This article compares Bitcoin L2 with early work and discusses some of the most promising Bitcoin L2 projects.

Author: Mohamed Fouda, Alliance DAO

Translation: DeepTechFlow

Bitcoin spot ETF has become a hot topic in the past few weeks. As these discussions subside, the community's attention has returned to the development of Bitcoin. This means answering a question: "How to improve the programmability of Bitcoin?"

Currently, Bitcoin's L2 is the most promising answer to this question. This article compares Bitcoin L2 with early work and discusses some of the most promising Bitcoin L2 projects. Then, the article discusses interesting entrepreneurial opportunities related to Bitcoin L2.

Defending permissionless Bitcoin

As many investors can now invest in Bitcoin through regulated products, they can trade BTC in traditional finance (TradFi) products, such as leveraged trading, collateralized loans, etc. However, these products do not use native BTC. Instead, they use TradeFi versions of BTC controlled by the issuer, while the native BTC is locked by custodians. Over time, TradeFi versions of BTC may become the primary way of holding and using BTC, transforming it from a decentralized permissionless asset to another asset controlled by Wall Street. The native permissionlessness of Bitcoin is the only way to resist the control of Bitcoin by the old financial system.

Building native Bitcoin products

L1 applications

Developers have attempted to implement additional functionalities on L1 multiple times. These efforts focus on utilizing the ability of Bitcoin transactions to carry arbitrary data. This arbitrary data can be used to implement additional functionalities, such as issuing and transferring assets and NFTs. However, these functionalities are not built as part of the Bitcoin protocol and require additional software to interpret these data fields and operate on them.

These efforts include Colored Coins, Omni protocol, Counterparty, and the recent Ordinals. Omni was initially used to issue and transfer USDT on Bitcoin L1, later expanding to other chains. Counterparty is the underlying technology for Bitcoin Stamps and SRC-20 tokens. Ordinals are currently the standard for issuing NFTs and BRC-20 tokens on Bitcoin using covenants.

Since its launch, Ordinals has been hugely successful, generating fees exceeding 200 million USD. Despite its success, Ordinals is limited to asset issuance and transfer on L1. Ordinals cannot be used to implement applications on L1. Due to the limitations of Bitcoin's native programming language Bitcoin Script, more complex applications (such as AMM and lending) are almost impossible to build.

BitVM

One attempt to extend the functionality of Bitcoin L1 is BitVM. This concept is built on top of Bitcoin's Taproot upgrade. The concept of BitVM is to extend the functionality of Bitcoin through off-chain execution of programs and ensure that the execution of programs can be challenged on-chain through fraud proofs. Although BitVM seems capable of implementing arbitrary logic off-chain, the cost of on-chain execution of fraud proofs increases rapidly with the size of off-chain programs. This limitation restricts the applicability of BitVM to specific issues, such as trust-minimized BTC bridging. Many upcoming Bitcoin L2s use BitVM to implement bridging.

Simplified diagram of BitVM operations

Sidechains

Another approach to addressing the limited programmability of Bitcoin is using sidechains. Sidechains are independent, fully programmable blockchains compatible with EVM, aiming to remain consistent with the Bitcoin community and provide services to this community. Examples of these sidechains include Rootstock, Blockstream's Liquid, and Stacks V1.

Bitcoin sidechains have existed for many years but have generally achieved limited success in attracting Bitcoin users. For example, the number of BTC bridged on the Liquid sidechain is less than 4500. However, some DeFi applications built on these sidechains have achieved good results, such as Sovryn on Rootstock and Alex on Stacks.

Bitcoin L2

Bitcoin L2 is becoming the focus for building permissionless applications based on BTC. They can offer the same advantages as sidechains but with security guarantees derived from the Bitcoin base layer. There has been ongoing debate about what truly constitutes Bitcoin L2. In this article, we will avoid this debate and instead discuss the main considerations for fully coupling L2 with L1 and discuss some promising L2 projects.

