Smart contract languages and BitcoinSmart contract languages and Bitcoin

Bitcoin Script is famously limited (although people have figured out quite a few things to do with it). There are a number of projects attempting to write more expressive scripting languages built on Bitcoin Script (sometimes in the hope of the addition of a few new op-codes).

The most popular example of this is Blockstream's Simplicity (which is live on Liquid but I believe it requires a soft fork to work on Bitcoin mainnet).

There is also something called miniscript, but I don't think people call it a "smart contract language" so much as a safe shorthand way to write complicated Bitcoin scripts. Miniscript works on Bitcoin mainnet right now and wallets like Liana, Nunchuk, and Bitcoin Keeper use it to do cool things with timelocks and multisigs.

A challenger has entered the ring! BithovenA challenger has entered the ring! Bithoven

Bithoven just announced its release of a v0.0.1 with an implementation, Web IDE, and formal verification paper published on arXiv.

Bithoven is a high-level, imperative programming language designed for Bitcoin smart contracts. It bridges the gap between complex contract logic and the low-level stack machine of the Bitcoin Virtual Machine (VM).

Unlike writing raw Bitcoin Script—which is notoriously difficult and error-prone—Bithoven allows you to write readable, auditable code with modern control flow (if/else), named variables, and built-in safety checks. It compiles down to highly optimized native Bitcoin Script.

As far as I can tell, Bithoven does not require any new op-codes or changes to Bitcoin. In this way, it seems very much like an alternative to miniscript, a comparison the lead developer makes in their delving post:

While Miniscript excels at policy analysis and structural correctness, its grammar and syntax can feel difficult for developers used to imperative control flow.

But, like miniscript, it seems like Bithoven was built with the ability to benefit from new op-codes such as OP_CAT, should they ever be enabled.

ExamplesExamples

Here are two examples from their docs that use Bithoven to write contracts.

A HTLCA HTLC

pragma bithoven version 0.0.1;
pragma bithoven target segwit;

// Define inputs for both paths
(condition: bool, sig_alice: signature)
(condition: bool, preimage: string, sig_bob: signature)

{
    if condition {
        // Refund Path (Alice)
        older 1000; // Relative Lock
        return checksig (sig_alice, "0245...alice_pk...");
    } else {
        // Redeem Path (Bob)
        // Verify preimage matches hash
        verify sha256 sha256 preimage == "53de...hash_digest...";
        return checksig (sig_bob, "0345...bob_pk...");
    }
}

An inheritance plan with time decayAn inheritance plan with time decay

pragma bithoven version 0.0.1;
pragma bithoven target segwit;

// Inputs corresponding to the 3 paths
(sig_owner: signature)
(sig_owner: signature, secret: string, sig_heir: signature)
(sig_owner: signature, secret: string, sig_heir: signature, sig_lawyer: signature, sig_audit: signature)

{
    // Path 1: Owner
    if checksig(sig_owner, "03da...owner_pk...") {
        return true;
    }
    else {
        older 1000; // Wait 1000 blocks

        // Path 2: Heir
        if sha256(secret) == "daed...hash..."
           && checksig(sig_heir, "0344...heir_pk...") {
                return true;
        }
        else {
            older 10000; // Wait 10,000 blocks

            // Path 3: Lawyer + Auditor Multisig
            return checksig[2,
                (sig_lawyer, "03da...lawyer_pk..."),
                (sig_audit, "03da...audit_pk...")
            ];
        }
    }
}

Cool to see people building interesting things on Bitcoin!