

Figures (10)

  • Figure 1: The method (a) to authenticate the program input used in the current version of the BitVMX protocol requires long Winternitz public keys and publishes an encoded version of the full program input along the signature resulting in long transaction witnesses. The improved method (b) authenticates the input using a hash digest but does not prove the program input data availability because it doesn't publish the program input inside the witness, only its short digest.
  • Figure 2: Simple Scheme to force publication of Data in Bitcoin
  • Figure 3: A difficult task: The Punishment transaction $P^B_R$ cannot be pre-created because it depends on the transaction ID of $C^A$
  • Figure 4: The part of the transaction DAG of a BitVMX kick-off that accepts ECDSA-signed UI embedded in the Program Input
  • Figure 5: The User Input is embedded in the Program Input, which is memory mapped by a 32-bit BitVMX CPU.
  • ...and 5 more figures

Theorems & Definitions (1)

  • Example 4.1