What is BitVM? A Beginner’s Guide to Turing-Complete Bitcoin Smart Contracts

November 3, 2023
9 min
laptop with paper coming out of it and Bitcoin logos floating around

Discover what BitVM is, how it works, and its potential use cases in this comprehensive guide.

Bitcoin builders are continuously innovating, bringing more functionalities and use cases to the Bitcoin ecosystem. BitVM is the latest creation that aims to enhance Bitcoin’s utility. 

In this guide, you will find out what BitVM is, how it works, and the possible use cases it can power on Bitcoin. 

What is BitVM? 

BitVM, which stands for Bitcoin Virtual Machine, is a computational engine introduced by Robert Linus on October 9, 2023, that aims to scale Bitcoin by enabling expressive Turing-complete smart contracts. 

With BitVM, developers can compute anything on Bitcoin as soon as the engine’s functionalities are upgraded. BitVM, in its current state, can compute the sum of two integers, whether one integer is larger than another, and whether a string consists entirely of zeros or not.

Rather than altering the blockchain’s consensus rules, BitVM uses existing Bitcoin features such as Taproot and the hashed time lock smart contract. The latter is a smart contract that impedes the spending of funds until a specified duration has elapsed.

Developers Sam Parker and Super Testnet are notable contributors to the BitVM project. The pseudonymous developer, Super Testnet, built the first Proof-of-Concept for BitVM.

What Are Turing-Complete Smart Contracts?

Turing completeness is the ability of a computer system to solve any computational problem as long as it has enough time and resources. 

In the case of smart contracts, Turing completeness refers to a smart contract that can run the logic of any computer request.

By design, Bitcoin’s smart contracts are simple and non-Turing-complete because they were not built for dApp development and tokenization. Therefore, BitVM can help extend Bitcoin’s utility and functionalities if successful.

How Is BitVM Different from EVM? 

Although BitVM will bring Turing-complete smart contracts to Bitcoin, it’s crucial to note that these smart contracts aren’t the same as Ethereum smart contracts. 

BitVM simply mimics the Turing-completeness of smart contract blockchains like Ethereum and Solana. The virtual engine expands the length of the programs that a developer can run, making Bitcoin Turing-complete enough to perform any computation. 

BitVM isn’t the same as the Ethereum Virtual Machine (EVM). There are significant differences, which have led some Bitcoin community members to observe that Bitcoin’s VM isn’t a “full virtual machine.”

EVM is integrated into the Ethereum blockchain, while BitVM is an add-on that users can opt to use when needed. Thus, you can continue transacting as usual with your Xverse Bitcoin wallet even after BitVM goes live.

Another difference between EVM and BitVM products is that the former only requires that ETH is safe to ensure the contract’s security. On the other hand, BitVM requires trust in Bitcoin’s security, as well as in the participants’ honesty. They must submit fraud proof within the challenge period, which will significantly impact how BitVM products will deal with failures. 

Lastly, BitVM handles most of its computations off-chain to avoid overloading the main chain. Conversely, EVM performs all computations on-chain.

How Does BitVM Work? 

In the simplest terms, BitVM allows anyone to create a smart contract that another person can then verify to confirm that it is authentic. However, the smart contract creator must put a certain amount of money on the line to build trust. 

In other words, these funds act as a bet, claiming that the outcome of their code is “X.” Should they fail to back up this claim, they lose their funds. Having said that, BitVM functionalities are more complex than this. 

Here’s a breakdown of the components involved:

Off-Chain Computation

Think of BitVM as a separate environment within the Bitcoin ecosystem where you can run a program or execute smart contracts. 

Almost all of the activity on BitVM takes place off-chain. This includes initiating a computational task, sharing data, and verifying the submitted claims. BitVM generally doesn’t run computations on the Bitcoin blockchain. Computational activities and verifications are only published on-chain when there is a dispute upon suspicion of fraud. However, if there is a dispute, a small part of the disputed program does run on-chain, only enough to find out which party was dishonest.

