Apparently, this BitVM paper (released earlier in the summer of this year) won something called the Bitcoin Research Prize. I had not heard of this prize.
The Bitcoin Research Prize is offered by Chaincode. I couldn't quite tell if they have offered it in previous years, or what it consists of (do they win bitcoin?), but it is to be awarded at an event which happens to be...tomorrow.
Anyhow, Clara Shikhelman posted about it on X, and so I had a look at the prize-winning paper:
Trustless bridges between other blockchains are typically realized through light clients on the destination chain, which check if a certain transaction happened in the source chain before releasing tokens in the destination chain. The Inter-Blockchain Communication protocol (IBC) in Cosmos is a notable example. Such light clients are typically implemented as smart contracts on the destination chains. Since Bitcoin lacks smart contracts, existing bridges typically use multi- or threshold signature schemes, where a group of t-of-n signers is entrusted with safekeeping BTC. If these signers collude or are bribed, user deposits are lost.
You hear it said all the time that bridges between chains usually come down to multisigs (so many things come down to multisigs!) Apparently, the BitVM folks came up with a way to make it less like that.
In this paper, we present the first light-client based Bitcoin bridge, the BITVM2-BRIDGE. The BITVM2-BRIDGE is run by n permissioned signers, m permissioned operators and an arbitrary number of permissionless challengers that watch over the operators. As shown in Fig. 1, BITVM2-BRIDGE achieves stronger security guarantees than standard multi-signature bridges. In particular, it reduces the peg-out safety and liveness assumptions from honest majorities to existential honesty: the presence of just one honest party per role (signer, operator, challenger) suffices.
The signers act as an emulation of a covenant, a set of pre-signed transactions forming a contract on how and to whom the locked pegged-in funds can be released in a peg-out. Unlike in a multi-signature bridge, the signers only need to be present at peg-in, and once the transactions are pre-signed they can delete their keys. The peg-out process is achieved in a trust-minimizing way through the light client. A user first burns the wrapped asset on the L2. Then one of the operators fronts the bitcoins to that user, and using a proof of burn, the operator claims the locked funds that were pegged in. The on-chain light client is used to verify the correctness of the proof and ensures that an honest operator can always claim the funds. Precisely because of the light client, no action by the signers is needed at peg-out, and as long as at least one of the signers deleted its key after peg-in, the covenant is sealed and the pegout process is trustless. This is the strong distinction between the BITVM2-BRIDGE and a standard multisignature bridge.
This is about as far as I follow. I have struggled a little to understand BitVM itself (lots of presigned transactions?) and using BitVM2 as a bridge seems like a bridge to far for my mental athleticism. Perhaps one of the stackers would care to write something explaining why this is worthy of the Bitcoin Research Prize.