Exploring BTCFi’s rabbit hole from the perspective of Bitcoin programmability

Written by: HTX Ventures

summary

This article starts from the feasibility and evolution path of Bitcoin programming, and systematically explores the potential and challenges of Bitcoin in the field of decentralized finance (BTCFI).Bitcoin adopts the UTXO model in architecture and forms a contract system with verification as the core through its unique scripting language and opcode.Compared with Ethereum’s smart contracts, the characteristics of Bitcoin contracts are “stateless” and “uncomputable”, which makes them functionally limited, but also have higher security and decentralized characteristics.

With the implementation of the Taproot upgrade, Bitcoin contract capabilities have been significantly enhanced.The introduction of Taproot, especially the application of MAST and Schnorr signatures, allows Bitcoin to support more complex contract logic and greatly improve privacy and transaction efficiency.These technological innovations pave the way for the further development of BTCFI, allowing Bitcoin to explore more financial application scenarios while maintaining its original decentralization advantages.

On this basis, this article deeply analyzes how Bitcoin programming supports multiple BTCFI applications.Through the interpretation of mechanisms such as multi-signature, time lock, hash lock, and other mechanisms, as well as the application of tools such as DLC, PSBT, and MuSig2, the article shows the possibility of Bitcoin realizing decentralized clearing and complex financial contracts without trust.sex.This decentralized financial system native to the Bitcoin network not only overcomes the centralized risks of the cross-chain bridge model in the WBTC era, but also provides Bitcoin holders with a more stable trust basis.

At the end of the article, the development of Bitcoin decentralized finance is not only a technological progress, but also a profound change in its ecological structure.With the emergence of new applications such as Babylon staking protocol and the launch of UTXO-native native scaling methods such as Fractal Bitcoin, the market potential of BTCFI is gradually emerging.In the future, with the rise of Bitcoin prices, BTCFI will further attract the participation of mainstream users and form a new financial ecosystem with Bitcoin as the core.The formation of this ecosystem will further evolve Bitcoin from the “digital gold” narrative and become an indispensable decentralized financial infrastructure in the global economic system.

Preface

Since the launch of the Ordinals protocol in December 2022, dozens of asset issuance protocols such as BRC-20, Atomicals, Pipe, Runes, and hundreds of Bitcoin Layer 2 networks have emerged in the market. At the same time, the community is also actively exploring Bitcoin decentralization.The feasibility of chemical finance (BTCFI).

In the last crypto cycle, WBTC came into being to attract Bitcoin holders to participate in DeFi.WBTC locks and mints Bitcoin into WBTC through a centralized custody for use in Ethereum’s DeFi protocol.WBTC’s target users are Bitcoin holders willing to take centralized cross-chain bridge risks to participate in Bitcoin DeFi.As a typical representative of bridging Bitcoin to the EVM ecosystem, WBTC implements a path to BTCFI.The EVM-based Bitcoin Layer 2 network and its ecosystem that appeared in this cycle also continues this model.Although this model has enabled WBTC to obtain a market value of more than US$9 billion in the Ethereum ecosystem, this ratio is less than 1% compared to the total market value of Bitcoin, reflecting the limitations of this model.

In contrast, if Bitcoin holders can directly participate in BTCFI with Bitcoin without cross-chain minting, while ensuring decentralized custody of funds, it will be able to attract more Bitcoin users and create a broadermarket.This requires Bitcoin programming under the UTXO structure.Just as mastering Solidity is the key to entering Ethereum DeFi, mastering Bitcoin programming is a necessary skill to enter the BTCFI market.

Unlike Ethereum contracts, Bitcoin contracts do not have computing power, and are more like verification programs connected by signatures.Although the initial application scenarios are limited, with the continuous upgrading of the Bitcoin network and the innovation of the OG community, the potential of Bitcoin programming is becoming increasingly apparent, and many research results have been transformed into the upcoming BTCFI products.

This article will explore the development path of BTCFI from the perspective of Bitcoin programmability, clarify the history and logic of Bitcoin programming, and help readers understand the actual implementation scenarios of BTCFI, and how these scenarios will affect Bitcoin holders and the entireBitcoin ecosystem.

The basis of Bitcoin contract

Satoshi Nakamoto’s Thoughts: UTXO, scripting language and operation code

https://bitcointalk.org/index.php?topic=195.msg1611#msg16111

In 2010, satoshi, Satoshi, wrote on the bitcoin talk forum:

The core design of Bitcoin will be fixed after version 0.1 is released, so I hope it will support as many transaction types as possible, but these transaction types require special support code and data fields and can only cover one special one at a timeThere are too many special situations like this.

The solution to this problem is scripts.The transaction input and output party can use scripts to compile the transaction into an assertion (script language) that allows the node network to verify, and the node verifies the assertion (script language) of the transaction to evaluate whether the sender’s condition is satisfied.

“Script” is just a “predicate”.In fact, it is just an equation where the result is either true or false.But predict is a very long and rare word, so I call it “script”.

The fund recipient will template the script.Currently, the recipient only accepts two templates: direct payment and Bitcoin address.More transaction type templates can be added in future versions, and nodes running that version or later will be able to receive them.All nodes in the network can verify and process any new transactions and put them into blocks, even if they may not know how to read them.

This design supports a variety of possible transaction types that I designed years ago.Including custody transactions, guarantee contracts, third-party arbitration, multi-party signatures, etc.If Bitcoin is so popular, these are areas we may want to explore in the future, but they must be designed from the beginning to ensure they can be achieved in the future.

Satoshi Nakamoto’s design fourteen years ago laid the foundation for Bitcoin programming.The Bitcoin network does not have the concept of “account”, only “output”, its full name is “transaction output” (TXO), which represents a batch of Bitcoin funds and is the basic unit of the state of the Bitcoin system.

When spending an output, it is to make this output an input to a transaction, which can also be said to provide funds for the transaction.This is why we say that the Bitcoin system is based on the “UTXO (Unspended Transaction Output)” model, because only “UTXO (Unspended Transaction Output)” is the metal block we can use during the transaction process.Entering a furnace, after melting, some new metal blocks (new UTXO) will be formed, and the old metal block “Transaction Output (TXO)” will no longer exist.

