The zkSync Era Network has launched as the a leading layer 2 solution to Ethereum and has a world class leading ecosystem for permissionless, transparent, and immutable software applications. These software applications, typically taking the form of Smart Contracts, can all seamlessly interact with each other. To facilitate this process, various standard protocols have been developed such as the ERC20 standard for a common ‘token’ format so that these Smart Contracts can pass scarce, owned, and transferable data between one another without a centralized mediator. Most ERC20 tokens have been distributed in a matter that is generally known to align with ‘securities.’ The tokens are sold to ‘investors’ by the ‘creator’ under the pretenses that the ‘creator’ will perform some action to make the tokens more valuable. It should be clarified that Bitcoin is distributed via ‘bitcoin mining’ and therefore aligns itself as a ‘commodity’ and not a ‘security.’ This whitepaper will describe a ERC20 token that aligns itself as a ‘commodity’ since it is distributed using ‘Proof of Work Mining’. This token is also transferred on a blockchain in a method very similar to Bitcoin and so therefore interfaces with other software and with the world in a manner which is effectively similar to Bitcoin. This token has several advances that set it apart from Bitcoin such as the ability to directly interact with zkSync Era Smart Contracts and the rest of the zkSync Ecosytem in a permissionless way.
zkBitcoin Token is the implementation of Bitcoin in Solidity. It is an open source community project, not led by an official team or corporation, and therefore does not have ICO capital or other vast amounts of currency/capital that a centralized token project would have. We believe as a community that decentralization is the true flavor of the blockchain and that is the architecture that provides open and transparent trust for users. We also believe that zkSync Era and ERC20 tokens are a significant segment of the future of blockchain technology.
zkBitcoin Token is designed to be used as a decentralized ‘bitcoin-like’ token within the zkSync Era ecosystem and beyond. All tokens are minted on the zkSync Era Blockchain. zkBitcoin Token follows a standard protocol (ERC20), tokens are stored on the zkSync Era Blockchain address and it is transferred using standard software which supports EIP20/ERC20 tokens. Since zkBitcoin Tokens are mined in a completely decentralized manner, there is no central body or central organization which controls or enforces any aspect of zkBitcoin Token. The community owns and operates the token in a flat structure and every individual has the same power over the smart contract as any other individual. This is on purpose in order to follow the same model of Bitcoin and to establish zkBitcoin Token as a commodity.
One of the most effective side effects of Satoshi Nakamoto's desire to secure the original Bitcoin network with Proof of Work hash mining was tethering and bootstrapping the coin to computing power, thereby removing centralized actor jurisdiction. Transitioning the responsibility of work back onto individual miners, government organizations would have no jurisdiction, and indeed visibility, of mined zkBitcoin Token. Government oversight is removed from an equation whereby miners are providing economic effort in direct exchange of a cryptographic commodity. This facilitates relatively decentralized distribution and establishes all involved parties as stakeholders. zkBitcoin Token (zkBTC) is a token that allows projects to be funded not by centralized, direct-fiat conversion, but through decentralized computing power.
The name zkBitcoin Token is derived from the fact it is a token that is able to be mined and the layer 2 we are on zkSync.
The symbol zkBTC is from a combination of the term ‘zk’ which implies that the asset lives on a zk layer 2 and BTC for Bitcoin since we mimic Bitcoins proof of work model.
The zkBitcoin Token contract is located at zkSync Era address 0x366d17aDB24A7654DbE82e79F85F9Cb03c03cD0D and has validated transparent code which can be audited on the zkSync Era service.
The zkSync Era blockchain in its current state exists as a thriving permissionless ecosystem which allows any individual to store immutable records in a permissionless, invulnerable and transparent manner. As blockchain applications become richer and more numerous, there is a need for alternative distribution models than the ICO. Indeed, there have been proposals to mitigate some initial investment risks through the recent introduction of the DAICO model (Cunningham, 2018) that rely on timed and automated value transfers via the DIACO smart contract tapping mechanism. However, this does not align a token smart contract as a non-security and still has the potential to put investors at risk if not implemented carefully. Allowing users of the network direct access to tokens by performing computations as a proof of work supplies allows any smart contract to distribute a token in a safe, slow, and controlled manner similar to the release of a new commodity.
