Getting Started with Blockchain | Opening the "Three Locks" for Bitcoin Smart Contracts

With the introduction of new instructions and algorithms, the multi-signing feature of Bitcoin is becoming more powerful. Multi-signing refers not only to multiple people signing together, but also to keep a bitcoin asset; it can also be multiple conditions "co-signing" to lock and unlock bitcoin through these conditions.

Using conditions to determine the use of assets is actually the function of the contract. When this contract can be expressed by code and executed automatically without trust, we call it a smart contract. So former Bitcoin core executive maintainer Gavin Andresen said: Bitcoin's multi-signing feature can already complete most of the useful features of Ethereum.

So how does Bitcoin implement smart contracts? What is the difference between Bitcoin and Ethereum's smart contracts? We interviewed Wang Yuanming, a technical writer with a deep understanding of blockchain and smart contracts. He used to be Sina Weibo architect and head of the QingCloud container platform. He is currently the chief architect of a public chain project. The initiator of the BFTF Blockchain Technology Alliance.

Smart contract

1. Does Bitcoin need a smart contract?

Q: Does Bitcoin need a smart contract?

A: Need. Smart contracts bring logical scalability to the Bitcoin system, adding new features to the system without changing the existing infrastructure and infrastructure, thereby enhancing the system's capabilities. Scalability is not just about TPS, capacity, and storage.

Another role of a smart contract is that it enables a binding contract function. It is an agreement that defines the rights and obligations of all parties, is merely digital, and its enforcement mechanism does not depend on the existing legal system.

Q: Why does Bitcoin need a contract function as a cryptocurrency? Is it not ok to trade simple?

A: There is no so-called simple transaction. Why are you transferring money to me? Whether it's shopping, or payroll or other, it's actually dependent on a contract. In real life, the execution of this contract depends on the judicial system. One party defaults and the other party can sue. There is no way to complete any transaction, only money, without the constraints of the judicial system.

So how do you build the binding force of such a contract in the global cryptocurrency world? Rely on smart contracts. Smart contracts express and enforce rules/laws through code, and build a binding system with code.

Q: Does Bitcoin need DeFi?

A: Broadly speaking, all cryptocurrencies belong to the DeFi application area, because the first step in DeFi is to have currency. With the currency, you can define how to exchange with other assets or currencies around the currency, how to borrow, etc. The finance of the cryptocurrency relative to the legal currency system is still relatively early, and the road to exploration is still very long.

Second, how to achieve smart contract with Bitcoin

Q: Why is the Bitcoin system supporting smart contracts?

A: The contract is when I make a deal with you, it can guarantee that the deal is reached, that is, it can express certain conditions, and I will pay you when the conditions are met. If you can express this condition, you can think of it as a smart contract expression. Bitcoin scripts have the ability to express smart contracts, and can interpret Bitcoin scripts as a smart contract.

So why does Bitcoin use a script instead of fixing the functionality on the chain? Because if it is solidified in the chain, when the user/developer needs a certain function, it needs the Bitcoin development team to implement it, then release it, and then push the entire chain to upgrade, but the blockchain upgrade is a complicated matter. Fortunately, it will be forked.

So Bitcoin only provides some of the most basic materials, which is equivalent to providing you with flour, but how to make it for yourself, you can use these materials to combine new things according to your own scene, without relying on the main chain. upgrade. This is what I said earlier, through smart contracts to achieve logical scalability. The future is uncertain, and smart contracts can be seen as a strategy for dealing with uncertainty.

Above is the bitcoin system's own support for smart contracts, which is implemented through scripts; there is another way to support/implement smart contracts, which is the way to implement smart contracts on the sidechains through the sidechain of the Bitcoin system. Similar to the Ethereum.

Q: How does the Bitcoin system implement smart contracts through scripts?

A: The smart contract on Ethereum is clearly expressed in code. Under what conditions, A, B, etc., the smart contract on Bitcoin is not as straightforward as Ethereum.

All smart contracts on Bitcoin are converted into a locking and unlocking mechanism, that is, in the script, the asset is locked by "key" or "hash condition", plus a "time lock". (TimeLock). Both the Lightning Network and the Arwen protocol are such mechanisms, and the Schnoor signatures that Bitcoin will introduce are also designed to better express this mechanism.

Therefore, the core of implementing Bitcoin smart contracts is how to lock and unlock assets.

If all the conditions in the contract can be converted into keys, hash conditions, time locks to lock and unlock, then the contract can be implemented with the Bitcoin system. I refer to these three as signature lock, hash lock, time lock, bitcoin smart contract basically using this "three locks" to achieve.