Each fund has its own lock script (also called the script public key) and face value. According to Bitcoin’s consensus rules, the script public key can form a verification program, namely, the public key plus the command to perform specific operations in the script.——Op-Codes, in order to unlock it, a specific set of data must be provided, i.e., the unlock script, also called script signature (scriptSig). If the complete script (unlock script + lock script + OP-Codes) is valid,The corresponding output will be “unlocked” and can be spent.

Therefore, Bitcoin script programming is to program funds and allow a specific amount of money to respond to the input specific data. By designing the script public key, opcode OP-Codes, and the interaction process between users, we canThe key state transition of Bitcoin contracts provides cryptographic guarantees to ensure the normal performance of the contract.

Here is a simple diagram of a standard P2PKH (pay to public key hash) script for Bitcoin

https://learnmeabitcoin.com/technical/script/

Suppose I want to pay 1 BTC to Xiao Ming, I need to use the UTXO that can be used in my wallet to form a UTXO with a denomination of 11 Econom, and put Xiao Ming’s public key in the lock script of the UTXO (and add the operation of checking the signature.), so that only Xiao Ming’s private key can be unlocked as the signature of Xiao Ming’s public key as the unlocking script.

To sum up, Script, that is, scripting language is a very basic programming language.It consists of two types of objects: data (Data) such as public key and signature + opcode – a simple function to operate data (the list of opcodes is as follows https://en.bitcoin.it/wiki/Script#Opcodes).

Bitcoin programming arsenal

As mentioned above, Satoshi Nakamoto initially hoped that the types of transactions that the Bitcoin network could support were custodial transactions, guarantee contracts, third-party arbitration, multi-party signatures, etc. So what are these weapons implemented, and how are they used for BTCFIWoolen cloth?

Multi-party signature (MULTISIG)

• Its lock script form is M…N OP_CHECKMULTISIG , which means that it records n public keys and needs to provide the signature of m public keys to unlock in order to unlock this UTXO.

• For example, the signature of two of Alice, Bob and Chloe (or three public keys) can cost this script, and its Script code is: 23 OP_CHECKMULTISIG, OP_CHECKMULTISIG is the opcode that verifies whether the signature matches the provided public key.

Uses include:

• Personal and corporate fund management: After setting up a 2-of-3 multi-signature wallet, funds can be used as long as two can be used. It can also prevent wallet manufacturers from committing evil. M manufacturers must conspire to withdraw funds.

• Transaction Arbitration:

• Assume that Alice and Bob want to make a transaction, such as buying ordinals NFT, but cannot make one hand and deliver the goods in the same way. So they agreed to lock the money into a multi-signature output. When Bob receives the ordinals NFT issued by Alice, and then pay the money completely to Alice. In order to prevent the situation of not paying money when receiving the goods, a third party can be introduced to form a 2-of-3 multi-signature output; when a dispute arises, a third party can be requested to come.Be fair.If a third party believes that Alice has shipped the goods, it can join forces with Alice to transfer the funds.

• As long as the third party discloses its public key (for example, TA is an oracle), both parties to the transaction can use their public key in the 2-of-3 multi-signature script to join the arbitrator, because the logged on the output on the chain isThe hash value of the script, so it can be done without the arbitrator’s knowledge, but the problem here is that third-party oracles can determine the result of a specific contract, which has certain risks. The prudent log contract mentioned laterDLC is optimized at this point to enable it to be truly used in BTCFI such as Bitcoin lending.

Time lock

Time lock is used to control the effectiveness of transactions and when an output can be spent. This is a Bitcoin script programming weapon used in BTCFI scenarios such as re-pled, pledged, mortgage loan, etc. Developers need to choose to use relative time locks (nSequence)) or absolute time lock (nLocktime):

• Absolute time lock (nLocktime): This transaction will be regarded as a valid transaction only after a certain time point and can be packaged into a block. The absolute time lock at the script level is the OP_CLTV opcode, which is verified at a certain time point.Only then can this UTXO be unlocked, such as the money can only be spent after the block height is 400,000.

• The relative time lock (nSequence) means that after inputting the transaction to create this UTXO (i.e., the preamble transaction) is confirmed by blocks, the transaction is valid and can unlock the UTXO, the relative time lock at the script level.It is OP_CSV, if this money can only be spent after 3 blocks confirmed by the block.

Hash lock (hash original image verification)

In addition, there is a hash time lock that combines hash locks (hash original image verification), which is often used in Bitcoin staking and re-staking:

• The lock script of hash lock is OP_HASH160OP_EQUAL , verify that the data in the unlock script is the original image of the hash value in the lock script

• Hash time lock contract (HTLC): If the party receiving the funds cannot provide a hash image within a certain period of time, the funds can be recovered by the payer.

Process control (parallel unlocking conditions)

The OP_IF operation code can arrange multiple unlocking paths in the lock script. As long as the conditions of any path are met, this UTXO can be unlocked.The hash time lock contract mentioned above also uses such a process to control the operation code.

After the taproot upgrade, the MAST (Merkelized abstract syntax tree) feature allows us to place different unlocking paths into different Merkel tree leaves. Babylon’s BTC staking transactions also use MAST to improve the transaction’sEfficiency and privacy are described later.

SIGHASH with information signature

Bitcoin transactions allow the use of SIGHASH tags when signing, which make additional specifications for the validity of the signature, allowing us to change parts of the transaction without invalidating the signature, expressing the signer’s expectations or delegation of the purpose of the signature..for example:

• SIGHASH_SINGLE | ANYONECANPAY Signed the input and the output with the same index number as the input. The remaining inputs and outputs can be changed, and the signature will not be invalidated.Andy can sign inputs worth 1 BTC and outputs of 100 Runes tokens, so anyone willing to exchange 1 BTC for 100 Runes tokens can complete the transaction and put it on the chain.

Other examples are taproot upgraded Schnorr signatures that can be used for discreet log contract DLC.

