Bitcoin PIPEs v2: Covenants and ZKPs on Bitcoin via Witness Encryption
Session
Overview
Misha Komarov presents Bitcoin PIPEs v2, a proposal for enabling covenant-like spending conditions and ZK proof workflows on Bitcoin without changing consensus rules. The core idea is to move enforcement out of Bitcoin Script and into cryptography, using witness encryption so that a spending key is only revealed after a required condition or computation is proven.
The talk focuses on why Bitcoin’s base layer should remain stable and difficult to change, while still allowing users to pursue better custody, vaults, privacy, cheaper transfers, and metaprotocols. PIPEs v2 is framed as a way to support certain binary covenant constructions, including vault-like behavior and indirect emulations of ideas such as CTV or CAT, without adding operators or trusted third parties.
Komarov also discusses practical limits. The current construction is computationally expensive, but ongoing optimization work aims to bring decryption costs closer to typical Bitcoin transaction fee levels while remaining feasible within Bitcoin’s roughly ten-minute block interval. Future work includes cryptanalysis, open challenges, improved efficiency, smaller ciphertexts, and proof-of-concept and full implementations.
All right, let's talk about PIPEs. Some of you have seen it. Some of you have heard of it. For those who haven't, let's talk about it. What are Bitcoin PIPEs all about? They are about covenants and ZK on Bitcoin without touching Bitcoin itself.
Why? The answer is actually pretty simple. Bitcoin is just too big to be touched. At this point it is around trillions of dollars, maybe $2 trillion. It is just too large. Don't risk it. Don't touch it. Things that are good to have should be done outside of Bitcoin. Don't touch the protocol. Each small change risks a lot of money.
But the thing is, it is actually hard to touch it. We have what we call governance paralysis. People say Bitcoin doesn't have governance, but miners are governance. Social consensus is governance. And it is hard to change. Is that good? Sure, except for security issues. Focus on security, please. But for all the other stuff, it is good that it is paralyzed and ossified.
What do we do with that? The problem is we still want to do things with Bitcoin besides just sending it. We still want cheaper payments. We want better payments. We want privacy. We want collateralized Bitcoin. We want to be able to borrow against it. We want to do a lot of different stuff.
Can we do it? Sure, we still can with additional trust assumptions. If you trust a third party, you can do that. But after a certain size, you stop trusting them. If you are a government, if you are a huge institution, if you are somebody large, if your second name is Saylor, you just can't.
So how do we get people to do stuff without trusting somebody who is not worth trusting? It seems like there is a way. Now we know there is a way. We can do it with cryptography. We can effectively enforce everything we want to do with Bitcoin off chain. We can enforce it outside of Bitcoin and without a trusted third party. You can trust the cryptography.
What does it give us? Obviously, a lot of stuff we wanted. First of all, certain types of covenants. We have wanted covenants for a long time. Covenants are nice to have. They are not must-have. The must-have is things like focusing on post-quantum security. Focus on security. Keep the consensus stable. Keep things as they are. Don't lose stuff. We are doing good. But covenants are nice to have, and we will talk about that a little bit later.
ZK proofs, of course. People want cheaper payments. People want cheaper transfers. People want privacy. That is what you need for vaults and custody. There is so much custody on Bitcoin. Over the last several days, I had an enormous number of conversations about this. You bought a lot of Bitcoin with other people's money. How do you custody it? Usually the answer is, yes, it is a multisig.
We have seen, in the broader crypto industry lately, the loss of enormous amounts of money just because somebody lost a key. Sure, some people are good with it. They say, we will do more keys, more parties, more people, more hierarchy, nested multisig. Sure, you can do it. But you are increasing the time you need to react for somebody to get something out of that thing.
And privacy, I do not even need to talk about it. Some people just want to be very cautious about others seeing what they have, for different reasons. Some are basically obligated to do that. Some just want to do that. All of that, it seems, we can enforce cryptographically.
How, in particular? That is what PIPEs are all about. Two years ago, honestly, it would have sounded like complete insanity. But thanks to broader work in the industry making this research practical, or at least possible, we can have that and not sound like we are insane.
What do we want to achieve? We want arbitrary spending conditions, which is effectively what covenants are about. We want not to trust anybody. We want not to pollute Bitcoin, which is the most important thing. We have had so many systems that were polluting Bitcoin and destabilizing it.
The construction is based on a cryptographic primitive called witness encryption, and it allows us to do all of that stuff.
What is witness encryption? It is a type of cryptographic primitive that allows you to decrypt a key to do a certain transaction only after you prove cryptographically that you have satisfied certain conditions, a certain predicate, or done certain compute. If you have not done that compute correctly, you do not get the key. You do not get the transaction. Basically, that is it.
