August 14, 2018

Bitcoin Smart Contracts

by

Gabriel Garcia

Platform Engineer

We've all heard the buzz surrounding smart contracts - trustless computer protocols intended to facilitate, validate, and enforce the terms of a contract. It is a revolutionary technology that many believe will change the world. Unfortunately, since smart contracts are notoriously difficult to implement securely, most of the news regarding smart contracts revolves around their failures.

Ethereum, the most-well known blockchain platform that runs smart contracts, has fallen victim to several high-profile hacks.

In 2016, the Distributed Autonomous Organization (DAO) had several millions of value stolen out of their smart contract because of a bug. Another bug, known as the "Parity freeze" resulted in the loss of over 500,000 ETH (now worth over $150M USD). There are many more, and there will probably be many more examples of this.

Why?

Developers are humans. We make mistakes. As with any new technology, bugs are inevitable. In smart contracts, bugs are extremely hard to correct because of the decentralized nature of blockchain. In Ethereum's case, once a contract is in the blockchain, it is final and cannot be changed. When you deploy a smart contract, it is propagated to all the nodes in the network for verification of transactions. There are methods that allow a developer to use different versions of a smart contract, but this introduces added complexity that oftentimes results in more bugs.

One way to prevent these inevitable bugs is to have all contracts audited by an experienced, unbiased third party. There are many examples of unaudited smart contracts being released and causing massive loss of funds. A simple audit of a smart contract before release can prevent this.

Ethereum vs. Bitcoin

Ethereum and Bitcoin are very different. They were built to solve different problems, and have different underlying approaches on how they handle and implement certain features. Bitcoin is known as a digital currency (or digital gold), while Ethereum is thought of as a “World Computer.”

Why do they have this distinction? As a simplified explanation, it is because the Bitcoin scripting system is purposefully not Turing-complete, while Ethereum’s is.

Technical note: In computability theory, a Turing-complete (or computationally universal) programming language, given enough time and resources, could simulate any Turing Machine.

Since Bitcoin is purposefully not Turing-complete, it can not arbitrarily solve any problem that Ethereum can. (Ethereum can do “for” loops, Bitcoin can’t.) In other words, the ability of the Bitcoin scripting language is a subset of Ethereum’s. This is the reason why Ethereum is better-known for its smart contracts, and thought of as a world computer.

At first glance, it may seem like Ethereum is the clear winner. It can solve any problem that Bitcoin can, plus more. Doesn’t this mean it’s superior?

Going a little deeper, since Ethereum is Turing-complete, it’s scripting language is far more complex than Bitcoin’s. The more complex a system is, the more bugs will be unintentionally introduced. On top of that, Bitcoin has strong guarantees that programs terminate quickly, while Ethereum has no such guarantees. This keeps Bitcoin nodes safer from a denial-of-service (DDOS) attack, and provides less opportunities for attackers.

Bitcoin, the most valuable cryptocurrency, is not known for its smart contract capabilities. Even though not everything that could be built on Ethereum can be built on Bitcoin, very powerful logic can nonetheless be implemented.

Smart contracts on Bitcoin

Bitcoin is the most well-known and valuable cryptocurrency. At the time of writing, it has a market cap of over USD 105 Billion. Ethereum, the second most valuable cryptocurrency, has a market cap of only 25 billion.

It does not have the full feature set that Ethereum has, but what type of logic could implemented and enforced on it? Here are a few basic examples:

Multisignature Transactions

In a typical Bitcoin transaction, an output could only be spent if the sender proves that he owns the associated private key. If this single key is compromised, anyone in possession of it can spend the output. If they key is lost, no one can ever spend the output.

To safeguard against this singular point of failure, multi-signature transactions can be used. A multi-signature address can be associated with multiple private keys. For example, a 2-2 multisig address requires two out of the two private keys to be present. In a 3-5 multisig address, three out of the five keys must sign the transaction in order for the output to be spent.

This mechanism can protect against accidental key loss or compromise, and can also be used to implement more complex logic, like a third-party escrow.

Timelocks

When you receive bitcoin in a regular transaction, you are able to spend it immediately. However, there are times where it may be useful to prevent the spending until a designated time in the future.

In late 2015, a Bitcoin soft-fork introduced the concept of timelocks with an opcode called CheckLockTimeVerify. This allowed transaction outputs to be encumbered by a timelock. When a timelock is present, the output cannot be spent until the date specified has passed.

Hashlocks

In timelocks, transactions are encumbered by date. In hashlocks, transactions are encumbered by knowledge of a secret password.

When a transaction is made to an address with a hashlock, its output cannot be spent until knowledge of the secret password is revealed.

Combinations of Above

The three examples above are known as “encumbrances.” They hinder a transaction by requiring that certain criteria be met. In multi-signature transactions, multiple private keys are required. In timelocks, an output cannot be spent until the specified date. With hashlocks, an output cannot be spent until a secret password is revealed.

These concepts may not seem that powerful when looking at them separately. However, they can be combined to produce powerful business logic. A great example of this is an atomic swap, which allows two parties to trustlessly swap coins between blockchains.

Note: Atomic swaps are out of the scope of this article, but I will be revisiting them in a future post.

TLDR;

  • Bitcoin is not known for its smart contract abilities (Ethereum is)
  • Ethereum may have a richer feature set that can implement more complex logic, but this complexity oftentimes results in more high-profile hacks.
  • Bitcoin can still be used to implement powerful smart contracts using multisignature addresses, timelocks, hashlocks, and combinations of the three.