Practical MPC on Bitcoin Today

We introduce an efficient protocol for multiple parties in a secure computation (MCP) to exchange their secret inputs fairly. By fairness, we mean the following two guarantees:

  1. An honest party following the protocol/contract faithfully never loses deposit, if any.
  2. If a malicious party deviating from the protocol obtains all secrets and can thus compute the output, he shall compensate all honest parties.

Allowing all inputs to be collected securely and economically, this opens the door for all kinds of MPC to be conduct on Bitcoin, without relying on the cooperation of all parties.


Previously, we introduce how to conduct MPC…

How Off-Chain Honesty Saves On-Chain Computation

We introduce a generic approach to skip on-chain computation in Bitcoin smart contracts, while ensuring security in the presence of malicious parties. In this approach, honest contracting parties can reach agreements peer to peer off chain and opportunistically decide to short-circuit complex computational alternative.

Outsource Example

Alice asks Bob to compute an input/witness x which makes function f(x) return true. For example, f can be a hash puzzle, a solution to a Sudoku puzzle or a Travelling Salesman Problem (TSP). If Bob can provide x, he is paid in Tx1 as shown below. Otherwise, Alice can cancel and get her fund back…

Fair coin toss without deposit

In the previous article, we generalize Bitcoin smart contracts to include optional off-chain validation part, besides the conventional on-chain part consisting of Bitcoin Script. We applied the concept on a fully on-chain coin toss, by disincentivizing parties from aborting using deposit.

In this article, we implement an alternative contract for achieving fair coin toin as developed in reference¹. It acts as another example of how to design such hybrid smart contracts with on-chain and off-chain parts. Smart contract is defined as a protocol where distrusting parties can transact per their mutual agreement securely, without a trusted third party. …

Trustless contracting by combining on-chain and off-chain transactions

We introduce a completely new way to designing smart contracts on Bitcoin. In all our previous contracts, everything is embedded in Bitcoin Script and validated by miners. In the new approach, we combine previous contracting with transactions/contracts held and validated off chain. Surprisingly, it can maintain the trustless nature of on-chain contracts, while being drastically more efficient and private. We exemplify the general idea by improving a fair coin toss contract.

Practical Fair Coin Toss

Using a hash-based commitment scheme, we introduced a contract to achieve fair coin toss without a trusted third party. There is a caveat for it to be practical. …

Using Singular Value Decomposition as an Example

We show how machine learning techniques can be applied in Bitcoin, inspired by the latest Bitcoin Class. Specifically, we demonstrate how Singular Value Decomposition (SVD) can be applied to enable trustless purchase of an original image, based on a low-resolution preview.

Singular Value Decomposition (SVD)

SVD is a type of matrix decomposition that decomposes/factors a single matrix into matrix U, ∑ and V* respectively.

  • U and V* are orthogonal matrices.
  • ∑ is a diagonal matrix of singular values.

Intuitively, it can be seen as converting one complex transformation in 3 simpler transformations (rotation, scaling, and rotation), in which

  • Matrices U and V* causes rotation

How to Build an OnChain Tic-Tac-Toe Step-By-Step

Today we will show you how to build a decentralized application (a.k.a, dApp), on the Bitcoin SV blockchain. We will walk through the entire process of building a full stack decentralized application, including:

  • Write a contract
  • Test the contract
  • Interact with the contract through a simple web app

By the end, you will have a fully functional tic-tac-toe app running on Bitcoin.


Development Environment

Before we dive into the app, make sure you have the following dependencies installed.

Tic-tac-toe Contract

The basic idea is to store the state of the game in a contract, using the general approach detailed before…

Decentralized Lottery as an Example

Secure multiparty computation (MPC) protocols enable multiple parties to jointly compute a function over their inputs while keeping those inputs private. For example, two millionaires decide who is the richer and should pay for dinner, without revealing their actual wealth¹. Or a group of employees can calculate the average salary of the group without disclosing their individual salaries.

One fundamental limitation of MPC is that it cannot force parties to respect the outcome. In the millionaires example, one can refuse to pay after he finds out he is richer.

We use Bitcoin to solve this challenge², by linking the outcome…

We design and implement a secure auction system on Bitcoin. It is open and transparent, where everyone can participate and the highest bidder wins when the bidding is over. Bidders are binded to their bids and auctioneers to the auction results.



  • bid: If a higher bid is found, the current winner is updated and the previous highest bidder is refunded.
  • close: the auctioneer can close the auction after it expires and take the offer.
Auction Contract

Possible Extensions

There are many ways to extend this basic contract. For example, if the item auctioned is tokenized and stored in a UTXO (e.g., an NFT), when the auctioneers closes the auction, it can be demanded one input is the token UTXO and one output is transferring it to the winner, thus making the closing atomic and cheating impossible.

Recurring Payments and Checking Accounts

We introduce a recurring payment contract that allows a customer to deposit money in and a business to collect payment at a regular interval.



The contract have three public functions.

Recurring Payment Contract
  • The first one is for the user to deposit more money.
  • The second one allows the user to opt out at any time. Note that if the user needs to provide a cancellation notice before stopping the recurring payment, it can be achieved on the basis of this contract with minimal modifications.
  • The last one is for the merchant to withdraw certain amount of money from the…

Using Blum’s Protocol

Previously, we implemented a fair coin toss on Bitcoin using XOR. We introduce an alternative way of implementing it using Blum’s original coin tossing protocol¹.

Coin Toss

It consists of the following steps:

  1. Alice chooses prime numbers p and q. He tells Bob N = p * q. Alice chooses p and q to be extremely large so that Bob cannot feasibly find them from N.
  2. Bob chooses x between 0 and N. He calculates b = x² mod N. He tells Alice b. …


sCrypt Inc ( is a company with mission to providing integrated on-chain smart contracting solutions on Bitcoin SV.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store