Limitations of Bitcoin Programmability

The basic mode of Bitcoin programming is that UTXO lock script indicates verification conditions, unlock script provides data, and the opcode in the lock script indicates the data verification program (signature verification, hash image verification, etc.). Through the verification program, the funds will beCan be spent, the core limit is:

1. There are only a few available verification programs: implementing zero-knowledge proof or other verification programs requires forking. Therefore, although the BTCFI expansion solution launched by Unisat is 100% consistent, in order to implement OP_CAT, ZK native verification OPCode and other “The controversial opcode proposal is also partly separated from the Bitcoin main network in terms of liquidity and security.

2. Bitcoin scripts do not have computing power: as long as funds can be unlocked, all funds can be used using any path. The way funds are spent cannot be limited after unlocking, which also means that it is difficult to use floating interest rate solutions in BTCFI lending projects, and can only be used.Fixed interest rate.To solve this problem, the Bitcoin community is discussing the implementation of “covenants”, which can unlock more BTCFI application scenarios through the limitations on the transaction.The BIP-420 mentioned by Taproot Wizard and OP_CAT, OP_CTV, APO, OP_VAULT, etc. are all related to this.

3. The unlocking conditions of UTXO are completely independent: a UTXO cannot decide whether it can unlock it based on whether another UTXO exists and its locking conditions. This problem is often seen in BTCFI’s mortgage lending and pledge. Some of the signature Bitcoin transactions explained later are PSBT.It is used to solve this problem.

Adjustment and evolution of Bitcoin contracts

Compared with Ethereum contracts based on computing, Bitcoin contracts are based on verification. This stateless contract has brought a lot of difficulties to us in developing BTCFI products. In the more than ten years of Bitcoin contract development, cryptography algorithms and signatures have been carried out.The wonderful use of this greatly improves privacy, efficiency and decentralization, making product-based BTCFI possible.

Prudent Log Contract (DLC): Solve the Decentralized Clearing Problem in BTCFI Scenarios

When lending, options, and futures agreements need to clear user positions based on oracle prices, it is inevitable to retain the right to operate the user’s assets, which will undoubtedly cause the user’s trust cost that the agreement will not do evil.

The discreet log contract (DLC) was introduced to solve this problem, using a cryptographic technique called adaptor signature, which allows Bitcoin scripts to program financial contracts that rely on external events and fully guarantee thatPrivacy.

It was proposed in 2017 by Tadge Dryja (research scientist) and Gert-Jaap Glasbergen (software developer) of the MIT Digital Currency Initiative in 2017 and was publicly demonstrated on March 19, 2018.

Adapter signatures allow a signature to become a valid signature only after a private key is added.The Schnorr signature introduced in the taproot upgrade is an example of adapter signature.

In layman’s terms, the standard form of Schnorr signature is (R, s), giving (R, s’) . As long as you know x is the secret value (secret), you can let s = s’ + x, and get  (R,s) .

Here is a simple example to explain how it is applied:

• Alice and Bob bet on the opposite outcome of a sports match (assuming no draw) each bet 1 $BTC, and who predicts success will win all 2 $BTC bets, and they will lock the bet on a multi-signatureIn the wallet, the wallet requires multiple signatures to release funds.

• Select an oracle and it will announce the results of the match (usually this information source is found off-chain, such as exchanges and match websites, etc.)

• The oracle does not need to know any details about the bet, or even who is involved in the DLC.Its work is strictly limited to providing results, and once an event occurs, the oracle publishes an encrypted proof called promise, indicating that it has determined the outcome of the event.

• To claim funds locked in the multi-signature wallet, the winner Alice uses the secret value provided by the oracle to create a valid private key, allowing them to sign transactions that spend funds in the wallet.

• The transaction was added to the Bitcoin blockchain to settle. At this time, since its signature is an ordinary signature, it is not obvious that this is a DLC.This is completely different from other common multi-party signature models—the content of the contract is completely open and the oracle participates in decision-making.

https://shellfinance.gitbook.io/shell

Liquidation mechanism of lending agreement

Assuming Alice takes $ORDI as collateral asset with a loan value of $0.15 $BTC , the lending position will be changed to the pending liquidation state if and only if the oracle quotes less than 225,000 sats/ordi for $ORDI.DLC allows the liquidator to liquidate the position without permission while being liquidated, and at the same time ensures that it cannot operate the user’s mortgaged assets when the price has not reached the liquidation price.In the above scenario, Alice is equivalent to making a bet with the lending agreement for the price of $ORDI:

• If the price is less than 225,000 sats/ordi, the agreement can obtain all collateral from Alice and assume the corresponding BTC debt.

• If the price is greater than or equal to 225,000 sats/ordi, nothing happens and the asset attribution remains unchanged

Then, we need the oracle to promise to publish the signature of the result with a nonce R_c s_c_1 when the price is below 225,000 sats/ordi:

• Alice and the agreement only need to create a promise transaction for the result, creating an adapter signature (R, s’), rather than a signature (R, s), which means that the signatures handed over to the other party cannot be used directly.To unlock this contract, a secret value must be revealed.This secret value is the original image of s_c_1.G, that is, the signature of the oracle.Because the oracle’s signature nonce value has been determined, s_c_1.G can be constructed.

• When the price is below 225,000 sats/ordi, the oracle will issue a signature (R_c, s_c_1). Then the protocol can complete the opponent’s adapter signature, and add its own signature to make the above transaction an effective transaction and broadcast itGo to the network and trigger the settlement effect.

• On the contrary, if the price is not lower than 225,000 sats/ordi, the oracle will not issue s_c_1, and this promised transaction cannot be a valid transaction.

Essentially, DLC allows users to make an agreement with the protocol as participants using the Bitcoin blockchain, both parties build DLC scripts by locking funds in a multi-signature address.These funds can only be used and redistributed according to a certain rule when the oracle publishes specified information at a specified time.

In this way, the lending agreement can use DLC to realize a clearing mechanism involving external price oracles without the user trusting any entity.

The lending agreements, liquidium and shell finance, which we will mention later, are both license-free decentralized clearings achieved using this technology.

The role of oracle

The oracle in DLC is used to provide a price feeding service that provides fixed frequency, and will also participate as a third party in the process of generating and publishing secret values ​​in the DLC mechanism.

