Learn to build safe, expressive smart contracts on Bitcoin with readable, type-safe code.
Bithoven is a high-level, imperative programming language designed for Bitcoin smart contracts. It bridges the gap between complex contract logic and the low-level stack machine of the Bitcoin Virtual Machine (VM).
Unlike writing raw Bitcoin Scriptβwhich is notoriously difficult and
error-proneβBithoven allows you to write readable, auditable code with
modern control flow (if/else), named variables, and built-in safety checks. It compiles down to
highly optimized native Bitcoin Script.
Why Bithoven?
OP_IF <1000> OP_CSV OP_DROP <alice_pk> OP_CHECKSIG OP_ELSE OP_HASH256 <hash> OP_EQUALVERIFY <bob_pk> OP_CHECKSIG OP_ENDIF
Stack-based, hard to read, error-prone
if condition { older 1000; return checksig(sig_alice, alice_pk); } else { verify sha256(sha256(preimage)) == hash; return checksig(sig_bob, bob_pk); }
Readable, type-safe, beginner-friendly
You can install the Bithoven compiler via the command line or package managers.
Try Bithoven instantly in your browser without installation:
Go to Bithoven Online IDE
A Bithoven contract (file extension
.bithoven) consists of three main parts:
Pragmas define the compiler version and the Bitcoin protocol target.
The
target
controls opcode generation.
legacy: Generates P2SH-compatible
script.
segwit: Generates P2WSH-compatible
script.
taproot: Generates P2TR-compatible
script (uses
OP_CHECKSIGADD).
| Type | Description | Example |
|---|---|---|
| bool | Boolean values | true |
| number | Integer values (32-bit signed) | 1000 |
| string | Hex or ASCII string data | "secret" |
| signature | ECDSA or Schnorr signatures | sig_alice |
| pubkey | Valid public key point | "0245..." |
Bithoven allows you to define multiple valid "spending paths" at the top of your file. The compiler verifies that every path is secure.
Use standard if/else logic.
Halts execution if false.
Keywords enforce 32-bit limits automatically.
n blocks.
n.
Hashing:
sha256(data),
ripemd160(data)
Signature Checks: Supports single and multisig via
checksig.
Bithoven is "Correct-by-Construction." The static analyzer runs during compilation.
Ensures every variable (especially signatures) is consumed exactly once. Prevents signature reuse and resource exhaustion.
Analyzes execution paths to ensure safe termination. Prevents Anyone-Can-Spend bugs.
Strictly validates types. Prevents consensus failures like arithmetic on strings or invalid public key points.
Explore real-world Bitcoin smart contract patterns implemented in Bithoven. Each example demonstrates key concepts and can be tried live in the Web IDE.
π Suggested Learning Path
The most basic Bitcoin transaction - requires only a signature to spend.
π‘ Learns: Basic syntax, checksig operation
Use case: Simple wallet, standard payments
Spend coins by revealing a secret that matches a SHA256 hash.
π‘ Learns: Hash verification, secret reveals
Use case: Atomic swaps, payment channels
Coins locked until a specific block height using absolute timelocks.
π‘ Learns: Absolute timelocks (after), CLTV
Use case: Vesting schedules, delayed payments
Lightning Network standard combining hash locks and timelocks with if/else branches.
π‘ Learns: Conditional paths, combining hash+time locks, relative timelocks (older)
Use case: Lightning Network, payment channels
Trustless cross-chain trading with hash locks and timeout refunds.
π‘ Learns: Cross-chain patterns, double SHA256, refund mechanisms
Use case: Decentralized exchanges, cross-chain swaps
Taproot multi-signature authorization requiring both parties to sign.
π‘ Learns: Multisig syntax, Taproot vs SegWit differences
Use case: Joint accounts, shared custody
Marketplace contract with buyer, seller, and arbitrator. Multiple spending paths for different scenarios.
π‘ Learns: 3-party coordination, nested conditions, refund timeouts
Use case: P2P marketplaces, freelance platforms, real estate
Security wallet with delayed withdrawals and immediate cold storage recovery.
π‘ Learns: Hot/cold key hierarchy, security delays, emergency recovery
Use case: Corporate treasuries, high-value custody, exchange cold storage
Democratic governance requiring 2-of-3 approval with security timelock, or 3-of-3 emergency override.
π‘ Learns: Threshold signatures, governance delays, emergency overrides
Use case: DAO treasuries, board approvals, multi-stakeholder governance
Three-tier access: owner (anytime), heir (after 1000 blocks + secret), lawyers (after 10,000 blocks).
π‘ Learns: Cascading timelocks, secret-based access, fallback multisig
Use case: Estate planning, inheritance vaults, tiered recovery
Decentralized betting with cryptographic oracle commitment, multi-outcome resolution, and refund mechanism.
π‘ Learns: Oracle commitment schemes, multi-outcome branching, complex refund logic
Use case: Sports betting, price predictions, decentralized insurance
By Difficulty:
By Use Case:
A: Bithoven is a high-level, type-safe programming language for writing Bitcoin smart contracts. It provides imperative syntax (if/else, return) instead of low-level stack operations, and compiles to native Bitcoin Script.
A: No! That's the point. Bithoven abstracts away the complexity of Bitcoin Script's stack-based operations. You write readable code with familiar programming constructs, and the compiler handles the low-level details.
A: Miniscript is a policy language focused on composability and correctness. Bithoven is an imperative programming language that offers more expressive control flow (nested if/else, early returns) while maintaining formal safety guarantees. Both compile to Bitcoin Script, but Bithoven targets developers who want imperative syntax.
older and after?
A: older N is a relative timelock (OP_CHECKSEQUENCEVERIFY) -
locks coins for N blocks after the UTXO is created.
after N is an absolute timelock (OP_CHECKLOCKTIMEVERIFY) -
locks coins until block height N. Use older for "wait X blocks from now", and after for "unlock at specific time".
A: No. Bitcoin Script (and therefore Bithoven) has amount blindness - scripts cannot read UTXO values or control output amounts. These require pre-signed transactions or off-chain coordination. Bithoven focuses on spending conditions, not transaction construction.
A: Bithoven v0.0.1 is in beta. The compiler has formal verification and passes extensive tests, but has not been independently audited. Use for research, prototyping, and learning. For production deployments, please conduct thorough testing and security review.
A: Use the Web IDE
for quick experimentation. For thorough testing, compile your contract and use Bitcoin testing frameworks like
bitcoin-core regtest or btcd.
A: Check the GitHub repository for documentation, or open an issue if you encounter problems. For research questions, refer to the Bithoven paper.