Yeah but without the "forced purchase" part

Yes, I've seen it. I think it needs some adjustments. The sha256 algorithm requires you to "pad" your input to a multiple of 512 and I don't think this implementation does that. I'll need to write a circuit that does that, then I can pass the result to this function.

You have to upload the results file to the Vicky page, then she can immediately spend the money if she detected an error

this very minute...hang on a second...just a few more...ok, done! Bitvm is live on mutinynet now

As of today, my bitvm implementation supports adding 32 bit numbers. AND you can play with it online! (Testnet only.) Want to run #bitvm? Just visit this site!

https://supertestnet.github.io/tapleaf-circuits/

Note: after reviewing the sidechain's whitepaper again, I saw that it does *not* ignore the "miners can steal" problem. It discusses it at considerable depth in section 4.2 and offers 4 possible mitigations. Still, I like how bip300 handles this better.

I do not think you can build something exactly equivalent to a drivechain using BitVM. We came up with a few ideas for a form of SPV sidechain. I'm not confident that any of them work, but I think we are close. With a few refinements on our initial ideas, we very well might get something workable.

An SPV sidechain is a kind originally proposed in this 2015 whitepaper: https://blockstream.com/sidechains.pdf

They were thought to require a soft fork. Maybe not anymore. In comparison to a drivechain, an SPV drivechain is probably slightly worse. SPV sidechains rely on an assumption that underpins both bitcoin's doublespend protection and bip300's hashrate escrow: the assumption that 51% of miners will not collude to steal.

However, an SPV sidechain, this assumption is implicit (not explicit) and it does not provide the 3 month buffer that drivechain provides. Miners can "quickly" steal from an SPV sidechain but the whitepaper ignores this because it assumes miners will not do that.

To me there is a sense in which that makes an SPV sidechain slightly worse that a drivechain. Still, I'll happily take what I can get. If we can think of a way to do SPV sidechains via BitVM, I'll get for it, but I'll still want drivechains because I think they are still a slight improvement. Maybe like a 4% improvement.

Not due to miniscript, no, but bitcoin originally had a function called OP_CAT which was like the heavyweight champion of expressive scripting. It was removed along with a bunch of other powerful functions after a bug was found in one of them that allowed someone to create 1 billion bitcoins in a wacky transaction

We wrote a fraud proof system in bitcoin script using only the boolean logic gates, hashlocks, and timelocked. Then we wrote a function that does two things: first, it processes any boolean circuit (i.e. anything that a microchip can process), and second, it converts it so that our fraud proof system can falsify it if it runs incorrectly. Then we wrote a third function: it finds each logic gate in our falsifiable circuit and separates the whole thinf into individual tapleaves in a massive taproot tree, where the connections between circuits are preserved through hashlocks. Finally we made it so that each circuit *also* has a javascript equivalent.

With all of this in place, the prover can run the program in it's javascript circuit form, take the outputs, and send them to the verifier, along with the data he passed into the program. The verifier can then rerun the program, and if any logic gate gives an output different from the one the prover committee to, the verifier can demonstrate the error in the corresponding tapleaf, and take the prover's money.

Sooner thank you think! Here's a WIP implementation that I prepared to launch alongside the whitepaper:

https://github.com/supertestnet/tapleaf-circuits/

> I don’t need to play chess on chain

Then don't

> I need my money to be secured

No worries, bitcoin remains exactly as it was before

BitVM lets us take powerful programs created outside of bitcoin and, inside a bitcoin transaction, check that someone executed the code properly, or penalize them if they did not. The code can be anything. You can send someone sats only if they prove they won a game of chess. You can send someone sats only if they prove they gave your a corresponding amount on a sidechain. You can do covenants with it, sidechains, gambling, and fancy defi-like stuff. All without a soft fork.

I think they'd be more like ethereum's rollups than bip300's drivechains

But yeah a sidechain is a sidechain

How long to a trillion?

This is how long it took the US government to rack up its trillions in debt:

1 trillion: 1776-1981 = 205 years

2 trillion: 1981-1986 = 7 years

3 trillion: 1986-1990 = 4 years

4 trillion: 1990-1992 = 2 years

5 trillion: 1992-1996 = 4 years

6 trillion: 1996-2002 = 8 years

7 trillion: 2002-2004 = 2 years

8 trillion: 2004-2005 = 1 year

9 trillion: 2005-2007 = 2 years

10 trillion: 2007-2008 = 1 year

11 trillion: 2008-2009 = 1 year

12 trillion: Q1 2009 - Q4 2009 = 9 months

13 trillion: Q4 2009 - Q2 2010 = 6 months

14 trillion: Q2 2010 - Q4 2010 = 6 months

15 trillion: 2010 - 2011 = 1 year

16 trillion: Q4 2011 - Q3 2012 = 9 months

17 trillion: 2012 - 2013 = 1 year

18 trillion: 2013 - 2014 = 1 year

19 trillion: 2014 - 2016 = 2 years

20 trillion: 2016 - 2017 = 1 year

21 trillion: 2017 - 2018 = 1 year

22 trillion: 2018 - 2019 = 1 year

23 trillion: Q1 2019 - Q4 2019 = 9 months

24 trillion: Q4 2019 - Q2 2020 = 6 months

25 trillion: Q2 2020 - Q2 2020 = 0 months

26 trillion: Q2 2020 - Q2 2020 = 0 months

27 trillion: Q2 2020 - Q4 2020 = 6 months

28 trillion: Q4 2020 - Q1 2021 = 3 months

29 trillion: Q1 2021 - Q4 2021 = 9 months

30 trillion: Q4 2021 - Q1 2022 = 3 months

31 trillion: Q1 2022 - Q4 2022 = 9 months

32 trillion: Q4 2022 - Q2 2023 = 9 months

33 trillion: Q2 2023 - Q3 2023 = 3 months

Source: https://fred.stlouisfed.org/series/GFDEBTN

Bitcoin is patient, bitcoin goes up. It envies not altcoins, it boasts not its greatness, it never has pride. It does not dishonor nocoiners, it does not seek recognition, it never angers at volatility, it keeps no false records. Bitcoin does not delight in evil but sticks with the truth. It always protects, always verifies, always grows, always perseveres.

Bitcoin never fails. But where there are dips, they will cease; where there are lies, they will be rejected; where there are counterfeits, they will pass away. When satoshis are sent, we know not how they are locked, but when their signature comes, their lock becomes apparent. When I was a nocoiner, I talked like a nocoiner, I thought like a nocoiner, I reasoned like a nocoiner. When I found bitcoin, I put the ways of nocoiners behind me. For bitcoin brings liberty; soon the whole world shall have financial freedom. Today I shall hold; soon I shall also spend, when bitcoin is fully accepted.

For now these three remain: bitcoin, its scripts, and its blockchain. But the greatest of these is bitcoin.

Sadly many people *prefer* custody rather than self sovereignty.

"the strongest force against the distribution of ownership in a society already permeated with Capitalist modes of thought is still the moral one: Will men want to own?"

-Hilaire Belloc, The Servile State

https://twitter.com/ArkhamIntel/status/1705254948324233270

Ultimately it’s good for the network for mining to be expensive. It makes it that much harder for a well financed attacker to dominate the network.

H/T Hal Finney

Oh ok, so it sounds like the game travian involves moderated communities containing guilds and marketplaces, and it sounds like each community can interact with others. With bitpac you can create guilds, with magic webstore you can create marketplaces, but to recreate travian on bitcoin we still need moderated, interactive communities. Is that right?

I don't know what gilda or travian are

You forgot a few:

"doesn't exist"

"is imaginary"

I don't know what that means