At present, there is no standardized product for DLC oracle. It mainly develops DLC modules for lending protocols. Standardized oracle such as chainlink assumes the function of off-chain data feeding. However, with the launch and continuous development of DLC-based lending protocols, there are also many existing ones.The oracle project continues to explore how to develop DLC oracle.

Partially signed Bitcoin transactions (PSBT): realizes that funds under multi-party transactions are not required.

PSBT comes from the Bitcoin standard BIP-174. This standard allows multiple parties to sign the same transaction in parallel, and then merge the corresponding PSBT to form a fully signed transaction. The multiple parties here can be the agreement and the user, the buyer andSeller, pledger and pledge agreement, etc., so as long as BTCFI applications involving multiple fund swap scenarios can utilize PSBT. Most existing BTCFI projects use this technology.

Alice, Bob and Charlie have a fund that exists in a 2/3 multi-signment, and they want to withdraw the money and divide it into 3 copies. The three of them have to sign the same deal to spend this UTXO.Assuming they don’t trust each other, what do they need to do to ensure the security of their funds?

https://river.com/learn/what-are-partially-signed-bitcoin-transactions-psbts/

• First, Alice initiates a PSBT transaction as the creator, with multiple signing UTXO as input and output is the wallet address of the three people.Since PSBT ensures that no transaction except the transaction cannot call any person’s signature, Alice can send it to Bob after signing.

• Similarly, after Bob checks the PSBT, he will sign it if he feels there is no problem; after signing, he will give it to Charlie for signature and transaction release.Charlie does the same.

Therefore, partly signed means that everyone only needs to check the part of the transactions related to themselves. As long as there is no problem with the transactions related to themselves, it can ensure that there will be no problems after the transactions are on the chain.

On March 7, 2023, Yuga Labs’ Ordinals NFT auction adopted an extremely centralized hosting auction model.During the auction process, all bidding funds were required to be uniformly deposited into Yuga’s address custody, which seriously threatened the security of the funds.

https://x.com/veryordinally

Ethereum ecosystem users pointed out that Yuga’s auction incident just illustrates the importance of ETH smart contracts, but Ordinals’ developers also responded: Trustless quotation transactions based on PSBT are very useful and can achieve the goal between NFT buyers and Yuga Labs.Funds do not require custody transactions.

Suppose there is now a pair of Bitcoin NFT traders and the public key of the NFT seller is information that both parties know.When launching an NFT transaction, the buyer first writes his own UTXO input and an output that undertakes the NFT in the transaction.After the buyer constructs the transaction and signs it, he converts it into PSBT and sends it to the seller. After the seller receives the message through the agreement, the Bitcoin NFT transaction is completed.

The above whole process is completely trustworthy for both buyers and sellers.For the buyer, information such as bidding, acceptance address, etc. has been constructed in the transaction in advance. Once the change occurs, the signature will be invalid.For the seller, only if he completes the signature himself can the NFT be sold, and the price is measured by himself.

Taproot Upgrade: Open the Pandora’s Box with the BTCFI outbreak

The Taproot upgrade was activated in November 2021 to enhance Bitcoin privacy, increase transaction efficiency, and expand Bitcoin programmability.With Taproot implementation, Bitcoin can host large-scale smart contracts with tens of thousands of signers while masking all participants and retaining the size of a single signed transaction, making more complex BTCFI on-chain operations possible.Almost all BTCFI projects use the Taproot upgraded scripting language.

1.BIP340 (BIP-Schnorr): supports multiple parties to sign a single transaction, as well as the aforementioned use in the application of the Prudent Log Contract DLC, and the predetermined conditions must be met before a transaction can be executed.The amount of data they commit to Bitcoin is the same as the standard single-sign transaction data.

https://cointelegraph.com/learn/a-beginners-guide-to-the-bitcoin-taproot-upgrade

2.BIP341 (BIP-Taproot): Taproot introduces Merkle Abstract Syntax Tree (MAST), committing less contract transaction data to the chain, which allows Bitcoin to create more complex contracts, unlike existing paymentsTo script hash (P2SH) transactions, MAST allows users to selectively disclose partial scripts on demand, improving privacy and efficiency.MAST is also well used in Babylon’s BTC staking transactions, building multiple lock scripts into a transaction containing multiple scripts, with three lock scripts:

• TimeLockScript time lock, implements the staking lock function;

• UnboundingPathScript: implements the early end of the pledge function;

• SlashingPathScript Confiscation: Implement the punishment function of the system when doing evil

All are leaf nodes. Starting from leaf nodes, gradually build the binary tree as follows

https://blog.csdn.net/dokyer/article/details/137135135

3.BIP342 (BIP-Tapscript): Provides Bitcoin with an upgraded transaction programming language that utilizes Schnorr and Taproot technologies.Tapscript also allows developers to implement future Bitcoin upgrades more efficiently.

4. Lay the foundation of the Ordinals protocol:

• The Taproot upgrade also introduces the Taproot (P2TR) address, which starts with bc1p, allowing metadata to be written to spend scripts stored in the Taproot script path, but never appears in UTXO sets.

• Since maintaining/modifying UTXO sets requires more resources, this practice can save a lot of resources and add a block to store data—which means there is now room for images, videos, and even games—inadvertently letOrdinals deployment has become possible.The inscription address we commonly use is the Taproot (P2TR) address.

• Since consumption of Taproot scripts can only be performed from the existing Taproot output, the inscription uses a two-stage commit/reveal process for casting.First, in the submission transaction, a Taproot output is created for a script that promises the content of the inscription.Then, in the reveal transaction, the transaction is initiated by taking the UTXO corresponding to that inscription as input.At this time, the corresponding inscription content is disclosed to the entire network.

• The emergence of new assets such as Ordinals BRC-20, ARC-20, Runes has also kept Taproot’s transfer adoption rate basically at around 70%.

Ordinals and Brc20: Create a batch of blue chip assets for BTCFI, opening the door to indexer-based programming

Ordinals has realized the desire of Bitcoin OG to buy and buy on the Bitcoin main website, and its popularity market value has exceeded that of Ethereum NFT.

