Bitcoin PIPEs v2, Covenants et ZKPs sur Bitcoin via le chiffrement Witness | Bitcoin 2026

All right, let's talk about pipes. Some of you have seen it, some of you have heard it. Those who haven't, let's let's talk about that. Um What are we What's What's the largest problem? Like what are what what Bitcoin pipes are all about? It's all about covenants and ZKPs on Bitcoin without touching Bitcoin itself. Why? I mean the fact is actually the the answer is actually pretty simple. Bitcoin is just too big to be touched. Like at this point it's uh I mean and like I don't know what is it like 10 two like whatever like trillion of dollars two trillion dollars just too large. Don't risk it. Don't touch it. Uh things which are good to have uh just leave them leave them to be done out of the Bitcoin. Don't touch the protocol. Each little small change risks a lot of money. Don't touch the protocol. But the thing is it's actually hard to touch it. Like we actually have what we call governance paralysis. I mean sure people say that Bitcoin doesn't have governance but miners are governance, social consensus is governance and uh it's kind of hard to change already. So, is it good? Sure. Like except the security issues. I mean focus on security issues please. But of all the all the other stuff um good. It's it's paralyzed. It's ossified. Um What do we do that? Like the problem is we still want to do things with Bitcoin. Like we still want besides whatever besides just sending it like or something we still want cheaper payments, we want better payments, we want privacy, we want collateralize it, we want to be able to borrow against it, we want to do a lot of different stuff. Um Can we do it? I mean sure we still can uh with additional trust assumptions. If you trust a third party, you can do that. Um but the thing is, after certain size, you just stop trusting them. Well, I mean, like, you just can't. If you're a government, if you're a huge institutional, if you're a huge I don't know. Somebody large. If you're If your second name is sailor. Would you like Like, no, you know? That's the thing. So, how do we do that? Like, how do we get people to do stuff without them trusting somebody not worth trusting? Um it seems like there is a way. Like, it feels like there's a way. Now, we know there is a way. Uh We can do it with cryptography. We can effectively uh enforce everything we want to do with Bitcoin off-chain. We can enforce it outside of Bitcoin and without a trusted party, without a third-party trusted party, you can trust the cryptography. It turns out you can do that. And what does it give us? Like, it give us Well, obviously, a lot of stuff we a lot of stuff we wanted. First of all, well, certain type of covenants. Like, we wanted covenants for a long time. Covenants are nice to have. It's not must-have because must-have is like people just focus on post-quantum, okay? Like, focus on security, focus on all of that. Just keep the consensus stable, keep the cluster stable, keep things Just keep things as it is. Don't lose stuff, all right? We're We're doing good. But covenants are nice to have. And um we'll talk about that a little bit later. So, Ziki proofs. I mean, of course, um people want cheaper payments, people want cheaper transfers, um people want privacy. That's what you needed for. Vaults. Custody. So much custody we have on Bitcoin. Uh I guess what it is. It's all multi-sig. Like, literally, over the last several days I had an enormous amount of conversations about Well, I mean, guys, you're like, "Sure, you you you bought a lot of Bitcoin with other people's money. How do you custody it?" Well, you know, usually it results into being, "Yeah, it's it's a multi-sig. It's a multi-sig. Yeah, like, whatever." And it's we have seen like just a as a broader crypto industry lately the loss of enormous amount of money just because somebody lost a key. And like, sure, I mean, some people are just good with it. They're like, "Oh, we'll do more keys. We'll do more parties. We'll do more people. We'll do hierarchy. We'll do like nested multi-sig." Sure, you can do it, but you're you're increasing the But this way you're increasing the time you need to react for somebody to get something out of that thing. So, that's something else. And uh yeah, I mean, privacy I don't even know I I don't even need to talk about it. Um some people just who want to be very cautious with others seeing what they have um for different reasons. Just, you know, whatever. Some are basically obligated to do that. Some are, you know, just want to do that. So, that's the thing. With all of that, we can enforce cryptographically. It seems so. Um so, how? How in particular? Uh that's what pipes are all about effectively. Uh we do it with inscription. >> [laughter and gasps] >> Like, 2 years ago, honestly, it would have sounded like complete insanity, but um well, thanks to some whatever other L1s uh in the industry, just the broader in the L1s in industry, dying for the sake of making this research practical and making this research possible, at least. Maybe not like the most practical, but still possible, at least. Uh we can have that and not sound like we're insane. Um what's the thing? Like, what does it give us? Like, what do we want to achieve with that? We want to have arbitrary spending conditions, which effectively covenants are all