As of 2023, most all Ethereum Virtual Machine token distribution methods were flawed and able to be Sybil attacked. A Sybil attack is a form of computer security attack in which one human pretends to be many humans with multiple computer accounts in order to manipulate a system in a malicious way. ICOs and airdrops are highly susceptible to Sybil Attacks and since there is no way to verify that all ERC20 tokens distributed by the deployer distributed fairly or unfairly. zkBitcoin Token, with its unique Proof of Work distribution method, is resistant to Sybil attacks. This means that zkBitcoin Token is used as a trustless EVM token in the world. It can be argued that the distribution of zkBitcoin Token is fair since it was only distributed by mathematical hashing and not by a human.
As an implementation of the original Bitcoin software as an zkSync Era Smart Contract, zkBitcoin Token (or zkBTC) combines advantages from both Bitcoin, Ethereum and zkSync Era Layer 2s. The asset is decentralized, permissionless, mined and scarce just like Bitcoin which means it shares all of Bitcoin’s usecases and properties as a transparent and permanent digital record of value. However, above Bitcoin, zkBitcoin Token has the speed and scalability of the zkSync Era network and is compatible with all ERC20 token services. This means it can be stored in any EVM wallet, is as secure as zkSync Era blockchain, and can act as ‘the bitcoin’ for the ecosystem. This is important because Bitcoin is not able to communicate with or interact with the EVMs of Ethereum or Layer 2s. With zkBitcoin Token, the zkSync Era network is now effectively upgraded with the ability to interface with a commodity which shares all of the same properties as Bitcoin. Now, all zkSync Era smart contracts can hold, transfer, and trade bitcoin-like tokens permissionlessly and can do so based on immutable rules set forth using their own computer code.
Since zkBitcoin Token is mined like Bitcoin, it acts just like a commodity. The difficulty of ‘mining’ this commodity automatically adjusts to the total computational power used to mine it. The current state of the EVM ICO market with its demonstrable failure rate leaves investors vulnerable to holding pseudo-value backed only by speculation. zkBitcoin Token mitigates this problem by providing the zkSync Era blockchain network with a decentralized bitcoin-like asset which is able to fill the role of a multitude of centralized tokens in a more invulnerable and trustless format.
This powerful mechanism frees individuals from having to use a third party exchange, susceptible to security holes and wallet compromise, and third party escrows. The movement away from centralization is a core tenant of what Satoshi Nakamoto originally intended with classic Bitcoin (Nakamoto, 2009). zkBitcoin Token has the facilities to help keep the Ethereum ecosystem open, accountable, trustless and decentralized at every step in the value transfer process. Unlike Bitcoin, zkBitcoin Token can interact decentralzied exchanges such as Uniswap, Sushiswap, and is compatible with zkSync Era smart contracts. This means that while Bitcoin can only be traded using centralized means, zkBitcoin Token can be traded permissionlessly within immutable permanent smart contracts which are not able to be censored or restricted by central entities. This is another clear advantage and is closer to fulfilling Satoshi’s complete vision.
As an ERC20 token, zkBitcoin Token uses a traditional zkSync Era account. These accounts are free and are impossible to hack or to steal from, given that the private key has not been exposed. zkBitcoin Token can be stored in a Ledger Nano, Trezor or any other wallet that supports ERC20 tokens.
zkBitcoin Token is mined using a simple Keccak256 (Sha3) algorithm using the following methodology:
keccak256(challengeNumber, minerEthAddress, nonce) < difficultyTarget
The nonce is a random number selected by the mining software. The mining software mines to try to find a valid nonce. If the above statement evalutates to true, then the nonce is a valid solution to the proof of work. The challengeNumber is just a recent zkSync Era block hash. Every round, the challengeNumber updates to the most recent zkSync Era block hash so future works cannot be mined in the past. The miner's address is part of the hashed solution so that when a nonce solution is found, it is only valid for that particular miner and man in the middle attacks cannot occur. This also enables pool mining.
When mining zkBitcoin Token, whenever a miner submits a solution, the miner must pay a small gas fee in order to execute the zkSync Era smart contract code for the mint() function.