• Ordinals was proposed in January 2023 by Bitcoin core contributor Casey Rodarmor, whose core is ordinal theory, aiming to give Bitcoin’s smallest unit, Sats, with unique identification and attributes, transforming it into a unique non-fungibleTokens (NFTs), by inscribed with diverse data (pictures, texts, videos, etc.), the Ordinals protocol realizes the creation and transaction of Bitcoin NFTs.

• This process not only increases the use of Bitcoin, but also allows users to create and trade digital assets directly on the Bitcoin blockchain.The permanent value lies in that Ordinals is created based on Bitcoin’s Sora, whose basic value is connected to Bitcoin itself and will not theoretically return to zero.

BRC-20 is a token system that records on-chain, off-chain processing, using ordinal inscriptions of JSON data to deploy token contracts, mints and transfer tokens.

• It treats the inscription as an on-chain ledger to record the deployment, minting and transfer of BRC-20 tokens.

• In settlement, it is necessary to search for Bitcoin blocks through off-chain query, rely on third-party indexing tools to record the deployment, minting and transfer operations of all BRC-20 tokens to query the final balance of BRC-20 tokens for each user.This may cause different platforms to have different results for a certain account balance query.

Ordinals and Brc20 not only provide transaction requirements and blue-chip assets for BTCFI, but also provide many BTCFI projects with new ideas to improve Bitcoin contract capabilities. Json’s “op” field combination can further evolve based on inscriptions.Defi, even socialfi and gamefi, including AVM, tap protocol, brc100, unisat swap functions, and many projects that propose to build smart contract platforms in the first layer of Bitcoin use indexer-based programming solutions.

MuSig2: Decentralized mode to play Bitcoin Restaking and LST

The multi-signature scheme enables a group of signers to generate a joint signature on the message. MuSig allows multiple signers to create an aggregated public key from their respective private keys and then jointly create a valid signature for the public key, which is a Schnorr signature.As we mentioned earlier, the standard form of Schnorr signature is (R, s), giving (R, s’) . As long as you know x is the secret value (secret), you can make s = s’ +x, the result is (R, s), which is used here to generate the aggregate public key and valid signature, and is also the private key plus a random number nonce value.

The MuSig2 solution only requires two rounds to complete multi-signature. The aggregated public key created in this way is indistinguishable from other public keys, which improves privacy and significantly reduces transaction fees. Taproot is upgraded to compatible with the Musig2 multi-signature solution, and its BIPThe proposal was released in 2022 Bitcoin BIP-327: MuSig2 for BIP340-compatible Multi-Signatures.

Liquid staking on Ethereum can be implemented through smart contracts. Bitcoin lacks the contract capability required to implement liquid staking. As mentioned above, Bitcoin giant whales generally hate centralized custodians and need MuSig2 to implement it.For centralized liquidity staking of Bitcoin, let’s take Shell Finance’s solution as an example:

• The user and Shell Finance calculate the address P of an aggregated public key and the corresponding MulSig2 multi-signature address P based on both parties’ private key data and two nonce random numbers generated by the wallet.

• PSBT transactions are constructed by Shell Finance. The user and Shell Finance assets are pledged from the multi-signature address P supported by MuSig2 to Babylon. The wallet party once again provides nonce random number support, and pass in the aggregate public key corresponding to the multi-signature address.

• When the Babylon staking time ends, the PSBT is constructed by Shell Finance to unlock the transaction, and the user and Shell Finance jointly sign the staking assets.

The third-party wallet that generates the random number of nonce, the pledge user and the LST project party jointly create the aggregation public key and signature. In this process, both the user and the project party can only keep a private key, and nonce value cannot generate an aggregation.Public key and signature to retrieve funds; while wallets cannot use funds without private keys.If the nonce value is generated by the project party itself, the project party is at risk of doing evil and users need to pay attention.

Unpublished technical documentation: No public source

Current BTCFI application scenarios

Bitcoin programming is not complicated, it is even much simpler than Rust, the focus is on creating verifiable, trustworthy promises and able to provide superior technical security than Ethereum, which draws on the development of BTCFIAfter setting the boundary, the most difficult thing is what kind of BTCFI products that can be developed within the boundary that are PMF (project market fit). Just like when the Ethereum solidity contract was first launched, developers didn’t know that they could use it to develop x*yThe amm algorithm of =k is the same, but first chooses to explore from the directions of ICO, order sheet, point-to-point lending, etc.

Fluid cardiogenic: Babylon – Catfish in BTCFI

Babylon has built a staking protocol that has no middlemen without trust. It can pledge a layer of Bitcoin directly and obtain interest-generating income. At the same time, it can withdraw Bitcoin security and share it with the POS chain. As a common shared security layer,cosmos and other Bitcoin layer2 provide POS security guarantees and share Bitcoin economic security.

• Absolute security: BTC staking has a significant advantage over other staking forms, that is, when the protected POS chain is attacked and crashed, its impact will not affect the staked Bitcoin.Specifically, if a POS chain is attacked and its token value is zero, users holding the POS chain token will face losses; however, in the case of BTC stake, even if the protected POS chain is attacked and failed, the user’s Bitcoin principal is still safe and lossless.

• Confiscation mechanism: If a user commits evil behavior such as double signing on a PoS chain that is rented by Babylon, then through EOTS (extractable one-time signatures, you can extract signatures at one time), this part of the assets can be unlocked and theThe execution role in the network forces a portion of the assets to the burning address.

https://docs.babylonchain.io/papers/btc_staking_litepaper(EN).pdf

At present, the Babylon main network has been launched and has completed the first phase of 1,000 BTC pledges, and will be launched in the second phase soon.

https://btcstaking.babylonlabs.io/

Currently, the first phase of the BTC pledged is mainly large investors, with gas payment accounting for 5%. There may be more retail investors joining in the second and third phases.

Attracting huge amounts of BTC to join BTCFI for the first time:

• Although Babylon cannot provide the ETH-based returns of POS itself like Ethereum, it is not expected to have high returns, and it takes security as the priority, and is unwilling to accept cross-chain wrap and other solutions. The lazy Bitcoin bigwig miners are even optimistic.The 3-5% APY of the Bitcoin ecosystem is also attractive. When the total deposit amount is 100,000 BTC, it only takes more than 100 million US dollars of equivalent token income to be satisfied.

