I. Introduction
Bitcoin is sound money. But bitcoin finance currently happens through centralized bitcoin banks and on alternative smart contract networks. Discreet log contracts, however, enable bitcoin-native finance, with financial products built directly on top of bitcoin. They figure importantly in our mission to bring sound finance to sound money.
DLCs lag a few years behind the lightning network's current stage of development and adoption. So, as you might expect, DLCs simply receive less attention, leaving most of us unaware about their current challenges and future promise. This scarcity of focus made the DLC session at Bitcoin 2022 especially valuable. The session included the inventor of DLCs, as well as three founders of early stage bitcoin companies:
- Tony Cai (CEO, Atomic.Finance)
- Ben Carman (Co-founder of The Bitcoin Company)
- Tadge Dryja (MIT, inventor of DLCs)
- Chris Stewart (CEO, Suredbits)
They discussed a range of issues around DLCs. I highly recommend watching the session. But I’ve boiled it down to a few highlights for readers who don’t have the time to watch it all.
(Those seeking more background to DLCs may start here.)
II. Importance of Discreet Log Contracts
Bitcoin has chosen security over smart contract expressibility. As a result, the bitcoin blockchain cannot execute the sort of smart contracts we find in Ethereum. These contracts allow users to lend, borrow, and buy or sell financial derivatives like options, among other things. These contracts need data to settle, including, for example, information about bitcoin's current price. To import this data from the real-world to the network, most contracts enlist the help of on-chain oracles like Chainlink.
Dryja revealed in the discussion panel that Ethereum smart contracts inspired him to invent DLCs. The main idea: we can spread a contract's logic over several off-chain bitcoin transactions and use one or more trusted off-chain oracles to settle the contract. DLCs keep most of the contract off-chain and thus simultaneously help preserve user privacy and bitcoin's block space.
Here, we begin to glimpse the importance of DLCs, one of the main topics of the panel discussion. Atomic CEO Tony Cai said that DLCs enable us to import products, primitives, and defi-like applications into bitcoin. Then, he spoke at length about how DLCs fit with bitcoin’s overall philosophy:
When you look at the greatest assets or currencies around the world, you notice that there is a very robust ecosystem of financial tools around them. Part of bitcoin’s maturation process as a financial asset, as a currency, as a store of value, is that there’s going to be more and more financial tools built on top of bitcoin. And I think that financial tools are just going to be a large part of the maturation process.
He continued:
There’s a big gap between bitcoin finance and bitcoin the asset. Bitcoin the asset is censorship-resistant and transparent, but bitcoin finance isn’t. You hand over your coins, and you don’t know what happens behind the scenes. We need sound financial tools that match, as much as possible, bitcoin’s qualities as transparent and censorship-resistant money. We don’t want to simply replicate the old system around bitcoin. We need to build sound financial tools for sound money, natively, on bitcoin.
This connection between sound finance and sound money might sound familiar to those in Atomic's orbit. Tony’s answer captures Atomic’s core purpose — to build financial tools for bitcoin with the very qualities that make bitcoin special.
Elaborating further on the functionality of DLCs, Carman noted specifically how DLCs enable options contracts on bitcoin’s price and betting more generally, even on games of Super Smash Brothers. (Chris Stewart recently wrote about sports betting in relation to DLCs). But this extra capability costs little by way of scalability and privacy. “DLC contract data is off-chain, just between counterparties,” says Carman. And although DLCs require oracles to import real-world data to resolve the financial contract, “the oracle needn’t know, nor does anyone need to know what the bet is.”
Precisely because DLCs have a smaller on-chain footprint, they offer enhanced privacy. According to Carman, chain analytics firms generally assume that multiple inputs in a transaction belong to the same person. And DLCs “break this heuristic,” he says. A typical DLC simply resembles a dual funded lightning channel. Later on, the panel agreed that, with the upgrade to Schnorr signatures, DLCs will resemble simpler transactions due to the ability to aggregate signatures. Stewart noted that the DLC protocol hasn’t yet fully integrated Schnorr. Nonetheless, it’s great to see how unrelated improvements to bitcoin combine to provide even greater improvements.
III. Bitcoin Development
Although bitcoin has likely won the war for censorship-resistant money, other networks far exceed bitcoin’s current ability to provide censorship-resistant financial markets. Other networks enable people to trade different assets without trusted intermediaries, pool liquidity to allow for low slippage, and use decentralized derivative products. On this point, Stewart says that other networks are “kicking our butts.” If we want bitcoin to provide similar censorship-resistant financial markets, we must somehow extend bitcoin’s functionality.
DLCs help solve the third challenge, of enabling users to use bitcoin as a betting platform. But as great as DLCs are — and they are magical — they don’t themselves enable users to trade anything other than bitcoin or provide pooled liquidity. At the very root, users need centralized services to find other potential counterparties. Dryja continues:
We always start with Alice and Bob, but we need to begin with Alice and Bob not knowing each other. Ethereum provides order books and marketplaces for strangers. It’s highly inefficient, containing all the orders and cancellations for all time. But the good part is that people can find each other. This isn’t quite solved in Bitcoinland.