Typically, ERC20 tokens will grant all tokens to the owner or will have an ICO which demands that amounts of Ether be sent to the owner for an initial offering of tokens. Instead of granting tokens to the 'contract owner', all zkBitcoin Tokens are locked within the smart contracts initially. These tokens are dispensed, 50 at a time, by calling the function 'mint' and using Proof of Work, similar to mining bitcoin classic. Also the following Smart Contract methods are explicitly supported:
Returns the name of the token - e.g. "zkBitcoin".
OPTIONAL - This method can be used to improve usability, but interfaces and other contracts MUST NOT expect these values to be present.
function name() constant returns (string name)
Returns the symbol of the token. e.g. "zkBTC".
OPTIONAL - This method can be used to improve usability, but interfaces and other contracts MUST NOT expect these values to be present.
function symbol() constant returns (string symbol)
Returns the total token supply.
function totalSupply() constant returns (uint256 totalSupply)
Returns the account balance of another account with address _owner.
function balanceOf(address _owner) constant returns (uint256 balance)
Once verified, the mint function calculates and delivers a mining reward to the sender and performs internal accounting operations on the contract's supply.
function mint(uint256 nonce, bytes32 challenge_digest) public returns (bool success)
Allows multiple solutions (array of nonce), for the current challengeNumber. As long as there are still blocks left to be mined in this readjustment it will accept the array and check validitiy and pay out the appropriate amount of tokens in one bundled transaction to save transaction fees instead of having single mints.
function multiMint_SameAddress(address mintToAddress, uint256 [] nonce) public
Upon successful verification and reward the mint method dispatches a Mint Event indicating the reward address, the reward amount, the epoch count and newest challenge number.
event Mint(address indexed from, uint reward_amount, uint epochCount, bytes32 newChallengeNumber);
Recent zkSync Era block hash, used to prevent pre-mining future blocks. This is the current challenge we are solving.
function getChallengeNumber() public constant returns (bytes32)
Recent zkSync Era block hash, used to allow extra solutions if they are the minter that changes the difficulty.
function getMultiMintChallengeNumber() public constant returns (bytes32)
The number of digits that the digest of the PoW solution requires which typically auto adjusts during reward generation.Return the current reward amount. Depending on the algorithm, typically rewards are divided every reward era as tokens are mined to provide scarcity.
function getMiningDifficulty() public constant returns (uint)
Return the current reward amount.
function getMiningReward() public constant returns (uint)
Returns a test digest using the same hashing scheme used when minting new tokens.
function getMintDigest(uint256 nonce, bytes32 challenge_digest, bytes32 challenge_number) public view returns (bytes32 digesttest)
OPTIONAL - This method can be used to improve usability, but interfaces and other contracts MUST NOT expect these values to be present.
Verifies a sample solution using the same scheme as the mint method.
function checkMintSolution(uint256 nonce, bytes32 challenge_digest, bytes32 challenge_number, uint testTarget) public view returns (bool success)
OPTIONAL - This method can be used to improve usability. but interfaces and other contracts MUST NOT expect these values to be present.
Verifies a sample solution using the same scheme as the mint method.
function checkMintSolution2(uint256 nonce, bytes32 challenge_digest, bytes32 challenge_number, uint testTarget, address sender) public view returns (bool success)
OPTIONAL - This method can be used to improve usability.