• The Cosmos ecosystem that Babylon currently actively cooperates with includes well-known projects such as Cosmos Hub, Osmosis, and Injective, allowing them to become AVS in the future and provide their own tokens as rewards for Bitcoin re-stakeholders, which can further open up Babylon’s BTC deposit limit.

Babylon injects a lot of liquidity into the development of BTCFI ecological, educates users and stimulates ecological vitality

• The ETH ecological ecosystem also has successful narratives similar to Restaking, such as Defi, Layer2, and other Restaking. This is the first time that Babylon has allowed the Bitcoin main network to be pledged and interest-generating gameplay. Most Bitcoin holders are unwilling to take risks to custody.And cross-chain, this is equivalent to allowing them to experience BTCFI for the first time. In addition, perhaps they may further experience LST and other gameplay.

• Babylon ecosystem has dozens of projects such as StakeStone, Uniport, Chakra, Lorenzo, Bedrock, pSTAKE Finance, pumpbtc, Lombard, Solvbtc and other LST tracks. There are also various Defi projects, which are difficult to obtain the initial TVL.Ecological projects can use Babylon’s BTC staking to attract a batch of BTC with LST, and their LST assets can also be used in their own ecological business.

• Since the income generated by Babylon is denominated in token form rather than BTC/ETH, this attracts only limited opportunities for giants. The overall pattern will not be as centralized as ETH stake. On the contrary, because the profits generated by its tokens are not certain, it canThere is an opportunity to capture land in early-stage entrepreneurial projects that have taken a different approach.

Bitcoin main network is expected to produce multiple blue chip LST assets, raising demand for BTCFI

Babylon has created a new track for native BTC staking and interest generation, allowing the main network BTC, which has a large scale application scenario for the first time. A large number of pledged BTCs have derived a large number of liquidity staking tokens, and these stakings derived from these BTCsVouchers can become natural blue-chip collateral in scenarios such as mortgage lending, so that lending, stablecoins and Swap, that is, BTCFi, can be developed in a conditional manner based on Bitcoin native assets.

• The core reason why BTCFi is difficult to develop is that the Bitcoin main network has long lacked high-quality assets, which directly leads to the lack of collateral for borrowing and lending, the lack of transaction exchange demand for swaps, and the lack of depth in the pool.Currently, the blue-chip assets of the Bitcoin main network are only sats and ordi in brc20 and node monkey in ordinals NFT.

• But if part of the pledge volume in Babylon can be derived from liquidity staking tokens, just like the steth issued by lido on Ethereum, it can become a collateral for loans such as aave, compound, etc., and form an extremely high transaction depth in uniswap, BTCFi will be availableDevelopment conditions.

• Just imagine, perhaps many pledgeeers hope to lend BTC through the liquidity staking token, or to pledge nesting dolls, or to hedge risks.

Innovation on the asset issuance side: two major DEXs, Unisat and Magic Eden, are about to be launched

https://docs.unisat.io/knowledge-base/brc20-swap-introduction

https://magiceden.io/runes/DOG%E2%80%A2GO%E2%80%A2TO%E2%80%A2THE%E2%80%A2MOON

• Unisat’s brc20 swap will be launched in September, and it also supports Renes by mapping Runes to brc20. You can issue and trade tokens by adding liquidity pools in the future. There is no need to raise gas mint tokens, or trade NFTs likeTrading token inscriptions can realize batch trading.

• Magic eden’s runes dex will also be launched in Q4 this year.

The fully BTC native point-to-pool lending stablecoin protocol will be online

Liquidium is a borrowing and lending that is fully built on the Bitcoin main network, through the aforementioned partially signed Bitcoin transactions (PSBT) and the cautious log contract DLC, specifically:

• The lender fills in the offer, including LTV, the debt quantity/collateral ratio, interest, floor price and other indicators, and deposits it into Bitcoin.

• Borrowers choose lenders based on offer on the platform and deposit NFT or Runes assets.

It went online in October 2023, and it received 2,227 BTC transaction volume in less than a year after it went online, indicating that there is a demand for BTCFI lending on Bitcoin main network assets.

https://dune.com/shudufhadzo/liquidium

The core problem is:

• Inefficient capital utilization: If the borrower has not taken the initiative to take the offer, the lender’s Bitcoin will be idle, and each order is cancelled and placing an order will also require fees. In other words, it does not have the order matching function, and there is a discovery process.

• Point-to-point liquidation: The liquidator here has and only the borrower and lender, and no one else can be allowed to participate.

• Once NFT or RUNES falls below the borrowing value under LTV, the lender will not repay the loan, so the person who provides the offer can only get nft or runes, which is equivalent to taking the risk of a decline.

• From another perspective, as long as the borrower’s NFT or RUNES falls, the TA will either repay the loan immediately or lose the NFT or RUNES, which is also very unfair to the borrower.

• In order to prevent the borrower from repaying the loan, the loan date (Term) can only be limited to more than ten days, and the APY is very high.

https://liquidium.fi/

Perhaps this is why Ethlend, the predecessor of AAVE, is difficult to develop continuously, and peer-to-peer lending is too difficult to achieve continuous scale.

Shell Finance uses the synthetic stablecoin $bitUSD to gather liquidity in lending and liquidation scenarios to the greatest extent, realizing the Bitcoin version of point-to-pool lending. The forward flywheel of $bitUSD loan repayment is expected to achieve a stronger scale in the future.effect.

In the process of clearing and building transactions, prudent contract DLC and partially signed PSBT are also used to realize the need for custody and decentralized clearing of loan collateral and funds. Specifically:

• Borrowers can pledge Ordinals NFT, BRC-20 and Runes assets on the platform (in the future, they will also support other assets on the first layer of Bitcoin such as assets issued by Arch network and RGB++ mapped assets) and borrow the synthetic asset $bitUSD.

• Build a BTC/BitUSD trading pair liquidity pool in swaps of unisat and magic eden, where the borrower can convert the synthetic asset $bitUSD into BTC, and LP can obtain fee income in the borrower’s redemption.

