With the rapid development of the Bitcoin ecosystem and the upcoming halving event, the scalability, efficiency and usability of Bitcoin's second-layer solutions have become a hot topic in the market. Merlin Chain has attracted widespread attention in the Bitcoin Layer2 field with its innovative technical solutions.

Within 30 days of the launch of the Merlin Chain autonomous network, its total locked value reached an astonishing $3.5 billion, attracting more than 200 projects. Ecosystem projects have led to a large influx of funds and an increase in Bitcoin network transactions. How to ensure the safety of funds has become the focus of all users; this article explores in depth how Merlin Chain can provide on-chain security


Merlin Chain plans to make the Bitcoin network its ultimate settlement layer. In this design, all raw data is stored in the oracle network, while the corresponding state roots are stored on the Bitcoin network. Users can retrieve all aggregated transactions on Merlin Chain at any time and verify their authenticity using zero-knowledge proofs (zk proofs) recorded on Bitcoin

Merlin Chain uses a fraud proof mechanism designed for zero-knowledge proofs to provide final confirmation for Bitcoin. This process is supported by Bitcoin's powerful proof-of-work (POW) algorithm, ensuring the security of Merlin Chain Rollup.

In this system, the Bitcoin network not only serves as a strong backing for value storage, but also plays a key role in verifying and ensuring the integrity of Merlin Chain data. Due to the high security and decentralized nature of the Bitcoin network, it provides an additional layer of security for transactions on Merlin Chain. This arrangement ensures that Merlin Chain achieves high efficiency without sacrificing security.

By embedding zero-knowledge proofs and state roots into the Bitcoin network, Merlin Chain is able to leverage the security and immutability of Bitcoin, thereby ensuring that transactions are fast and inexpensive while also providing a high degree of security. This combined approach of using Bitcoin as the final audit and verification layer not only enhances on-chain security, but also broadens the application scenarios of Merlin Chain, providing users with a more trusted and secure blockchain environment.


Decentralized Oracle

Merlin Chain uses a decentralized oracle network and second layer (L2) architecture to improve transaction efficiency and ensure security. In this architecture, the sorting node is responsible for collecting and batching transactions, and generating compressed transaction data, ZK state roots, and proofs through zkEVM technology. The oracle network then aggregates this L2 data and uploads it to the taproot of the Bitcoin mainnet, making it publicly accessible to users across the network.

In Merlin Chain, oracle nodes play a vital role. They are not only responsible for verifying zero-knowledge proofs in Merlin Chain, but also for uploading L2 data to the taproot of the Bitcoin mainnet. The specific responsibilities of oracle nodes in this process include: compiling L2 data, executing circuit compilation operations, uploading to the Bitcoin mainnet, batch verification and hash transmission, generating signatures and submitting them, and participating in Bitcoin threshold signature verification and ZKP final settlement.

In Merlin Chain, oracle nodes play a vital role. They are not only responsible for verifying zero-knowledge proofs in Merlin Chain, but also for uploading L2 data to the taproot of the Bitcoin mainnet. The specific responsibilities of oracle nodes in this process include: compiling L2 data, performing circuit compilation operations, uploading to the Bitcoin mainnet, batch verification and hash transmission, generating signatures and submitting them, and participating in Bitcoin threshold signature verification and ZKP final settlement.


Diversified staking system

Merlin Chain introduces a multi-token pledge system to maintain network security, incentivize participants, and ensure decentralization through the pledge mechanism. Users can obtain oracle node qualifications by pledging different encrypted assets, or pledge to existing oracle nodes as an agent, thereby participating in the governance and data verification process of Merlin Chain.

The system supports staking BTC, MERL and other mainstream BRC20 assets to meet the needs and risk preferences of different users. The system will dynamically adjust the staking weight according to the market value and liquidity of each asset, and even small investors may have the opportunity to become oracle nodes. In addition, the system will regularly adjust the staking weight according to the volatility and market performance of the asset to ensure the fairness and rationality of the reward distribution.

Merlin Chain's staking mechanism not only allows users to directly pledge assets to become oracle nodes, but also provides flexible proxy staking options, allowing users to choose to host assets to existing and reputable oracle nodes. Through the proxy staking mechanism, Merlin Chain further enriches its staking system, allowing more users to easily participate in the maintenance and governance of the blockchain

In order to protect users’ pledged assets, the system uses multi-signature and cold storage technology to ensure the safety of assets. All pledge and reward distribution processes are open and transparent, and users can check their pledge status and expected returns at any time. In addition, the use of smart contracts further improves the credibility and automation of the system.