For example, if you buy a music from me, this music is accessed by password, then in the transaction contract, I change the access code of the music into one of the keys. If you want to reach a deal, the key must let you know; and once you Know that (you get the music), the money will be paid to me.

Q: What is the difference between a hash condition and a key?

A: You can understand it as a thing, and their role is the same. The hash condition is that I know a value and get a hash result after hashing the value. Then in the contract, it is to set a condition, who can get this hash result when writing a transaction, who is the money. As long as I have this value, there is a hash result, which can also be understood as having a key.

Q: In short, can you think that Bitcoin's smart contract is achieved by multi-signing plus time lock?

A: Yes, I have previously talked about implementing smart contracts with keys, hash conditions, and time locks. The hash condition can also be treated as a key in a multi-signature; the time lock is a condition about the height of the block.

Q: What is the importance of time locks in implementing smart contracts?

A: Time locks are very important. If there is no time constraint, many protocols cannot be implemented. It is precisely because of the hash condition and time lock that the lightning network can run.

For example, the lightning network, we two people jointly pay, freeze the money into a co-managed account, and then pay each other under the chain, when the party is going to settle, what if the party does not cooperate? Suppose we quarreled, you don't want your money, but I can't get my money. With the time lock, I have to deal with it. I set a timeout. After the timeout, the money is mine. I can take it away.

Third, the difference between Bitcoin and Ethereum smart contracts

Q: Corresponding to Bitcoin using a script to implement smart contracts, what is Ethereum used to implement smart contracts?

A: Ethereum has a smart contract language. In fact, Bitcoin script can also be understood as a language, but it is relatively simple; Bitcoin script execution can also be understood as having a virtual machine, but the implementation of the virtual machine is relatively simple. Since all are virtual machine execution instructions, what is the change in Ethereum?

I conclude that there are three main changes brought about by Ethereum:

1. Ethereum virtual machine instructions are more expressive. In simple understanding, it can be considered that the instructions provided by Ethereum are lower level, and the lower level instructions are combined into higher level instructions, while Bitcoin is directly providing advanced instructions, and the instructions are limited. In addition, Ethereum supports jump and other instructions, can express logic such as loops, that is, Turing is often said to be complete.

2. Ethereum introduced the gas mechanism. The contract logic can be written freely on Ethereum. The gas mechanism guarantees an upper limit when it is executed. In addition to solving the downtime problem, it can also limit the waste of resources, and there is a relationship between the execution cost of the script and the cost.

3. Contracts on Ethereum are stateful, and contracts on Bitcoin cannot have their own status. This means: First, the contract on Bitcoin can't generate its own state. For example, if you output one thing in this script, it will not work in the next script. Bitcoin scripts are one-off. , only for this transaction; second, the script on the bitcoin can not directly read the existing state of the chain, such as the block height on the time lock dependency chain, requires special instruction support, embedded in the script Other states (implemented by the op_return directive) are less readable.

Q: What difference does Turing complete bring?

A: Actually, Ethereum does not mean that true Turing is complete, because it has the limitation of gas, it is impossible to use too complicated logic.

The advantage of Turing's completeness is that it has more expansion ability and more expressive ability. Therefore, the degree of freedom of experiments provided by Ethereum is much greater than that of Bitcoin, which is why there are many experimental projects in Ethereum.

Bitcoin is a conservative strategy. I have so many instructions, I experimented somewhere else, experimented well, I feel that I need to support this instruction, I will increase this instruction. For example, to support atomic switching and payment channels, a hash time locking protocol has been added to lock a time period.

Why doesn't Bitcoin expand so many instructions? Because the resource consumption of different instructions is different, if you execute a very complicated script, the cost of executing this transaction will be high, which will consume resources and affect the entire network.

Q: What is the difference between contract status?

A: The state of Bitcoin is all generated under the chain, that is to say, this state is written when the transaction is generated. The chain only carries the data of the transaction, and other additional data cannot be written.

For example, it is difficult for you to send your own currency on Bitcoin. The coins sent on Bitcoin are all dyed coins. The dyed coins embed some of their own data structures in the script, but the script can't read the embedded data structure, so you can't verify this data structure through scripts. A network check, see if the data written in is legal.

All dyed coins are based on this mechanism. It is not a direct token like Ethereum, and then verified by contract.