• When repaying the loan, the borrower needs to return BitUSD to the agreement, and at this time there is a need to exchange BTC to BitUSD.

https://shellfinance.gitbook.io/shell

• During liquidation, it is also liquidated for BitUSD, and anyone can participate in the liquidation of the positions to be liquidated.When a vault is liquidated, the liquidator needs to pay the debt and retrieve the corresponding mortgaged assets. The price difference between the mortgaged assets and the market net value is the liquidator’s income.Taking a loan with a collateral of 30 $ORDI and a loan of $600 $BitUSD as an example, the main process of liquidation of its position is as follows:

• When the price drops below USD 28.5, LTV is below 80%.Therefore, the position reaches the liquidation line and the position opens the liquidation state;

• For the current mortgage asset value of USD 855, a 48-hour Dutch auction will be opened.Bidders need to provide $BitUSD to obtain the asset to be liquidated, with a starting price of 855 BitUSD and a termination price of 600 BitUSD, and the auction price decreases linearly over time.

• When the liquidator liquidates through the Dutch auction, the liquidator enters 700 BitUSD priced through the auction, and the remaining 100 BitUSD after deducting the 600 BitUSD debts that need to be repaid will be included in the insurance fund.

• After checking the transaction information of the liquidator, add the collateral assets to the PSBT, and the liquidator can obtain 30 Ordi collaterals in the vault.

• Shell Finance Departure Oracle reveals the “Secert Secret Value”, which can complete the signatures of participants (lender and agreement owner), thereby performing the operation of transferring the collateral from the vault to the liquidator’s address. Price OracleThe corresponding DLC ​​process will be automatically closed

https://shellfinance.gitbook.io/shell

At the same time, we can find that Shell finance can make bulk loans, and its APY is only 10%, which can support more long-term loans.

As mentioned earlier, Shell finance is still doing Bitcoin LST through MuSig2, using LST assets as a new collateral, and then giving BitUSD to the stakeholder, which has expanded the application flywheel of BitUSD and increased the project limit..

A batch of BTCFI expansion solutions based on UTXO are launched

The Bitcoin community generally believes that the EVM-based BTC Layer2 has low innovation and upper limit, but if you want to explore more complex BTCFI, you need stronger Bitcoin contracts. Many Bitcoin developers have launched native, UTXO-based expansion solutions., according to the UTXO model, we innovate the BTCFI model, based on whether these expansion plans are settled on the Bitcoin main network,

• If you settle on the Bitcoin main network, you can reuse the liquidity of the main network and you can directly be compatible with assets such as Runes without cross-chain.

• If you do not settle on the Bitcoin main network, you need to recharge assets across chains.

BTCFI expansion plan for Bitcoin main network settlement

Arch Network: Building a smart contract network with expanding computing power as the core

Arch utilizes a decentralized validator node network and a Turing-complete zero-knowledge virtual machine (zkVM) outside the Bitcoin main network, which can integrate with the Bitcoin main network, which enables it to work with the Bitcoin main network.Share liquidity in the network, and compatible indexers can integrate Runes and other asset protocols:

• ZKVM: After each smart contract is executed, Arch zkVM generates ZK proofs, which are used to verify the correctness and state changes of the contract.

• Decentralized Network: The generated ZK proof is then verified by Arch’s decentralized validator node network.The network plays a crucial role in maintaining the integrity and security of the platform.By relying on a decentralized architecture, Arch is committed to ensuring that the verification process is not only safe but also resistant to censorship and center-point failures.

• Integration with Bitcoin Layer 1: Once the ZK proof is verified, the validator network can sign unsigned transactions.These transactions, including state updates and asset transfers determined by application logic, are eventually passed back to Bitcoin.This final step completes the execution process, and all transactions and status updates are directly finalized on the Bitcoin blockchain.

• UTXO Model: Arch’s state and assets are encapsulated in UTXO, and state transitions are performed through the concept of a single use.The status data of the smart contract is recorded as state UTXOs, while the original data assets are recorded as Asset UTXOs.Arch ensures that each UTXO can only be spent once, providing secure state management

• DeFi applications that are expected to be compatible with Bitcoin mainnet assets, such as lending and decentralized exchanges, can be built on Arch.

https://arch-network.gitbook.io/arch-documentation/fundamentals/getting-started

AVM: Indexer-oriented programming implementation BTCFI representative

AVM provides Atomicals with an advanced execution environment that can handle smart contracts and dApps by introducing a sandbox environment with its own indexer, sandbox parser (instruction set), and global Database (database).Customize the instruction set, while reducing Gas fees, optimizing state transition capabilities to increase parallel processing capabilities, thereby increasing throughput and scalability.At the same time, AVM enables interoperability and cross-chain communication.

• The sandbox operation environment, the entire simulator is in a controlled isolated environment, so that the execution in the sandbox and the execution outside the execution do not interfere with each other;

• State hash allows participants to verify that the state of their indexer is correctly synchronized, preventing potential aggression from inconsistent states.

AVM enables the Atomicals protocol to perform various BTCFI tasks, not just the simple token issuance mechanism before.

BTCFI expansion solution based on UTXO binding but not settled on the Bitcoin main network

Fractal Bitcoin: Using the existing Bitcoin architecture to expand the BTCFI system in parallel

https://fractal-bitcoin.notion.site/Fractal-Bitcoin-Public-b71cbe607b8443ff86701d41cccc2958

Fractal Bitcoin is a self-replicating expansion method that can run one or more independently by encapsulating the entire Bitcoin Core into a deployable and runable blockchain package called Bitcoin Core Package (BCSP).BCSP instance and is associated with the Bitcoin main gate through recursive anchoring.

Fractal Fractal produces a block in 30 seconds. From this perspective, it can be 20 times faster than the Bitcoin main network that produces a block in 10 minutes. It supports and compatible with all protocols on the main chain (such as Ordinals and brc-20), andThe main chain runs synchronously at different physical settlement rates, and the main network miner can mine a Fractal block every 90 seconds.Meanwhile, fractal retains the ability to settle and anchor through inscriptions on the main network.

• On the one hand, Fractal is relatively consistent with the main chain consensus and is easy to communicate at the protocol level.