Requirements for Bitcoin L2

Security from L1

The most important requirement for Bitcoin L2 is to derive its security from the security of L1. Bitcoin is the most secure chain, and users expect this security to extend to L2. For example, the Lightning Network has already achieved this.

This is why sidechains are classified as sidechains, as they have their own security. For example, Stacks V1 relies on the STX token to ensure its security.

Practically achieving security requirements is extremely challenging. To ensure that L1 can support L2 securely, L1 needs to be able to perform certain computations to verify the behavior of L2. For example, rollups on Ethereum derive security from L1 because Ethereum L1 can verify zero-knowledge proofs (zk rollup) or verify fraud proofs (optimistic rollup). Currently, Bitcoin's base layer lacks the computational capability to perform these operations. Proposals have been made to add new opcodes to Bitcoin to enable the base layer to verify ZKPs submitted by rollups. In addition, proposals like BitVM attempt to achieve fraud proofs without changing L1. The challenge faced by BitVM is that the cost of fraud proofs may be extremely high (hundreds of L1 transactions), limiting its practical application.

To achieve L2 security at the level of L1, L1 needs an immutable record of L2 transactions. This is known as the data availability (DA) requirement. It allows observers monitoring the L1 chain to verify the state of L2. Through covenants, L2 transaction records can be embedded into Bitcoin L1. However, this brings another issue, which is scalability. Due to Bitcoin L1's block time limit of 4MB every 10 minutes, its data throughput is limited to approximately 1.1 KB/s. Even if L2 transactions are highly compressed to about 10 bytes per transaction, assuming all L1 transactions are used to store L2 data, L1 can only support a throughput of approximately 100 transactions per second for L2.

Trust-minimized bridging from L1 to L2

In Ethereum L2, bridging to and from L2 is controlled by L1. Bridging to L2, known as Peg-in, essentially means locking assets on L1 and minting copies of these assets on L2. In Ethereum, this is achieved through L2-native bridging smart contracts. These smart contracts store all assets bridged to L2. The security of the smart contract comes from L1 validators. This makes bridging to L2 secure and minimizes trust to the greatest extent possible.

In Bitcoin, it is not feasible to achieve bridging protected by the entire L1 mining collective. Instead, the best option is to use multi-signature wallets to store L2 assets. Therefore, the security of L2 bridging depends on multi-signature security, including the number and identity of signers, and how Peg-in and Peg-out operations are protected. One way to enhance the security of L2 bridging is to use multiple multi-signature wallets to store all L2 bridged assets, rather than a single multi-signature wallet. Examples of this include TBTC, where multi-signature signers need to provide slashable collateral. Similarly, the proposed BitVM bridging requires multi-signature signers to provide security deposits. However, in this multi-signature, any signer can initiate Peg-out transactions. Peg-out transactions are protected by BitVM fraud proofs. If signers behave maliciously, other signers (validators) can submit fraud proofs on L1, leading to the malicious signer being slashed.

Current Status of Bitcoin L2

Comparison summary of Bitcoin L2 projects

Chainway

Chainway is building a zk rollup on top of Bitcoin. The Chainway rollup uses Bitcoin L1 as a data availability (DA) layer to store the rollup's ZKPs and state differences. Additionally, the rollup utilizes recursive proofs, aggregating each new proof onto the previous proof published on L1 blocks. The proofs also aggregate "enforced transactions," which are L2-related transactions broadcasted on L1 to enforce their inclusion in L2. This design has several advantages:

• Enforced transactions ensure that the rollup sequencer cannot censor L2 transactions and give users the ability to include these transactions by broadcasting them on L1

• Using recursive proofs means that each block's prover must verify the previous proof. This creates a chain of trust and ensures that invalid proofs cannot be included in L1.

The Chainway team also discusses using BitVM to ensure proof verification and correct execution of Peg-in/out transactions. By using BitVM to verify bridging transactions, the trust assumption of bridging multi-signatures is reduced to a honest minority.