The reason why Bitcoin adopts this design is that it does not welcome other data to be written, because for the Bitcoin network, there is a cost to carry additional data, and this data has to be saved forever, and the user only Pay once. So bitcoin does not provide storage for custom state, this is not its route. Embedding custom data with op_return can be understood as a hack behavior, not the original goal of bitcoin providing op_return.

In fact, this can be seen in the difference between Bitcoin and Ethereum in design thinking: you can understand Bitcoin as a neutral bank, it only provides the mechanism of asset locking and unlocking, who owns the key asset, it is other The conditions are not concerned; and each asset is an independent lock, and it does not care about the relationship between assets. Bitcoin's smart contract is not a piece of code, but a series of protocols that manipulate locks.

The design idea of ​​Ethereum is that any contract can be represented as a series of transactions. The status of the subsequent transactions and the pre-transaction are related, so it provides a general mechanism for tracking and updating the historical status, and updating. The logic and conditions of the state are created by the user himself. The formula of the state of the world in the Ethereum Yellow Book is a good expression of this idea.

These two ideas have their own advantages and disadvantages, and are related to the designer's goals and the abstraction of the world.

Q: Are there other differences between Bitcoin and Ethereum's smart contracts?

A: The difference between the UTXO model (unexpended transaction output) and the Account model (account) will also bring differences in the implementation of the smart contracts.

In the UTXO model, each pen has a mark. When you use it, you need to know exactly which money to use. The Account model is equivalent to merging all UTXOs into a large UTXO. This default is used. UTXO. This brings a few differences:

1. Writing a contract under the Account model is relatively simple. You only need to say how much money to transfer, and you don't need to specify which money to transfer.
2. The Account model can constrain future earnings in advance, which means that the money has not yet reached the contract account, but the contract can be deployed to constrain how it should be spent;
3. Since the Account model is equivalent to merging UTXO, you cannot directly set the unlock condition when transferring funds. You must deploy a contract first.

Of course, both the UTXO model and the Account model are evolving, and some projects will change them. I will have the opportunity to write a detailed analysis of the article.

Fourth, bitcoin smart contract case

Q: How do you understand that lightning network itself is a smart contract?

A: You can say that Lightning Network is a protocol, or it can be said to be a smart contract on Bitcoin. The lightning network contract mainly solves the problem of how two people can lock money together, and what to do if one party cheats, does not cooperate, etc., it is realized by the three locks mentioned before.

Q: What is the process of implementing smart contracts on a lightning network?

A: The lightning network is actually a payment channel between two people. Now it only supports mutual transfer. We tried to embed a virtual machine on top of the payment channel to execute a more complete smart contract, such as a game. (Note: Wang Yuanming's smart contract on the lightning network:

Both sides of the channel can press a BTC, and then go to play the game, the winner will get the BTC; if there is disagreement, you can go through arbitration through the arbitration system. The arbitration system is equivalent to a court, which can be a side chain, or a node operated by a trusted institution, or an arbiter market. The arbitration system retains the unlocking key of both parties (the value of the hash), which gives the key to the winning party after arbitration.

Since the assets of Lightning Network are directed, the arbitrator can only decide which user gets the BTC, but he can't take the user's BTC. Even if there is a possibility of joint cooperation, the cost of cheating is higher than the hosting mode.

Q: What is the difference between a smart contract through a lightning network and a smart contract with a liquid chain like Liquid?

A: The smart contract on the lightning network is executed by the chain nodes of both sides of the channel, and each other is verified. When there is a divergence, an arbitration system is needed to arbitrate. The side chain itself has a consensus mechanism, and there are multiple nodes to execute and verify the contract, so the implementation mechanism is different.

The way to implement smart contracts in the sidechain is similar to the way smart contracts are implemented on Ethereum, but when it works with the main chain, it needs to be locked and unlocked by Bitcoin.


As a cryptocurrency, Bitcoin seems to have the ability to provide a better space for the development of DeFi because it embodies the most consensus and carries the highest value and liquidity. It is the most trusted encryption asset.

So as a system, does Bitcoin support the implementation of DeFi? In this article we explored the implementation mechanism of the Bitcoin smart contract and compared it with the Ethereum smart contract. DeFi on Bitcoin is not only possible, but it will become more complete with the power of multi-sign.

Perhaps we can expect the arrival of decentralized financial services with Bitcoin as the core element.

– The End –

Respondents: Wang Yuanming (Weibo: @jolestar)

Interview & Author: Li Hua (Special Research Fellow, Coin Research Institute)

This article is about 5,000 words, and it takes about 10 minutes to read the full text.