It does not require third parties for the decryption phase. It does not require side systems, operators, or anything like that. The absence of operators for certain systems is also quite interesting because it can make the system more compliant. For example, with privacy needs, as we have figured out recently, the presence of operators who do transactions and effectively become transaction parties makes these protocols legally questionable. We remove that problem, not just legally, but technically, by solving it without operators at all.
A little bit of history. Bitcoin PIPEs is not a new thing. It has been around for a while. The first thing we published was in October 2024. Originally it was based on a different cryptographic primitive, and it paved the way for conditional decryption-based approaches. Bitcoin PIPEs v2 is the evolution of that. We published it recently, a couple of months ago.
Obviously, all of this sounds good, but there are downsides, and we have to be honest and open about them. Bitcoin PIPEs v2, in the currently published version, is not very cheap to use because of computational requirements. This stuff is pretty novel, so we are still working on it. Optimizations we are likely to release this year will bring the cost of decrypting a covenant down to maybe comparable to average Bitcoin transaction fees.
What is interesting is that, no matter what, we managed to make it work within Bitcoin block time, within ten minutes. You can actually do a decryption. You can actually do a covenant every ten minutes with some resources. It is doable.
The usual workflow for conditional decryption is that you create something, you lock a key, and you put some funds there. Nobody knows this key until the compute is proven. Once the compute is proven, the PIPE decrypts the key, and you can transact. The fact that you have this key and can sign a signature attests that you have done everything correctly. Without this, you would never have had it. It is all enforced cryptographically. Nobody enforces that as a third party.
Which covenants in particular can PIPEs do, and which can they not do? PIPEs v2 effectively allow what we call binary covenants, which means those opcodes or predicates that end up with either zero or one. It is either valid or not.
Which opcodes do we have like this? Which BIPs and proposals that may never make it into Bitcoin Script do we have like this? There is the famous combination of CTV plus CSFS that everybody wants. There are nuances about vaults, but yes, the result of the decryption predicate is either zero or one. Can we do a vault with PIPEs? Yes, we can do vaults with PIPEs of different kinds. Maybe not the exact emulation, but still different kinds.
Can we do hyped-up things like CTV or CAT? We have figured out that indirectly, yes. Instead of CTV, we can do something like check-CTV. With CAT, we can probably do check-CAT, or something like this. Effectively, anything that ends up in zero or one can be done indirectly. Again, not directly, but still.
People say we already have ZKPs on Bitcoin, and the first thing they think about is scaling and privacy. But it turned out that having non-interactive ZKPs on Bitcoin is quite an interesting result. We wanted to solve covenants, but we accidentally solved non-interactive ZKPs as well. Of course, with adjustments for probabilistic finality, forks, and things like that. We have to be honest about that.
Differentiating from other methods for doing ZKPs on Bitcoin, this provides the smallest possible footprint on Bitcoin. It does not require you to put megabytes of data on chain or inscribe megabytes of data, and it does not require you to wait to disprove something or wait a week until everybody says, okay, this is good, probably nothing is going to happen. There is no optimistic verification there.
What does it get us? Having non-interactive ZKPs on Bitcoin and having vaults means we can actually do fun metaprotocols again. We have seen those metaprotocols a lot, and they kind of died. Why? Because there was no Bitcoin there. Why was there no Bitcoin there? Because the vaults were basically multisigs. You put your money in a multisig and hope that somebody will maybe give you your money back. We have seen a lot of that stuff, and nobody received anything back.
We hope and think that having non-interactive ZKPs, vaults, and all of that will give birth to better and more fun metaproducts, like privacy metaprotocols or non-consensus logic using metaprotocols. They could use CAT, CTV, and other things that may never make it into consensus.
We hope to see more Bitcoin being used inside of it, which means more functionality, more programmability, and more privacy without third parties.
PIPEs actually have some applications for Bitcoin L1 itself. Since now, at least on paper and in theory, and we are working on implementation, we can do non-consensus logic or maybe interesting opcodes without touching consensus itself. We might even start simplifying Bitcoin. We can start cutting out things that were added in there, God knows why, or just offload as much as possible. We can stop worrying about hacky things and try to offload, offload, offload, keeping Bitcoin itself as simple, stable, and secure as possible. Consensus should be stable. That is the thing we should focus on. Everything else should be offloaded.
What is next? We are working a lot on cryptanalysis. We are working with others and with academic institutions to make sure PIPEs are secure, that nothing gets broken, and that everything is sound, because it is all pretty novel.
