BitVM on MW (stupid char lim)

This article [1] suggests that you can do arbitrary computation on Mimblewimble chains. Perhaps that could allow things like opening a payment channel between 2 parties that each fund it with 1 Grin and then they play a game of chess in which the winner nets 2 Grin.

[1] [bitcoin-dev] BitVM: Compute Anything on Bitcoin

7 Likes

Amazing, Chess was my idea too for crypto years ago :slight_smile:
I am enjoying Chess.com for now for free :slight_smile:

It’s not exactly minimal or simple, which doesn’t feel right for Grin. But maybe it doesn’t matter since complexity can exist on these external systems?

This wouldn’t affect the consensus rules of Grin. While we want Grin itself to remain simple, that doesn’t apply to things we build on top and whose use is optional.

For instance, if some zero knowledge proof system can be used to instantly verify the tx history up to some horizon, then that would be a great benefit for people who trust it enough to enjoy near-instant syncing from scratch. The complexity of the ZK proof system is of no concern to other users of Grin who choose not to use it.

1 Like

I don’t understand BitVM yet, but I have asked this question here https://twitter.com/phyrooo/status/1713964738403611025

does this mean Scriptless Script BitVM can be used on Mimblewimble that uses Schnorr sigs?

Yes, I think that’s what it means.

Sounds like an interesting direction for Scriptless Scripts. It would be great if everything, including payment channels, would look indistinguishable. We already require interactivity so picking a script to execute only adds more rounds. Still not familiar with the BitVM though. Can this express timelocks and be an alternative to NRD kernels?

No; it cannot express timelocks; only pure combinational circuits.

1 Like

Too bad. I was hoping it’d be possible to express a sequential PoW requirement from a certain block forward and the user could then use a week of (block hashes + nonces) as inputs or something similar. Now I’m wondering if there’s a way to leave 256 “free” bits which serve as nonce bits for PoW that could be later on revealed and the computation would check that the PoW with that nonce has a difficulty below a certain target. Need to dive into how it works and stop guessing…

I’m sharing a gist which describes another schnorr related idea that was shared on BitVM telegram group: schnorr-bit-commitment.md · GitHub