Sidechain developer StarkWare and Weizmann Institute of Science researchers claim to have created a workaround for multiple Bitcoin script limitations.

According to a recent research paper, the new design claims to allow the deployment of complex smart contracts on Bitcoin in a more capital-efficient manner.

Researchers from Weizmann Institute of Science and StarkWare have reportedly created a workaround for multiple Bitcoin script limitations, aiming to enable the deployment of complex smart contracts on the blockchain in a more capital-efficient manner.

The new system, named ColliderVM, is also claimed to be vastly more efficient from a computing point of view. It may also pave the way for the use of Scalable Transparent Arguments of Knowledge (STARKs) on Bitcoin without requiring consensus-level changes to the network.

The architecture would allow Bitcoin to verify complex offchain computations using minimal onchain data. It is also capable of handling multi-step processes that are executed over multiple transactions.

Each Bitcoin block can contain up to 4 million OPCodes (commands) across all transactions, and a single Bitcoin script can contain up to 1,000 stack elements (data entries).

Furthermore, stateless execution means that each script executes without memory of previous state or intermediate computations from earlier transactions, making complex computations nearly impossible.

The researchers argue that ColliderVM could allow the use of STARKs — a type of zero-knowledge proof — on Bitcoin without requiring consensus-level changes to the network. The architecture would let Bitcoin verify complex offchain computations with minimal onchain data.

ColliderVM: A new system for capital-efficient smart contracts on Bitcoin

Earlier research from 2023 by Robin Linus from Bitcoin research firm ZeroSync explored the possibility of using fraud proofs to enable the efficient execution of complex smart contracts on Bitcoin.

This approach, named BitVM, required operators to front capital for potential corrective actions in case of fraud. In the BitVM system, operators pay an advance to cover potentially fraudulent transactions, recovering the capital after the fraud-proof window closes.

The new system is also more efficient from a computing point of view, compared with previous implementations, but still expensive. Previous implementations used cryptographic one-time signatures (Lamport and Winternitz) that were notably computationally heavy.

ColliderVM draws from the November 2024 ColliderScript paper by researchers from StarkWare, Cloudflare and Bitcoin sidechain developer Blockstream. This system relies on a hash collision-based commitment setting a challenge to produce an input that, when run through a hash function, produces an output with pre-determined features.

This setup requires significantly fewer computing resources from honest operators than from malicious actors.

Computational resources needed by honest and malicious actors depending on collision difficulty. | Source: ColliderVM paper

A hash is a non-reversible mathematical function that can be run on arbitrary data, producing a fixed-length alphanumeric string. Non-reversible means that it is impossible to run the computation in reverse to obtain the original data from a hash. This results in a sort of data ID identifying data to the bit, without containing any underlying data.

This system — somewhat resembling Bitcoin (BTC) mining — requires significantly fewer hash operations compared to BitVM, reducing both script size and processing time. ColliderVM researchers claim to have reduced the number of those operations even further, by at least a factor of 10,000.

The researchers suggest that this implementation is nearly making a STARKs-based Bitcoin sidechain practical. The paper notes that STARKs are a ZK-proof system recognized for their scalability and trustless nature (no trusted setup is needed).

STARKs: A trustless and scalable ZK-proof system

Many early ZK-proof systems required a one-time secure setup that relied on “toxic waste” data. If a party were to keep hold of the toxic waste, it would allow them to forge signatures and generate fraudulent proofs. STARKs do not rely on such a setup, making them trustless.

Traditional implementation of STARK verifiers would require scripts that exceed Bitcoin’s limits. Now, researchers behind ColliderVM argue that their more efficient system approaches make an onchain verification script for STARK-proofs “nearly practical.”

Bitcoin is widely considered the most secure and reliable blockchain, but its critics often point out that its feature set is significantly more limited when compared to many altcoins. Sidechains such as Blockstream’s Liquid exist, but are not trustless.

Director of research at blockchain firm Blockstream and mathematician Andrew Poelstra told Cointelegraph as far back as 2020 that ZK-proof-based systems are “one of the most exciting areas of development” in the cryptography space. Cypherpunk, a developer cited in the Bitcoin white paper and Blockstream founder, explained in a 2014 paper that more work was needed to implement trustless ZK-proof-based sidechains on Bitcoin.

Still, even 10 years later, a system based on ColliderVM would be trust-minimized rather than trustless. This is because users would still need to trust that at least a minimal subset of network participants will act honestly to ensure the correct functioning of the system.

The study’s lead authors include Eli Ben