Stateful computation on Bitcoin mainnet without Fraud Proofs has been achieved internally with ColliderVM .
It's a toy implementation to demonstrate the concepts.
We can already do covenants on Bitcoin, now we are simply negotiating the price 😘
What are the interesting properties that ColliderVM could bring on the table:
- Capital efficient: no fraud proof windows
- 1-of-n security model for safety and liveness
- No protocol upgrades / soft fork required
- Immediate settlement without challenges
The problem: Bitcoin's scripting language is intentionally limited, making stateful computation challenging.
In particular:
- No native statefulness: Bitcoin Script lacks loops, has size restrictions, and can't persist data across transactions
- Capital inefficiency: Existing solutions like BitVM2 require operators to lock capital during fraud proof windows
- Trust assumptions: Current approaches often require trusted setups or weaker security models
In short, what you need to achieve stateful computation on Bitcoin is really those 2 properties:
- Logic persistence (the code of the program / computation must remain consistent across transactions)
- Data persistence (otherwise you are vulnerable to the inconsistent input problem)
ColliderVM is an attempt to overcome those challenges in a different manner than BitVM. But before going deeper, let's be clear on the current status of ColliderVM:
ColliderVM is currently a research project and should not be used in production environments. The protocol is in active development and exploration phase.
While the theoretical foundations are promising, it remains unclear whether ColliderVM will prove practical for meaningful real-world use cases. Significant research and development work is still required to determine its viability.
Ok, now that this important disclaimer is done, let's explore more the context of this demo on mainnet.
In short, ColliderVM combines presigned transactions with hash collision puzzles to enable stateful computation without fraud proofs.
- Presigned flows: Create 2^L parallel transaction flows during offline setup phase, each corresponding to a unique flow identifier.
- Hash Collision Puzzle: Operators find nonce r such that H(x,r)|_B matches a flow ID, ensuring input consistency across transactions.
- Immediate Settlement: No fraud proof windows or capital lock-up.
So, what did we do for this Mainnet demo ?
Real Bitcoin transactions demonstrating a ColliderVM's two-step range check computation: verifying that 100 < x < 200 across separate onchain transactions.
The range check computation was split in 2 functions (F1: x > 100, F2: x < 200). The onchain hash function used is blake3 (BitVM implementation).
Here is the transaction flow of the demo:
- Funding transaction: Initial funding transaction that provides the UTXO for the ColliderVM computation sequence.(
The Mempool Open Source Project®
Explore the full Bitcoin ecosystem with The Mempool Open Source Project®. See the real-time status of your transactions, get network info, and more.
- F1 transaction: validates that the input value (114) is greater than the lower bound (100) (
The Mempool Open Source Project®
Explore the full Bitcoin ecosystem with The Mempool Open Source Project®. See the real-time status of your transactions, get network info, and more.
- F2 transaction: validates that the input value (114) is less than the upper bound (200). Larger due to hash collision verification. (
The Mempool Open Source Project®
Explore the full Bitcoin ecosystem with The Mempool Open Source Project®. See the real-time status of your transactions, get network info, and more.
- Spending transaction: Final transaction that releases the funds after successful verification of the range check computation. (
The Mempool Open Source Project®
Explore the full Bitcoin ecosystem with The Mempool Open Source Project®. See the real-time status of your transactions, get network info, and more.
ColliderVM parameters used for the demo (very low security):
- L: 4 bits, set size of 16 possible flows
- B: 16 bits, hash prefix length for collision puzzle
- Security gap: 6 bits (B - L/2 = 16 - 2 = 14 vs honest 12 bits)
Total transaction fees: 172,126 sats (~$179 at demo time).
~136 kB of total onchain data.
ColliderVM toy code:
GitHub
GitHub - ColliderVM/collidervm_toy: ColliderVM: Stateful Computation on Bitcoin without Fraud Proofs
ColliderVM: Stateful Computation on Bitcoin without Fraud Proofs - ColliderVM/collidervm_toy
ColliderVM paper:
IACR Cryptology ePrint Archive
ColliderVM: Stateful Computation on Bitcoin without Fraud Proofs
Bitcoin script cannot easily access and store state information onchain without an upgrade such as BIP-347 (OP_CAT); this makes performing general ...