We are going to be doing open cryptography challenges. We are going to be locking some Bitcoin behind a trivial, simple PIPE. If you find a bug there and you are able to crack it, please do it. Come by and collect your Bitcoin. That is a good thing to do, I would say, and you are very welcome to do that.
We are also going to be working on improving efficiency, reducing ciphertext size, and a proof-of-concept implementation. A full implementation is coming up. Of course, we are going around and talking to people about what this is helpful for besides the ideas we already have in mind. We are happy to talk with Lightning people. We are happy to talk with BitVM people. We are happy to talk about all of that stuff because, if you have covenants, you apparently can do a lot. Not all the covenants in the world, of course, but certain covenants.
I guess that is what it is. Done.
Similar
Sessions
Bitcoin PIPEs v2: Covenants and ZKPs on Bitcoin via Witness Encryption
Bitcoin PIPEs v2: Covenants and ZKPs on Bitcoin via Witness Encryption
Speakers/Moderators
Other
Speakers
Michael Saylor
Michael Saylor
Todd Blanche
Todd Blanche
Biography of Deputy Attorney General Todd Blanche
The Honorable Todd Blanche is the 40th Deputy Attorney General of the United States, overseeing the work of the 115,000 dedicated employees who fulfill the Department of Justice’s mission at Main Justice, the FBI, DEA, U.S. Marshals, ATF, and 93 U.S. Attorney’s Offices.
Todd began his career at the Department where he served for over fifteen years in a variety of capacities, including as a contractor, a paralegal in the Criminal Division, and at the United States Attorney’s office for the Southern District of New York where he eventually became an AUSA and later a supervisor.
After leaving the Department, Todd worked as a criminal defense attorney that included representing President Donald Trump in three of the criminal cases brought against him in 2023 and 2024.
Following President Trump’s historic return to the White House, the President appointed Todd to work alongside Attorney General Pam Bondi to make America safe again. At the DOJ, Todd is working tirelessly to implement President Trump’s priorities that include confronting illegal protecting American businesses from fraud.
Todd has been married to his wonderful wife Kristine for nearly thirty years, is a father and grandfather.
Paul Atkins
Paul Atkins
Prior to returning to the SEC, Chairman Atkins was most recently chief executive of Patomak Global Partners, a company he founded in 2009. Chairman Atkins helped lead efforts to develop best practices for the digital asset sector. He served as an independent director and non-executive chairman of the board of BATS Global Markets, Inc. from 2012 to 2015.
Chairman Atkins was appointed by President George W. Bush to serve as a Commissioner of the SEC from 2002 to 2008. During his tenure, he advocated for transparency, consistency, and the use of cost-benefit analysis at the agency. Chairman Atkins also represented the SEC at meetings of the President’s Working Group on Financial Markets and the U.S.-EU Transatlantic Economic Council. From 2009 to 2010, he was appointed a member of the Congressional Oversight Panel for the Troubled Asset Relief Program.
Before serving as an SEC Commissioner, Chairman Atkins was a consultant on securities and investment management industry matters, especially regarding issues of strategy, regulatory compliance, risk management, new product development, and organizational control.
From 1990 to 1994, Chairman Atkins served on the staff of two chairmen of the SEC, Richard C. Breeden and Arthur Levitt, ultimately as chief of staff and counselor, respectively. He received the SEC’s 1992 Law and Policy Award for work regarding corporate governance matters.
Chairman Atkins began his career as a lawyer in New York, focusing on a wide range of corporate transactions for U.S. and foreign clients, including public and private securities offerings and mergers and acquisitions. He was resident for 2½ years in his firm's Paris office and admitted as conseil juridique in France.
A member of the New York and Florida bars, Chairman Atkins received his J.D. from Vanderbilt University School of Law in 1983 and was Senior Student Writing Editor of the Vanderbilt Law Review. He received his A.B., Phi Beta Kappa, from Wofford College in 1980.
Originally from Lillington, North Carolina, Chairman Atkins grew up in Tampa, Florida. He and his wife Sarah have three sons.
Mike Selig
Mike Selig
Chairman Selig brings to the role deep public and private sector experience working with a wide range of stakeholders across agriculture, energy, financial, and digital asset industries, which rely upon and operate in CFTC-regulated markets.
Prior to his leadership at the CFTC, Chairman Selig most recently served as chief counsel of the Securities and Exchange Commission’s Crypto Task Force and senior advisor to SEC Chairman Paul S. Atkins. In this role, Chairman Selig helped to develop a clear regulatory framework for digital asset securities markets, harmonize the SEC and CFTC regulatory regimes, modernize the agency’s rules to reflect new and emerging technologies, and put an end to regulation by enforcement. He also participated in the President’s Working Group on Digital Asset Markets and contributed to its report on “Strengthening American Leadership in Digital Financial Technology.”
