Framework

BitEVM: Secure Verification with Provable Honesty

This section dives into the verification workflow within BitEVM, emphasizing the role of independent verifiers who oversee the process without directly participating in validation.

Step 1: Local Verification by the Prover

The verification process begins with the Prover acquiring the L2 block for verification from the BitEVM sequencer. The Prover then generates a Zero-Knowledge (ZK) proof for the block and attempts to validate it locally. However, to prevent collusion between the Prover and sequencer, successful local validation alone is insufficient for public acceptance.

Step 2: Public Verification through Script Construction

To achieve verifiable computation on the Bitcoin mainnet, the Prover needs to engage in a public ZK proof verification process. Here, the Prover transmits the hash values for all "wires" (data points) within the circuit used for ZK proof verification to the Verifier.

Step 3: Verifier Creates Time-Locked Contracts

Based on the received hash values, the Verifier constructs two critical smart contracts (implemented as Taproot scripts) on the Bitcoin blockchain:

• Bit Commitment Taproot: This contract verifies the Prover's commitment to performing ZK proof verification in its entirety.

• Verification Taproot: This contract allows the Verifier to confirm the correctness of the execution process followed by the Prover.

Step 4: Prover Reveals Execution Details

The Prover subsequently reveals the pre-images (original values) corresponding to the previously sent hash values. Essentially, this discloses the details of the ZK proof verification process. The Prover then utilizes these pre-images to fulfill the Bit Commitment Taproot contract.

Step 5: Verifier Validates Execution Trace

The Verifier meticulously analyzes the publicly revealed execution trace provided by the Prover. If any inconsistencies are detected, the Verifier has the ability to trigger the Verification Taproot contract.

Step 6: Time-Lock Expires - Funds Returned

After a predetermined period (represented by the time lock), any unspent Bit Commitment Taproots or Verification Taproots are automatically unlocked, becoming available for spending.

Step 7: Third-Party Monitoring by Verifiers

Independent verifiers, typically acting as regular users on the network, monitor the spending activity of both the Bit Commitment Taproot and Verification Taproot. By analyzing spending patterns observed on the Bitcoin blockchain, they can independently assess the Prover's behavior and identify potential malicious actions. (Details on how third-party verifiers make these judgments are explained in a separate section).

Ensuring Timely Execution with Time Locks

The time locks embedded within the contracts serve two critical purposes:

1. Preventing Prover Delay: The Bit Commitment Taproot incorporates a time lock. If the Prover fails to reveal the pre-images (raw data) within the designated timeframe, the time lock empowers the Verifier to trigger the Bit Commitment Taproot contract, effectively penalizing the Prover for sluggishness. This discourages the Prover from intentionally delaying the release of data.

2. Preventing Permanent Locking: Similarly, the Verification Taproot also includes a time lock. If no discrepancies are found with the Prover's execution, and the time lock expires, it's assumed that the execution is valid. At this point, the Prover can fulfill the Verification Taproot contract, reclaiming the locked funds. This prevents the Verifier from permanently locking the funds within the Bitcoin network.

In essence, BitEVM leverages a robust combination of ZK proofs, time-locked contracts, and independent third-party monitoring to achieve secure and verifiable computation on its Layer 2 network.