• On the other hand, we were able to get rid of the physical constraints and historical burdens of the main chain, and some codes that once existed in history but no longer had practical significance. On the premise of retaining a complete consensus, the implementation of the system was streamlined and a more conciseLightweight implementation.

• Opcode proposals such as OP_CAT will be implemented faster than the BTC main network, which is consistent with the basic path of Bitcoin upgrade, but the upgrade speed is faster. In the future, the inscription BTCFI contract can be implemented through scripts.

https://fractal-bitcoin.notion.site/Fractal-Bitcoin-Public-b71cbe607b8443ff86701d41cccc2958

Mining incentive model

Fractal’s tokens are 50% produced by mining, 15% distributed to ecological projects, 5% distributed to investors, 20% distributed to consultants and core contributors, and 10% used to establish partnerships and liquidity, which shows its economic model.Closely related to miners.

Fractal innovatively adopted a mining method called “rhythm mining”. Specifically, 2/3 of the blocks are produced by free mining, while 1/3 of the blocks are mined by joint mining. ASICMiners and mining pools can use existing mining machines to mine the main Bitcoin network while mining Fractal, that is, to incentivize miners through Fractal Bitcoin revenue, while using their computing power contribution to protect the network from potential 51% attacks.

Ecological progress

The main network of Fractal Bitcoin will be launched on September 9. There are already many NFT projects in the ecosystem, such as Fractal Punks, honzomomo, Nodino, FractalStone, Fractal Puppets, MEBS, asset issuance platform satspump.fun, AMM pizzaswap, and chain game infrastructure UniWorlds, NFT generation platform InfinityAI and other projects.

Fractal Bitcoin will directly activate OP_CAT when the main network is online.The combination of OP_CAT and Fractal’s high capacity will enable complex Bitcoin applications.

In terms of asset migration, BTC and other mainnet assets can also exist on Fractal Bitcoin as brc-20 package assets.

https://unisat-wallet.medium.com/2024-07-unisat-swap-product-important-update-e974084074a1

In general, compared with the Bitcoin main network focusing on high-value assets, Fractal Bitcoin focuses on the storage location of secondary important assets, providing a soil for asset innovation and application innovation, but whether Fractal Bitcoin can have blue-chip assets and high-quality applications is still available.To be seen.

RGB++: Development of UTXO models unique to BTCFI

RGB++ uses Turing’s complete UTXO chain (such as CKB or other chains) as shadow chains to process off-chain data and smart contracts, further improving the programmability of Bitcoin.

The UTXO of the shadow chain and the UTXO of Bitcoin are isomorphic binding to ensure the consistency of state and assets between the two chains and ensure security.Therefore, RGB++ can support assets of Bitcoin main networks such as Runes, and RGB++ assets can also be mapped directly to the Bitcoin main network and expanded to all Turing-complete UTXO chains.

https://github.com/ckb-cell/RGBPlusPlus-design/blob/main/docs/light-paper-en.md

RGB++ fully utilizes the advantages of the UTXO model and can realize many unique BTCFI functions:

• Bridgeless cross-chain Leap is achieved through UTXO isomorphic binding: assets on RGB++ can jump back and forth between Bitcoin main network and L2 or L2, which does not require relying on the Lock-Mint paradigm of traditional cross-chain bridges., can avoid many risks of traditional cross-chain bridges, and also have great advantages in cross-chain response speed and liquidity aggregation, which can bring great convenience to the Defi ecosystem.

• The UTXO trading model is very suitable for Intent-driven trading scenarios: just sign and output information in a transaction to submit the desired input and output information on the link to verify, such as UTXO input and an output that undertakes asset purchases to bid for asset transactions.Don’t worry about the details of the transaction in the middle.

• UTXOSwap has been launched on the main network: the actual experience is almost no different from Uniswap.UTXOSwap divides each transaction into two steps. The first step is that the user submits his intentions to the chain. The second step is that Aggregator aggregates everyone’s intentions, and after the merger, a transaction is initiated to interact with the liquidity pool.

• UTXO has a mechanism for nesting contract scripts. It only takes one operation to generate a series of transactions continuously, simplifying the user’s user submission process: the output result of the previous transaction can be directly used as the input parameter of the next transaction, so it canQuickly generate a batch of transaction instructions that connect to each other at the beginning and end.

Summary: BTC has entered the mainstream market, and the future surge in prices will eventually drive the development of BTCFI

Although we may feel pessimistic about BTCFI due to the current depression in the inscription market and the decline in Bitcoin, it is important to remember that the biggest difference from other ecosystems is that Bitcoin will continue to rise in the future and will continue to attract new retail investors.Bitcoin has become a high-frequency word in this year’s US election. The United States will legalize Bitcoin as the Federal Reserve and Russian mining in the future. The mainstream society is actively embracing Bitcoin. Nashville’s Bitcoin conference has children.Mom and every Uber driver have or are ready to become Bitcoin holders as a safe haven asset.

When Bitcoin breaks through a new high, various Bitcoin-denominated assets in the Bitcoin ecosystem will also rise, which will naturally stimulate the market use demand of BTCFI, such as lending funds to mortgage assets to buy more new assets; such as trying to take them outstaking.

There is another fact that is easily overlooked:

• In the last two cycles, Ethereum assets such as ICO and NFT are strong cultures. New crypto users may see celebrities sending NFTs into the circle, and they often choose to use Ethereum wallets such as metamask and are also used to buying Ethereum.Used for airdrops, memes and other interactions, idle Ethereum is used to participate in Defi.

• In this cycle, Bitcoin has become a strong culture. Users may see Bitcoin elements entering the circle in the US election. In the future, Bitcoin may continue to break through new highs and lower levels and enter the circle. They often choose to use Unisat and other bits first.They may also use their idle BTC to participate in BTCFI.

There are always people who think that Bitcoin should return to the narrative of digital gold, but after the Taproot upgrade and the ordinals protocol came out, newly entered retail investors and Bitcoin OG, who are interested in new use cases, have become a powerful new force.Will stand at the forefront of BTCFI innovation, constantly attract new Bitcoin holders and educate other Bitcoin big players and miners.