BitVM has been compared to optimistic rollups since it performs most computations off-chain and, in case of a dispute, submits some of them on-chain for dispute resolution.

An optimistic rollup is a Layer-2 scaling solution that takes the load off the base layer by moving computations and data storage off-chain. It then bundles multiple transactions and posts them to the main chain.

Optimistic rollups assume all transactions are valid. However, if network participants get an inkling that dishonest behavior has occurred, they can initiate a fraud proof. Fraud proofs are proofs that someone computed something inaccurately. They are produced after an examination. 

Two-Party Interactions

BitVM adopts a two-party structure system made up of a Prover and a Verifier. These two parties interact a lot off-chain before jointly settling a contract. The Prover creates the smart contract or program, and the Verifier confirms that the code actually generates the expected outcome.

To begin the interaction, the Prover initiates a claim by committing to an output and sending funds to a Taproot address. These funds are held in 2-of-2 multisig. The Prover also shares with the Verifier the input that will make their code produce the output they have committed to.

The Verifier then runs the Prover's code to check if the expected result is what they said it was. If they discover that the result is not what they expected, the Verifier will send a challenge to the Prover. The Prover is then expected to respond with a valid answer. 

This verification process is known as the challenge-response game. It begins once the verifier discovers that the prover made a computational error.

The two actors also deposit funds on-chain to activate the smart contract or program. After doing this, they begin exchanging the necessary data off-chain.

The Verifier utilizes the pre-signed transactions to challenge the Prover and keeps the game going until there are no pre-signed transactions left or until the Prover contradicts themselves or stops responding. Once the computational task is verified, the two parties jointly settle the smart contract.

Should the Prover produce an invalid response, they lose the game and deposit to the Verifier. Otherwise, the Prover can keep their funds if all answers are correct. The fact that users can lose their money hinders them from acting dishonestly. 

Fraud Identification  

If the Verifier discovers fraudulent behavior, they publish fraud proofs on-chain to expose the Prover’s deception. The Bitcoin blockchain acts as an enforcer in this case. Consequently, the Prover loses money, and the smart contract or program is not executed. 

Verifiers use the pre-signed transactions mentioned earlier when there is a dispute to force the dishonest party to stop responding or contradict themselves, and either of those things constitutes a fraud proof. 


Other than the winning instances previously mentioned, the Verifier can come out triumphant if the Prover stops cooperating. That means they will get the Prover’s deposit after the time lock lapses. Conversely, the Prover gets to keep their money if the Verifier fails to collaborate. 

Opportunities & Limitations of BitVM

What Use Cases Could BitVM Power on Bitcoin?

Below are some of the ways BitVM could be useful on the Bitcoin blockchain.


BitVM could enhance Bitcoin’s programmability, allowing developers to build various decentralized applications (dApps) for DeFi, like prediction market protocols, decentralized exchanges, and derivatives platforms.

Automated Payments

With advanced smart contracts, merchants, remote workers, and freelancers could get paid through automated bitcoin payments for their goods or services. 

Data Verification

BitVM could be utilized to verify data, making it a potential tool for data analytics and research companies.


Gaming developers could leverage BitVM-enabled Bitcoin smart contracts to build dApps for two-player games, such as chess, Go, and poker.

Cross-Chain Interoperability

Once more primitives are added to BitVM, it may allow the bridging of BTC from Bitcoin to other blockchains.

Xverse: Your Gateway to Bitcoin Web3

Xverse has emerged as the go-to Bitcoin wallet for builders looking to develop Web3 applications powered by Bitcoin. 

By supporting Bitcoin-focused technological innovations such as Ordinals, BRC-20, and Stacks, Xverse has established itself as the gateway to Bitcoin Web3.

Published in
BRC-20 Tokens
Quote mark
Sign up for updates!

Stay tuned to our latests news and updates