The zkBitcoin Token was deployed to the zkSync Era blockchain in March, 2024, with the following attributes:
As such, the only way for a user to acquire zkBitcoin Tokens is to mine them or purchase them from miners on decentralized exchanges. The mintTo and multiMint_SameAddress functions is responsible for verifying the validity of the hash solution, updating the contracts internal state and issuing new zkBitcoin Token. They are shown below
function mintTo(uint256 nonce, address mintToAddress) public {
bytes32 localChallengeNumber = challengeNumber;
bytes32 digest = keccak256(abi.encodePacked(localChallengeNumber, msg.sender, nonce));
//the digest must be smaller than the target
require(uint256(digest) < miningTarget, "Digest must be smaller than miningTarget");
//ensure this combination has not been used before
require(!usedCombinations[digest], "Must not have been the first time this solve has been used");
usedCombinations[digest] = true;
_startNewMiningEpoch();
_mint(mintToAddress, reward_amount);
tokensMinted = tokensMinted.add(reward_amount);
emit Mint(msg.sender, reward_amount, epochCount, localChallengeNumber);
}
function multiMint_SameAddress_EZ(address mintToAddress, uint256[] memory nonce) public {
uint NextEpochCount = blocksToReadjust();
uint xLoop = 0;
uint leftOver = 0;
uint GoodLoops = 0;
bytes32 localChallengeNumber = challengeNumber;
uint localMiningTarget = miningTarget;
for (xLoop = 0; xLoop < nonce.length; xLoop++) {
bytes32 digest = keccak256(abi.encodePacked(localChallengeNumber, msg.sender, nonce[xLoop]));
if (usedCombinations[digest] || uint256(digest) >= localMiningTarget) {
continue;
}
GoodLoops = GoodLoops.add(1);
usedCombinations[digest] = true;
if (GoodLoops == NextEpochCount) {
if(leftOver != 0){
break;
}
localChallengeNumber = MultiMintChallengeNumber;
_startNewMiningEpoch_MultiMint_Mass_Epochs(GoodLoops - leftOver);
localMiningTarget = miningTarget;
NextEpochCount = GoodLoops + _BLOCKS_PER_READJUSTMENT / 4;
leftOver = GoodLoops;
}
}
_startNewMiningEpoch_MultiMint_Mass_Epochs(GoodLoops - leftOver);
uint payout = GoodLoops * reward_amount;
// Check for max supply and adjust reward era and amount if needed
if (tokensMinted.add(payout) > maxSupplyForEra && rewardEra < 59) {
rewardEra = rewardEra + 1;
maxSupplyForEra = _totalSupply - _totalSupply.div(2 ** (rewardEra + 1));
reward_amount = (50 * 10**18) / (2 ** (rewardEra));
payout = payout.div(2);
}
_mint(mintToAddress, payout);
emit Mint(msg.sender, payout, epochCount, localChallengeNumber);
tokensMinted = tokensMinted.add(payout);
}
figure 1. zkBitcoin Token Smart Contract mintTo() function
figure 2. zkBitcoin Token Smart Contract multiMint_SameAddress() function
The mining reward is initially gathered and follows the same algorithm as Bitcoin classic. Essentially following the paradigm of a fully decentralized monetary system, whereby the tokens are created by the nodes of a peer to peer network. The zkBitcoin Token algorithm defines how the token will be created and at what rate.
As with Bitcoin, zkBitcoin Tokens are generated every time a user discovers a new block by submiting a Proof of Work for the current challengeNumber.
A unique 'nonce' has to be passed into the mint function along with the hash solution digest in order for tokens to be dispensed. To find this special number, it is necessary to run a mining program. More specifically, the PoW includes a recent zkSync Era block hash combined with the wallet sender's address in order to prevent man in the middle attacks when minting new coins. The challenge and nonce are validated in solidity using the keccak256 hashing algorithm to decipher the challenge's digest. Once the digest has been extracted, it is validated to match the expected challenge result and then check to ensure that it is smaller than the mining target difficulty.
The mining reward is calculated based on the logarithmic halving algorithm making the zkBitcoin Token a reliably deflationary asset. The award is immediately assigned to the sender's wallet address and the ‘tokens minted count’ is incremented within the smart contract for any other software to monitor. Notably, the contract then validates that the tokens minted count is less than or equal to the maximum supply or the given halving era that transaction is taking place. Next, the contract records diagnostics reflecting reward address, amount and ether block number for the purpose of public transparency and for other software to monitor.
After every block is minted, the smart contract will determine if it is time to adjust the difficulty. This occurs every 1024 mined blocks in the first era. Just before this occurs, the contract increments the reward era if necessary - this is, if the tokens minted count has exceeded the maximum era supply which is calculated via a simple halving algorithm:
max_era_supply = total_supply - (total_supply / (2 * (reward_era + 1)))
This means that the first era supply is 10500000 tokens, the second era supply is 15750000 tokens, the third era supply is 18375000 tokens and so forth. During the first era, the block reward for a mint() is 50 tokens at 12 minute blocks. During the second era, the reward is 25 tokens at 12 minute blocks. During the third era, the reward is 12.5 tokens and at 12 minutes. During the forth era, the reward is 6.25 tokens and at 12 minute blocks. And so on and so on. There are 59 eras total that will reduce the supply rate. Increasing past a total possible 21,000,000 tokens, but not by much will end rewards for this proof of work token in 150+ years. At which time zkBitcoin Token can be used as a decentralized digital currency for Ethereum, zkSync Era, and all Layer 2s.
