Paper 2025/1253

SoK: BitVM with Succinct On-Chain Cost

Weikeng Chen, L2 Iterative
Abstract

This is a systematization of knowledge (SoK) on BitVM with succinct on-chain cost. 1. from different cryptographic primitives: - Minicrypt privacy-free garbled circuits (PFGC) - homomorphic message authentication codes (HMAC), which implies succinct PFGC - attribute-based laconic function evaluation (AB-LFE), which implies reusable PFGC 2. using different malicious security compilers: - cut-and-choose (C&C) - non-interactive zero-knowledge proofs (NIZK) - fraud proofs on Bitcoin 3. with different proof systems: - publicly verifiable SNARK - designated-verifiable SNARK (DV-SNARK) 4. in different protocol directions: - standard BitVM (operator = garbler, challengers = evaluators) - reverse BitVM (operator = evaluator, challengers = garblers) 5. given different operator liveness setup: - existential honesty - honest majority

Note: Updated on the operator liveness setup and discussion.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
bitvmabelfehmacgarbled circuits
Contact author(s)
weikeng chen @ l2iterative com
History
2025-11-20: last of 17 revisions
2025-07-07: received
See all versions
Short URL
https://ia.cr/2025/1253
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX 

@misc{cryptoeprint:2025/1253,
      author = {Weikeng Chen},
      title = {{SoK}: {BitVM} with Succinct On-Chain Cost},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/1253},
      year = {2025},
      url = {https://eprint.iacr.org/2025/1253}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.