about. That's what's called covenants, arbitrary spending conditions. Uh we want not to trust anybody. We want uh not to pollute Bitcoin, which is the most important thing. We've had so many systems which were polluting Bitcoin, those destabilizing it with it. Uh it's that's what we want. And uh what's the construction? The construction is based on pretty recently published uh arithmetic find determinant programs, uh kind of the cryptography primitive called witness encryption. And uh it allows to do well, it allows to do all of that stuff. How? And what is witness encryption? Witness encryption is a type of primitive, type of cryptography primitive which allows to uh decrypt a key to do a certain transaction only after you prove cryptographically that you have satisfied certain conditions, certain predicate, you have done certain compute. If you haven't done that compute correctly, you don't get the key, you don't get to transact. Basically, that's that. And um uh this, I mean, kind of doesn't require uh third parties for the decryption phase. Um it doesn't require um well, it doesn't require us. It doesn't require us side systems. It doesn't require uh operators or anything like this, which also, by the way, quite interesting, the absence of operators for certain systems makes it makes uh the system more compliant. Because, again, for for example, privacy uh needs, as we've figured out recently, uh the presence of the operators which do transaction, which do transactions, which do effectively become transaction parties, make these protocols legally questionable. So, we remove that problem not just with adjusting whatever like the legal stuff, but also with just solving it technically without operators at all. Uh a little bit of history. Bitcoin pipes is not a new It's not really a new thing. It's been around for a while. Like the first thing we published, it was published in October 2014. Um originally it was based on a little bit different uh cryptographic primitive and uh it paved the way to conditional decryption based approaches. Like people with Argo, with BitVM, BitVM 3, all of that stuff. We've heard of them, you've seen them. Uh a lot of people even use them. So, Bitcoin pipes V2 is the evolution of that. We published it recently, like a couple of months ago. Um the like obviously what I was saying kind of before is uh well, it all sounds good, but you know, there are obviously downsides and we got to be all very honest and very open about them. Uh Bitcoin pipes V2 right now uh the currently published version is not like they're not very cheap to use basically because of computational requirements. I mean, this stuff's pretty novel. So, like we're still working on it. But, as I said, we're still working on it and uh optimizations we're like, you know, likely to release this year. Uh will bring the cost of decrypting the a covenant down to well, maybe the average Bitcoin transaction. Okay, well, actually a little bit maybe a maybe comparable to the average Bitcoin transaction fees. Um so, that's the thing. And uh what's interesting is we have still, no matter that, managed to make it work within Bitcoin block time. Like within 10 minutes. So, you can actually do a decryption, You can actually do a covenant each 10 minutes with this. Quite with some resources but doable. The current work the usual workflow for all of the conditional decryption stuff is you create you create something you lock a key you put some funds in there like nobody knows this key until the computer is proven. Once the computer is proven the pipe decrypts you a key and you can transact. This presence the fact that you have this key and you can sign a signature attests that you've done everything correctly. Without this you would have never had it. That's the thing and it's all enforced cryptographically. Nobody enforces this enforces that as a third party or something. Covenants. What in particular which covenants in particular pipes can do and which which ones they cannot do. Let's talk about that a little bit. So pipes V2 effectively allow to do what we call binary covenants which means it's those of codes those predicates which end up with either zero or one. Like it's either valid either not. Which of codes do we have like this? Which BIPs which proposals which will never make it to the consensus which will never make it into the Bitcoin script we have like this. CSFS sure like this famous combination of CTV plus CSFS everybody wants. Yeah that's the thing. Op vault um nuances but still yes like the decryption predicate there the result of the decryption predicate there is either zero or one. So can we do a vault with pipes? Yes we can do vaults with pipes of different kinds maybe not the exact emulation but still of different kinds. The most precise we can do. Um hyped up things about the hyped up things like CTV or CAT. Can we do those? Uh well just today have we have figured out that indirectly but we can do those. Effectively we can do instead of CTV we can do check CTV. Uh with CAT I mean we probably can do check cat or something like this. Effectively, anything with which ends up in zero or one. Indirectly, again, not directly, but still. Um, Ziki piece. Uh, people say we have Ziki piece already on Bitcoin and like kind of the first thing they think when they talk at when we talk about Ziki piece on Bitcoin is, well, I