Botanix

Botanix is building an EVM L2 for Bitcoin. To enhance consistency with Bitcoin, Botanix L2 uses Bitcoin as a PoS asset for consensus. L2 validators earn fees from transactions executed on L2. Additionally, L2 stores the Merkle root of all L2 transactions using covenants on L1. This provides partial security for L2 transactions, as the L2 transaction log cannot be altered, but does not guarantee the DA of these transactions.

Botanix handles bridging from L1 to L2 through a decentralized multi-signature system network called Spiderchain. Signers for the multi-signature are randomly selected from a group of coordinators. Coordinators lock user funds on L1 and sign statements to mint an equivalent amount of BTC on L2. Coordinators post security deposits to obtain this role. If there is malicious behavior, the security deposit will be slashed.

Botanix has launched a public testnet, with the mainnet planned for the first half of 2024.

Bison Network

Bison adopts a sovereign rollup style to implement its Bitcoin L2. Bison implements a zk rollup using STARKs and uses Ordinals as the mechanism to store generated ZKPs and transaction data on L1. Since Bitcoin cannot verify these proofs on L1, verification is delegated to users who verify ZKPs on their own devices. In this sense, Bison is more like an Optimistic Rollup, but without fraud proofs.

For bridging operations on Bitcoin in L2, Bison uses discrete log contracts (DLC). DLC is secured by L1 but relies on an external oracle. This oracle reads the state of the L2 network and passes the information to the Bitcoin L1 network. If this oracle is centralized, it may maliciously use assets locked on the L1 network. Therefore, for Bison, transitioning to a decentralized DLC oracle is crucial.

Currently, Bison does not support a specific virtual machine (VM). The Bison operating system implements some contracts, such as token contracts, which can be proven by Bison provers.

Stacks V2

Stacks is one of the earliest projects focused on extending Bitcoin's programmability. Stacks is undergoing a transformation to better align with Bitcoin L1. The focus of this article is the upcoming Stacks V2, expected to launch on the mainnet in April 2024. Stacks V2 implements two new concepts that improve consistency with L1. The first is the Nakamoto version, which updates Stacks' consensus to follow Bitcoin blocks and finality. The second is improved Bitcoin bridging technology, called sBTC.

In Nakamoto, Stacks blocks are mined by miners who submit Bitcoin as collateral on the L1 network. When a Stacks miner creates a block, these blocks are anchored on the Bitcoin L1 network and gain confirmation from the L1 network's proof of work (PoW) miners. When a block receives 150 confirmations on the L1 network, the block is considered final and cannot fork without forking the Bitcoin L1 network. At this point, the Stacks miner who mined the block receives STX rewards, and their BTC collateral is allocated to the network's Stackers. This means that any Stacks blocks older than 150 blocks (approximately 1 day old) rely on the security of the Bitcoin L1 network. For newer blocks (150 confirmations), the Stacks chain can only fork if 70% of Stackers support the fork.

Another upgrade for Stacks is sBTC, which provides a more secure way to bridge BTC to Stacks. To bridge assets to Stacks, users deposit their BTC into an L1 network address controlled by Stackers on the L2 network. Once the deposit transaction is confirmed, sBTC is minted on the L2 network. To ensure the security of bridged BTC, Stackers must lock STX worth more than the bridged BTC as collateral. Stackers are also responsible for executing redemption requests from the L2 network. Redemption requests are broadcast in the form of L1 network transactions. Once confirmed, Stackers destroy sBTC on the L2 network and collaboratively sign an L1 transaction to release the user's BTC on the L1 network. For this work, Stackers receive the previously discussed miner collateral as a reward. This mechanism is called Proof of Transfer (PoX). ```

Stacks aligns with Bitcoin by requiring many important L2 transactions, such as miner PoX collateral, redemption transactions, etc., to be executed as L1 network transactions. This requirement does enhance the alignment and security of bridging BTC, but due to the volatility and high fees of L1, it may lead to a degraded user experience. Overall, the upgraded design of Stacks addresses many issues from V1, but there are still some weaknesses. These include using STX as the native asset in L2 and L2 data availability, where only the hashes of transactions and smart contract code are available on the L1 network.