The reward era is used to calculate the mining reward. Next, the zkBitcoin Token smart contract adjusts the difficulty by first determining how much time has passed since the last adjustment. If less than 12 minutes * 2045 blocks had been mined, zkBitcoin Token is being mined too quickly and the difficulty will increase. This is accomplished by reducing the size of the ‘target’. When the target is smaller, valid nonces for minting are more rare and are harder to find for future mining rounds. Alternatively if zkBitcoin Token is being mined too slowly the target will increase in value in order to make minting more easy to accomplish. All difficulty targets are bound within minimum and maximum difficulties of 216 and 2234 respectively.
To calculate approximate hashrate or approximate time to find a solution, the following equation can be used:
TimeToSolveBlock (seconds) = (difficulty * 2 ^ 22) / hashrate (hashes per second)
zkBitcoin Token is implemented as an zkSync Era ERC20 token and so its success is largely dependent on the success of the zkSync Era and Ethereum Network. If zkSync Era cannot scale, then zkBitcoin Token will not be able to realize its full potential as the fastest and most effective decentralized currency in the world.
No. zkBitcoin Token exists on the zkSync Era Blockchain as a Smart Contract. This allows it to leverage a faster, more secure and modern crypto environment.
Essentially the same way that pool mining works for classic Bitcoin, except zkBitcoin Token pools must pay gas fees to the zkSync Era network.
Every 2048 mints on a challenge OR
A) If there are less than 512 mints on the challenge and 45 days has elapsed, update difficulty after another max of 64 blocks.
B) If there are less than 1024 mints but greater than 512 on the challenge and 60 days has elapsed, update difficulty after another max of 64 blocks.
C) If there are greater than 1024 mints on the challenge and 75 days has elapsed, update difficulty after another max of 64 blocks.
It increases up to 400% or down 25% Target average adjustment time is 15 days.
At 10.5m tokens mined and when half the remaining has been mined then half of that remaining then half of that remaining, up to 59 iterations.
As long as cryptocurrencies exists, mining will always exist. Even though mining expends energy, it ultimately reduces corruption in society by providing humanity with decentralized and transparent transactional ledgers. Therefore the idea similar to humanity having to pay for a gigantic decentralized accounting system or police network which is reducing the widespread financial corruption across the globe. Just as we pay police officers and accountants for their service, we pay blockchain for its service in the form of energy and computation.
0xBitcoin WhitePaper, 2018 https://github.com/0xbitcoin/white-paper/blob/master/README.md
Satoshi Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System, 2009. http://www.bitcoin.org/bitcoin.pdf.
Logelin J and communitiy members. ERC 541 - Mineable Token Standard Draft, 2018. https://github.com/ethereum/EIPs/pull/918
Fabian Vogelsteller and Vitalik Buterin. ERC-20 Token Standard, 2015. URL https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md.
TrustNodes. The First PoW Bitcoin Like Token Launches on Ethereum, February 16, 2018. https://www.trustnodes.com/2018/02/16/first-pow-bitcoin-like-token-launches-ethereum
Vitalik Buterin. Ethereum White Paper, 2014. https://github.com/ethereum/wiki/wiki/White-Paper
Epstien J. Why Proof of Work in Bitcoin Means Proof of Value in the Real World, December 20, 2017. https://www.neverstopmarketing.com/proof-work-bitcoin-means-proof-value-real-world/
Bitfury Group Limited. "Proof of Stake versus Proof of Work", 2015. http://bitfury.com/content/5-white-papers-research/pos-vs-pow-1.0.2.pdf
https://en.bitcoin.it/wiki/Controlled_supply
Dai W. "b-money", 1998. http://www.weidai.com/bmoney.txt
Back A. "Hashcash - a denial of service counter-measure", 2002. http://www.hashcash.org/papers/hashcash.pdf
Cunningham A, Ethereum Co-Founder Announces DAICO, a new ICO Fundraising Model (January 15, 2018). https://discover.coinsquare.io/investing/daico-new-ico-fundraising-model/