Prior to government service, Chairman Selig was a partner at an international law firm, focusing on derivatives and securities regulatory matters. During his years in private practice, he represented a broad range of clients subject to regulation by the CFTC, including commercial end users, futures commission merchants, commodity trading advisors, swap dealers, designated contract markets, derivatives clearing organizations, and digital asset firms. Chairman Selig advised clients on compliance with the Commodity Exchange Act and the CFTC’s rules and regulations thereunder, including in connection with registration applications and obligations, enforcement matters, and complex transactions.
Chairman Selig earned his law degree from The George Washington University Law School and was articles editor of The George Washington Law Review. He received his undergraduate degree from Florida State University.
David Bailey
David Bailey
Eric Trump
Eric Trump
Mr. Trump also serves as Executive Vice President of The Trump Organization, where he oversees the global management and operations of the Trump family’s extensive real estate portfolio. This includes Trump Hotels, Trump Golf, commercial and residential real estate, Trump Estates, and Trump Winery. Known for his hands-on leadership and strong market instincts, he has played a key role in expanding the company’s presence across major U.S. and international markets.
A globally recognized business leader and public figure, Mr. Trump is a prominent advocate for Bitcoin and decentralized finance. He is a co-founder of World Liberty Financial, a decentralized finance (DeFi) platform, and serves on the Board of Advisors of Metaplanet, Japan’s largest corporate holder of Bitcoin.
Beyond his business activities, Mr. Trump has helped raise more than $50 million for St. Jude Children’s Research Hospital in the fight against pediatric cancer, a philanthropic mission he began at age 21.
Mr. Trump earned a degree in Finance and Management from Georgetown University. He currently resides in Florida with his wife, Lara, and their two children. He is also the author of Under Siege, his memoir published in October 2025.
Jack Mallers
Jack Mallers
Cynthia Lummis
Cynthia Lummis
As the first-ever Chair of the Senate Banking Subcommittee on Digital Assets, Senator Lummis is the architect of the legislative framework shaping America's digital asset future. She introduced the landmark Lummis-Gillibrand Responsible Financial Innovation Act, the first comprehensive bipartisan crypto regulatory framework in Senate history. She co-authored the GENIUS Act — the first federal stablecoin law ever enacted — and introduced the BITCOIN Act, which would establish a U.S. strategic Bitcoin reserve of up to one million BTC. She is leading the Clarity Act, which will bring long-overdue regulatory certainty to the digital asset industry. She has also championed digital asset tax reform, including a de minimis exemption for small transactions and equal tax treatment for miners and stakers.
Known as Congress' "Crypto Queen," Senator Lummis represents Wyoming — a state she has helped build into one of the most digital asset-friendly regulatory environments in the nation. Before serving in the Senate, she served 14 years in the Wyoming Legislature, eight years as Wyoming State Treasurer, and eight years in the U.S. House. She is a three-time graduate of the University of Wyoming.
Her work represents a crucial bridge between traditional financial systems and the emerging digital economy, ensuring America leads the world in financial innovation while protecting the individual freedoms that define it.
Adam Back
Adam Back
Amy Oldenburg
Amy Oldenburg
David Marcus
David Marcus
Matt Schultz
Matt Schultz
Fred Thiel
Fred Thiel
Throughout his career, Mr. Thiel has consistently driven rapid growth and created substantial shareholder value. Prior to MARA, Mr. Thiel served as the CEO of two other public companies, Local Corporation (NASDAQ: LOCM) and Lantronix, Inc (NASDAQ: LTRX). He has successfully raised billions in equity and debt through private and public offerings, led companies through IPOs, executed high-value exits to strategic and financial acquirers, and implemented effective M&A and roll-up strategies.
Mr. Thiel attended the Stockholm School of Economics and executive classes at Harvard Business School, and is fluent in English, Spanish, Swedish, and French. Mr. Thiel is the Chairman of the Board for Oden Technology, Inc. and is active in Young Presidents’ Organization where he has led initiatives in both the FinTech and Technology Networks.
A recognized voice in the industry, Fred frequently shares his insights on energy and technology with major media outlets like Bloomberg TV, CNBC, and FOX Business, contributing to vital discussions about the future of these sectors.
Tim Draper
Tim Draper
He is a supporter and global thought leader for entrepreneurs everywhere, and is a leading spokesperson for Bitcoin and decentralization, having won the Bitcoin US Marshall’s auction in 2014, invested in over 50 crypto companies, and led investments in Coinbase, Ledger, Tezos, and Bancor, among others.
Afroman
Afroman