mean, it's scaling and privacy and all that stuff, but in fact, it turned out to be quite a nice result having non-interactive Ziki piece on Bitcoin, uh, which also means, well, we'll talk about that later. Um, having non-interactive Ziki piece on Bitcoin resulted into being, you know, kind of very interesting result, I would say, just just, I would say, out of out of nowhere. We wanted to solve governance, but we accidentally solved non-interactive Ziki piece as well. Um, well, of course, with adjustments to probabilistic finality, adjustments for like the forking stuff. We got to be You got to be honest about that. But still, that's the thing. And uh, differentiating from different in differentiating from other methods to do Ziki piece verification on Bitcoin, this provides you with the smallest possible footprint on Bitcoin. It doesn't require you to put megabytes of it or inscribe megabytes of it. And it doesn't require you to wait to disprove something, to wait until everybody's like, okay, this is good. This is good. Probably nothing's going to happen like for a week or something like this. No optimistic verification there. Welcome to Predict, the world's a market. Everything is a market. Every headline moves the line. Every moment is your market. Call the moves. Bet on your instinct. Your prediction, your edge. Dual bets. Predict, where everything is a market. Uh, what does it get us? Like, um this sounds like a little bit of an oxymoron, but actually there is a little bit of thing. Like, having non-interactive ZKPs on Bitcoin and having vaults means we can actually do fun meta protocols. Again, welcome back. Uh, we've seen those meta protocols a lot, and those meta protocols kind of were not there, and they kind of all died. Why? Because there was no Bitcoin there. Why there was no Bitcoin there? Because all the vaults were basically multisigs. And like, you you put your money in a multisig, and nobody wants to put their money in a multisig hoping that somebody will ever maybe get your your money back, give you your money back. Like, rough, you know, like, we've seen a lot of that stuff. Nobody received anything back. So, we hope and we think that having non-interactive ZKPs, having vaults, having all of that stuff will give birth to better and more fun meta protocols like privacy meta protocols or I don't know. Something else, like non-consensus logic using meta protocols. Like, meta protocols which would use CAT, CTV, all the other stuff which will never make it into into the consensus. Uh, so that's that's the thing, and we hope to see more Bitcoin being used in there, inside of it. Which means more functionality, more programmability, more privacy without third parties. Pipes actually have some applications for Bitcoin in the L1 itself. Since now, at least well, on paper, in theory, and we're working on implementation, we can do uh, non-consensus logic, or we can do maybe interesting op codes without touching the consensus itself. Um we can actually maybe even start simplifying Bitcoin. We can start cutting out things which were added in there God knows why. Or we can actually um, just, you know, offload as much as possible. We can we can stop worrying about hacky things or whatever, you know, and try to offload offload offload offload. Keeping Bitcoin itself as simple as stable as secure as possible. Consensus should be stable. That's the thing. We should focus on that. Everything else offload it. And uh what's next? The next thing is we are well, kind of what's what's what's what's going to happen next. The next thing is we're working a lot on cryptanalysis. We're working with Anja Mark. We're working with like uh well, we had uh quite some interactions with Dan Boneh about all of that. Like we're working with all the academic institutions to make sure pipes are secure, that nothing gets broken, that everything's well, because it's all pretty novel. With inscriptions pretty novel. Uh we're going to be doing open challenges, cryptography open challenges. We're going to be locking some Bitcoin behind a trivial simple pipe. So, if you found if you find a bug there, if you're able to crack crack it, please do it. Come by, collect your Bitcoin. So, that's like a good thing I would say to do. We're we're very welcome to you're very welcome to to do that. Um we're going to be working of course like on the implement on the and we're like on the improvement of the efficiency and the reduction of a cipher text and uh PRC implementation of force, full implementation is is coming up. And uh we of course are going around and we're talking to people about what this is helpful for besides those ideas we have in mind, those things I spoke about already as well. Like we're happy to talk with lightning people, we're happy to talk with BitVM people, we're happy to talk about all of that stuff because well, if you have covenants, you apparently can do a lot. At least certain covenants, not all the covenants in the world, of course, but certain covenants. Um I guess that's what it is. I mean done. >> [music] >> Every year this community comes together to [music] celebrate to debate to build what comes next. >> [music] >> And every year the stage gets bigger. Sound money center stage. [music] So, where do you go to celebrate the next chapter in Bitcoin history? You come home. >> [music] >> Nashville, July 2027.