Although Ethereum enables counterparties to find each other, it does so by filling its ledger with all sorts of seemingly unnecessary information. We “don’t need 100s of gigs of these orders,” says Dryja. “We need a layer 2 mempool.” The layer 1 mempool consists of transactions seeking a spot in bitcoin’s ledger. So a “layer 2 mempool,” it seems to me, would serve as a meeting place for buy and sell orders so that counterparties can construct a transaction to appear in the layer 1 mempool. In other words, we need a mempool for the mempool: a digital rendezvous where strangers can jointly create transactions — and remain strangers. Bitcoin needs a decentralized order book of buy and sell orders so that participants can find their counterparties without clogging up the ledger. Such an order book would free bitcoin and its users from the vulnerabilities baked into centralized exchanges.
When asked about how Atomic resolves the matchmaking issue, Cai replied that Atomic currently does matchmaking through an IRC channel. Users pair through the Atomic app, which generates an offer message on an IRC channel to pair with a market maker. So it seems to me that Dryja’s idea of a publicly accessible but decentralized order book would allow Atomic to expand its base of potential counterparties. Because a layer 2 mempool could have features beyond what we find in layer 1, this particular waiting room might consist of orders constructed with zero knowledge proofs that reveal nothing but the essential order details.
IV. Oracles
DLCs have off-chain oracles that settle bets with digital signatures over real-world results, like the Super Bowl or the bitcoin price at a certain time. Dryja explained them very simply:
An oracle is a “bridge” between the ledger and the world. We have to trust oracles to be good bridges. But we should try to minimize the trust we have in oracles. In DLCs, an oracle reports data without knowing how it's being used in active smart contracts. And the report itself needn’t be on chain.
Stewart and Carman followed up with two important points. First, Stewart noted that the same oracle can be used across all chains. So we wouldn’t need an oracle for Ethereum, another for Solana, another for Bitcoin, and so on.
Second, Carman reminded everyone that just as we minimize trust in a single private key with multi-signature schemes, we can minimize trust in a single oracle by using multiple oracles for a single bet. Putting these points together, a potential future for DLCs includes multi-chain oracles each serving in multi-oracle bets.
Who will serve as oracles? Well, as Carman noted, running an oracle is very cheap—we can set them up to run indefinitely and require little capital. So it’s not clear that users will want to pay oracles for their service beyond a negligible amount. But Dryja made a compelling point that exchanges will have an incentive to run reliable oracle services:
The bitcoin price is very important. Exchanges would want derivatives contracts to settle against their own prices, so that people will bring their bitcoin to that exchange.
I’m embarrassed to admit that I hadn’t really thought of this. People will want to trade on their oracle’s platform to avoid potential mismatches in price as their bets settle. And so exchanges have reason to serve as oracles to lure people to trade on their platform.
V. Recent and Potential Soft Forks
DLCs, like lightning, shift the onus from the blockchain to the user. DLCs pre-compute all possible outcomes and payouts. Thousands of them, potentially. Alice and Bob must generate and sign these transactions beforehand and store them on their personal devices.
DLCs embody a design philosophy that seeks to keep data off the blockchain. In the course of explaining this philosophy, Dryja rhetorically asks how much each of us would be willing to store on our personal computers to keep 1 megabyte from the blockchain? “Data on the blockchain feels heavy,” he said. After all, nodes download and save this data forever. It’s a neat and revealing question.
At around this time in the discussion, panelists began to note the potential benefits of BIP 119. The panel discussion occurred before BIP 119 began to overtake discussions on bitcoin twitter. Since then, Jeremy Rubin floated a speedy trial activation process for a BIP 119 soft fork. So, although panelists had nice things to say about BIP 119, they didn’t — and couldn’t have — endorsed its speedy trial activation, which has since been shelved. The panel discussion occurred well before these more recent events.
With that disclaimer in mind, many panelists did say positive things about BIP 119. For example, Dryja noted that BIP 119 would increase efficiency. It might provide more nimble DLCs with “different knobs to change” in how much of a contract goes on the blockchain as opposed to our personal devices. Carman said getting BIP 119 would be a “huge thing,” noting that it would save bandwidth. He flagged, in particular, how this matters for those using TOR or living somewhere with less powerful internet.
Cai also noted a potential benefit of BIP 119 for Atomic. “Typical options contracts take about 60 seconds to generate all the signatures,” he said. But BIP 119 could simplify the process down to a couple seconds. So it has some potentially great benefits for user experience.
Discussions about bitcoin soft forks have recently waxed more than waned, especially forks which aim to decentralize financial markets around bitcoin. Going forward, the bitcoin community will continue to weigh the complex technical, economic, and social tradeoffs of BIPs 119 and 300, as well as the newly proposed TARO upgrade to Lightning. I don’t know how the dust will settle, but I’m optimistic that bitcoin’s mindshare will resolve these issues to bitcoin’s benefit.
According to Dryja, “there are still enormous amounts of things to improve and research in the space, which is really exciting.” Indeed.
By incorporating these new developments around DLCs, Atomic.Finance will continue to push the boundaries of bitcoin finance. We can’t wait to share with our users what DLCs enable for them.
Join the Sound Finance Movement
Atomic Finance builds sound finance products for sound money.
Our first Sound Finance product is a mobile app that provides self-sovereign Bitcoiners a way to earn a return on their bitcoin with full transparency. Without having to give up custody of their coins to a third-party custodian.