but BitVM design is optimistic, do you really see this as good as the real thing? e.g. verifying a SNARK proof onchain vs never actually verifying it but instead rellying on someone challenging in case someone tries to fraud ...
This is an interesting article: https://dba.xyz/a-bitcoin-l2-thesis/
But I have two objections.
#1: the author accuses bitcoin of having a "lack of programmability." It doesn't. Bitcoin Script is computationally universal because it has all the logic gates, and the bitvm whitepaper proved that you can get around the script size constraints by transporting state from one transaction to the next. So bitcoin script is fully programmable: anything a real computer can do, bitcoin script can do. It just requires lots of transactions (i.e. it's expensive).
#2: the author ignores the lightning network on the grounds that he wants to "mostly focus on fully programmable L2s."
But the lightning network is just as programmable as bitcoin is. A lightning transaction is just a bitcoin transaction that you haven't broadcasted yet. So you can do just as much programming therein as you can do in a "regular" bitcoin transaction, and even create a bitvm-like chain of transactions executing a complex program, all built on a lightning transaction and therefore on a layer 2.
I want to see work done in that direction.
Discussion
I think optimistic protocols are fine as long as you yourself can prevent fraud from happening against you by doing the verification yourself.
The lightning network is a good example of an optimistic protocol. My counterparty can *try* to broadcast a channel closure transaction containing old state, but I am optimistic that he won't, because whenever he broadcasts a transaction, *I* verify that it contains the current state, and if not, I take his money.
I think bitvm can be like that. Someone can *try* to finalize a bitvm contract without running the bitvm program correctly, but I am optimistic that he won't, because whenever he broadcasts a finalization transaction, *I* can verify that it produces the right result, and if not, I take his money.
right, very good point, in the BitVM context it would then mean that it should be made simple to let a challenger program running on a server at home I imagine?
I don't think it really needs to be a server. Lightning wallets only need to get online every 2 weeks or so to ensure their counterparty isn't cheating. I think a bitvm wallet could do the same thing. As an (occasional) bitvm dev, I want to ensure my bitvm programs use a 2 week timelock to give users time to (1) open their device and check that the program was executed correctly (2) and penalize their counterparty if they ran it wrong.