Abstract:We consider the execution of smart contracts on Bitcoin. There, every contract step corresponds to appending to the blockchain a new transaction that spends the output representing the old contract state, creating a new one for the updated state. This standard procedure requires the contract participants to pay transaction fees for every execution step. In this paper, we introduce a protocol that moves most of the execution of a Bitcoin contract off-chain. When all participants follow this protocol, they are able to save on transaction fees, drastically reducing them. By contrast, whenever adversaries try to disrupt the off-chain execution, any honest participant is still able to enforce the correct contract behaviour, by continuing its execution on-chain.
What problem does this paper attempt to address?
The problem that this paper attempts to solve is to reduce transaction fees during the execution of Bitcoin smart contracts. Specifically, each smart contract execution step requires attaching a new transaction on the blockchain, which requires participants to pay transaction fees. When there are many execution steps in a smart contract, these fees can become very expensive. To solve this problem, the paper proposes a protocol that can move most of the smart contract execution process off - chain, thereby significantly reducing transaction fees. When all participants follow this protocol, they can save costs significantly. However, if someone tries to disrupt the off - chain execution process, any honest participant can still ensure the correct behavior of the contract by continuing to execute the contract on - chain.
### Main Contributions
1. **Off - chain Execution Protocol**: An optimistic off - chain protocol for executing Bitcoin smart contracts is designed, which can operate without changing the existing Bitcoin system.
2. **Security Analysis**: The security of this protocol is studied to ensure that, even in the presence of malicious participants, the behavior of contracts executed off - chain is consistent with that executed on - chain, and the off - chain execution steps are final and will not be rolled back.
3. **Efficiency Evaluation**: The efficiency of the protocol is evaluated. In the best case, the entire contract execution only requires attaching three transactions on the blockchain, even if the contract requires a large number of execution steps. In the worst case, two additional transactions are required compared to on - chain execution.
4. **Example Demonstration**: The application of this technology is demonstrated through a simple example.
### Technical Details
- **On - chain Contract Tree**: A contract tree is defined, where each node represents a state of the contract, and the edges represent the conditions from one state to another.
- **Off - chain Execution**: Contract execution is simulated by exchanging off - chain signatures, and transactions are only attached to the blockchain when necessary.
- **Fail - safe Mechanism**: When malicious behavior is detected, a fail - safe mechanism can be triggered to move the contract execution back on - chain, protecting the contract from malicious behavior.
### Formulas and Symbols
- **Transaction Fee**: The fixed - amount transaction fee is represented by `fee`.
- **Time Lock**: `wait:t` represents waiting for at least `t * Δw` seconds, where `Δw` is the time granularity, usually one hour.
- **Unlock Conditions**:
- `sigA`: Represents that participant A must sign the transaction.
- `rev:S`: Represents that the previously committed secret S must be revealed.
- `wait:t`: Represents that it is necessary to wait for at least `t * Δw` seconds.
Through these technologies and mechanisms, the paper successfully solves the problem of high transaction fees in the execution process of Bitcoin smart contracts, providing a new solution for the efficient execution of smart contracts.