Warning
DO NOT USE IN PRODUCTION!
The official implementation of BitVM2, running a SNARK verifier.
The code follows the implementation of Arkworks
The repository contains the implementation of a groth16 SNARK verifier that is executable via the optimistic BitVM paradigm on Bitcoin without any soft forks.
It is designed to be modular, allowing developers to reuse bitcoin scripts for u32 data types, hashes and curve operations.
BitVM is composed of several components. Below is a list of the components and their purpose.
-
u32Operations: Basic arithmetic operations ofu32for hash functions, includingadd,sub,or,xor,rotation,shift. -
u4Operations:u4version arithmetic operations, providing a more efficient way to construct hashes. -
Hash Functions: Two types of hash functions:
SHA256: comparing block headers and measuring Bitcoin difficulty.BLAKE3: compressing intermediate states in the chunker.
-
Big Integer: Variable-length big integer operations, including of
add,sub,mul,div,inverseand other operations. -
BN254: Point expression of BN254 elliptic curves and operations based on BN254, including addition, multiplication, pairing. The pairing part is related to the "Algorithm 9" in the paper "On Proving Pairings"
-
Groth16: Groth16 uses BN254 to verify proof, the script is currently around 1 GB. Some hints are precomputed in this part, which is related to the paper "On Proving Pairings".
-
Chunker: Splits Groth16 into chunks. These chunks make sure two principles:
- Any chunks shouldn't be success with a right proof.
- There are always some successful chunks with a wrong proof.
-
Signatures: Bit commitment using Winternitz signature.
-
Bridge: Definitions for the context (roles), connectors, Bitcoin transaction construction, Bitcoin client wrapper, etc.
If you are looking for the deprectated BitVM1 implementation, please check out BitVM1.