Introduce sCrypt: a Layer-1 Smart Contract Framework for BTC
Smart Contracts on BTC
Conventionally, BTC is regarded only capable of payments and storing value. Ordinals has changed the misconception by demonstrating it also supports tokens. Another misconception is BTC’s lack of smart contract capabilities. In fact, BTC support smart contracts since day 1, in the form of Bitcoin Script. Hashlocks, timelocks, and multisig are some prominent examples.
One of the biggest hurdle in BTC smart contracts lies in Script. Being a low-level assembly language, Script is extremely difficult to code in and reason about. There is virtually no tool to test, debug, and deploy as in typical software development workflow. Writing smart contract in native Script is cumbersome and error-prone. It quickly becomes intractable when the contract size and complexity grow.
Enter sCrypt. With sCrypt, developers can directly code BTC smart contracts in Typescript, one of the most popular programming language in the world and used by millions of developers every day. sCrypt contracts are compiled into Bitcoin Script.
sCrypt offers a plethora of benefits:
A Working Example
Let us examine a practical smart contract.
The code below represents a simple logical NAND (NOT-AND) gate commitment for BitVM, taken from Figure 2 in its whitepaper. It checks if the two input bits (A, B) and one output bit (E), all committed in advance using hashes, of the gate match, i.e., E = NAND(A, B).
The exact details of how this code works is not important. The central message here is that it is far from what a modern programming language looks like and appears esoteric.
The functionally equivalent is expressed in sCrypt simply as:
The full code is listed below, based on the sCrypt library
Deploy and Call Smart Contracts
We use Pay-to-Witness-Script-Hash (P2WSH) for contract deployment. Deployment consists of compiling the smart contracts code to produce script, hashing this script, and placing the hash into a P2WSH transaction (Tx0), which is broadcast to the network.
When someone wants to call the deployed contract, she will embed the full contract script along with the called method’s inputs as witness data in the subsequent transaction (Tx1) spending Tx0.
Here is the code snippet to deploy and call the contract:
It is worth noting that deploying (Line 8) and calling (Line 12) the contract only takes one single line.
- Deployment Transaction ID:
- Call Transaction ID:
These transaction IDs represent an instance of the
BitVM contract deployed and called on BTC.
The full code of the example is available on GitHub. Interested developers can access the complete code and run it themselves. For more information on sCrypt, please refer to our extensive documentation.
sCrypt can work on any blockchain that supports Bitcoin Script. This includes Bitcoin forks and Bitcoin-derived chains such as Litecoin and Doge.
BTC has disabled many Script opcodes such as OP_CAT and OP_MUL, greatly limiting the types of smart contracts that can be expressed in sCrypt. The BTC community is actively discussing re-enabling such opcodes and introducing new ones, which will make sCrypt on BTC more powerful than it is today if the proposed changes are accepted.
In the meantime, there are chains that have the full suite of Script opcodes, like Bitcoin SV and MVC. sCrypt reaches its full capacity on these chains today.
Use in Taproot
We use P2WSH type script to embed sCrypt contracts for ease of exposition in the example, which allows maximum script size of 10KB. sCrypt contracts can also be used in Taproot script. They can be made more expressive and complex, since Taproot has a much bigger script size limit of ~4MB.
Compare to other Layer-1s (L1)
There are other attempts to improve Script’s programmability, which we list some below.
- Miniscript: a standalone language for representing Bitcoin Script in a composable and readable way. It is very limited in scope and less expressive than Script: it can only express signature requirements, timelocks, hash preimages, and arbitrary combinations of these.
- Simplicity: a work-in-progress low-level programming language with greater flexibility and expressiveness than Bitcoin Script. It requires a fork to implement on BTC.
In contrast to both, sCrypt does not invent a new programming language and just reuses TypeScript, which has a significantly shallower learning curve. Also it provides a more comprehensive framework besides smart contract language, including IDE, package management, debugger, SDK and APIs. That is, it offers everything developers need to build a full-stack app powered by smart contracts.
Compare to Layer-2s (L2)
sCrypt is a Typescript-based domain specific language (DSL) compiled into Bitcoin Script, which runs on BTC today without any fork. It inherits the full security of BTC, thus making it more secure and trustless than any BTC L2.
Having said that, BTC L2 could use more sCrypt features if they also use Script and have more opcodes enabled than BTC L1. In fact, there are already L2s that leverage sCrypt this way, like Note Protocol.