BOB

Build-on-Bitcoin (BOB) is an Ethereum L2 aiming to align with Bitcoin. BOB operates as an Optimistic rollup on Ethereum and uses the EVM execution environment to implement smart contracts.

BOB initially accepts different types of bridged BTC (WBTC, TBTC V2), but plans to adopt a more secure bidirectional bridging technology in the future, using BitVM.

To differentiate from other Ethereum L2s that also support WBTC and TBTC, BOB is building features that allow users to interact directly with the Bitcoin L1. The BOB SDK provides a range of smart contract libraries that allow users to sign transactions on the Bitcoin L1. The execution of these transactions on L1 is monitored by a Bitcoin light client. The light client adds the hash of Bitcoin blocks to BOB for simple verification (SPV), confirming that the submitted transactions have been executed on L1 and included in the block. Another feature is the independent zkVM, which allows developers to write Rust applications for Bitcoin L1. Proofs verified as correctly executed on the BOB rollup.

The current design of BOB is more like a sidechain than a Bitcoin L2. This is mainly because the security of BOB depends on Ethereum L1, not Bitcoin's security.

SatoshiVM

SatoshiVM is another project planning to launch a zkEVM Bitcoin L2. The project suddenly appeared and launched a testnet in early January. There is little technical information about this project, and it is currently unclear who the developers behind the project are. The limited technical documentation for SatoshiVM mentions using Bitcoin L1 for data availability (DA), resisting censorship by supporting broadcasting transactions on L1, and using fraud proofs similar to BitVM to verify the zero-knowledge proofs of L2.

Due to its anonymous nature, there is much controversy surrounding this project. Some investigations show that the project is associated with Bool Network, an earlier Bitcoin L2 project.

Entrepreneurial Opportunities in Bitcoin L2

The Bitcoin L2 space provides multiple opportunities for entrepreneurship. In addition to the opportunity to build the best Bitcoin L2, there are several other entrepreneurial opportunities.

Bitcoin DA Layer

Many upcoming L2s aim to increase their consistency with L1. One approach is to use L1 for DA. However, given the strict limits on Bitcoin block size and the long time delay between L1 blocks, L1 cannot store all L2 transactions. This creates an opportunity for a Bitcoin-specific DA layer. Existing networks, such as Celestia, can expand to fill this gap. However, creating an off-chain DA solution that relies on Bitcoin security or BTC collateral can enhance consistency with the Bitcoin ecosystem.

MEV Extraction

In addition to using Bitcoin L1 for DA, some L2s may choose to delegate L2 transaction ordering to sorters bonded with BTC, or even delegate to L1 miners. This means that any MEV extraction will be delegated to these entities. Given that Bitcoin miners are not suitable for this task, there is an opportunity for a company similar to Flashbots to focus on MEV extraction and private order flow in Bitcoin L2. MEV extraction is often closely related to the virtual machine (VM) used, and considering that there is no recognized VM for Bitcoin L2, there may be multiple participants in this field. Each participant focuses on different Bitcoin L2s.

Bitcoin Yield Tools

Bitcoin L2 will require the use of Bitcoin collateral for validator selection, DA security, and other functions, creating revenue opportunities for holding and using Bitcoin. Currently, there are some tools that provide such opportunities. For example, Babylon allows users to collateralize BTC to secure other chains. As the Bitcoin L2 ecosystem thrives, there will be a huge opportunity for an aggregation platform to provide native BTC yield opportunities.

In summary

Bitcoin is the most well-known, secure, and liquid cryptocurrency. With the launch of Bitcoin spot ETFs, Bitcoin is entering the phase of institutional adoption, making it more important than ever to maintain BTC as a permissionless and censorship-resistant asset.

This can only be achieved by expanding the permissionless application space around Bitcoin. Bitcoin L2 and the entrepreneurial ecosystem supporting these L2s are essential elements in achieving this goal.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。