Yesterday we released our design for
BitVM based trust-minimized two-way peg. The people working on BitVM have been considering how to construct two-way pegs using it, and our design proposes a solution for this.
Mainly, it's a graph of transactions to coordinate peg-in and peg-outs around the BitVM UTXO. The design is heavily inspired from Ark's connector outputs.
You can the details of how it works here:
WriteupCode is available - WIP:
GithubThe core idea of the BitVM in this context is a
ZKP (Groth16) verifier (which we also open-sourced last week:
Github).
We have a light client proof of our ZK Rollup (its called
Citrea, uses BTC as its native token, no other token) which is basically an aggregated proof of batch ZK proofs. Then we recursively verify this proof inside another circuit which checks withdrawal SPVs agains the withdrawal merkle root of the proof. BitVM ZK Verifier verifies this proof.
Building two-way peg to another sidechain/L2 should be as easy as changing the light client proof with another one. However security assumptions will differ from one light client to another.
Note: BitVM ZK Verifier and Clementine are work-in-progress. They need a complete BitVM implementation to be fully run on-chain.