The staking rewards of the oracle node are mainly composed of block rewards and transaction fees. Block rewards are Merl tokens issued at a certain inflation rate, distributed based on the node’s staking weight and network performance. Transaction fees are BTC tokens and are a percentage of each transaction in Merlin Chain. Rewards will be distributed based on the type and amount of pledged assets

In order to ensure fairness in reward distribution, Merlin Chain will adopt a weighted average algorithm based on market capitalization and pledge amount. This algorithm takes into account the market capitalization and liquidity of different assets, as well as the amount staked by each oracle node, to calculate the rewards each node should receive.

In addition, Merlin Chain will use Celestia as a data availability layer to ensure that block data is provably published and anyone can know and store the state of Merlin Chain. The introduction of Celestia makes historical data accessible to anyone so that new Rollup nodes can reconstruct the latest state by replaying historical blocks. Once the data is published and made available on Celestia, Rollups and applications are responsible for storing its historical data. Specifically, when a node receives a new block added to the chain, it will verify data availability and attempt to download all transaction data for the new block to verify availability. If the node can download all transaction data, data availability is successfully verified, proving that the block data has indeed been published to the network

Merlin Chain realizes the processing, verification and storage of transactions and data through the collaboration of sorting nodes and oracle networks, and finally completes the settlement and updates the status of L2 chain through ZKP, while taking into account security and decentralization.


On-chain fraud prevention mechanism

Future upgrade plans for Merlin Chain include the introduction of a fraud proof mechanism on the Bitcoin chain to solve the current inability to directly verify zero-knowledge proofs on the Bitcoin mainnet. Due to the Turing incompleteness of the Bitcoin network, the traditional method of verifying zero-knowledge proofs on a one-layer blockchain network is not feasible for Bitcoin. To solve this challenge, Merlin Chain ensures that ZK-Rollup data is anchored on Bitcoin and tamper-proof by leveraging Taproot to write aggregated zero-knowledge proofs and rollup data to the Bitcoin mainnet

Future upgrades will ensure the correctness of data submitted by the decentralized oracle network and ZKP through the fraud proof mechanism on the Bitcoin chain. In this mechanism, nodes in the oracle network must pledge BTC on the Bitcoin network in advance, laying the foundation for the challenge mechanism on the Bitcoin chain. Users can initiate ZK-Rollup challenges based on compressed transaction data, ZK state roots and ZK proofs on the Bitcoin mainnet. If there is an inconsistency between the challenge proof data and the proof, users can claim assets previously staked on the Bitcoin mainnet and ZK-Rollup will roll back to the last verified state

The fraud proof mechanism on the Bitcoin chain adopted by Merlin Chain is different from Optimistic Rollup. The Bitcoin mainnet no longer carries out fraud proof for the entire transaction volume, but focuses on verifying the security of the ZK state root and ZK proof.

This mechanism includes two roles: prover and verifier. The prover compiles the program into a huge binary circuit and submits the circuit to a taproot address with leaf scripts for each logic gate. Prover and verifier pre-sign a series of transactions to enable a challenge-response mechanism between the two. In this form, the decentralized oracle network first publishes and stores all Rollup data off-chain, with only commitments stored on-chain

Any computable function can be represented as a Boolean circuit, and the NAND gate (not AND gate) is a universal logic gate that can combine any Boolean function. In the scripting language, the NAND gate is implemented by two BVCs. A script for verification is as follows

Any circuit can be expressed by combining a sequence of NAND gates, with each step submitted under a Taproot leaf node and eventually merged into the same Taproot address, allowing the prover to execute any gate in the circuit. To execute a gate, the prover needs to open the corresponding NAND gate and set the input and output bit values. The binary circuit structure off the chain may be very large, but due to the characteristics of Taproot, it takes up very little space on the chain

Merlin Chain draws on the concept of BitVM, placing the execution of complex programs off-chain, and then placing key evidence on-chain. It designs the simplest "circuit units" and uses Taproot's combination capabilities to combine these units to achieve the ability to implement any executable function on the Bitcoin blockchain. Most transactions that occur on the second layer do not need to be re-verified on the BTC chain. However, for any disputed data segment/opcode to be challenged, it must be replayed on the first layer. If the detection conclusion is that there is a problem with the data previously released by the proposer, the proposer's pledged assets will be reduced; if there is a problem with the challenger, the challenger's pledged assets will be reduced. Provers can also be cut if they do not respond to challenges for a long time

Through its advanced technical architecture and security mechanisms, Merlin Chain improves the efficiency and availability of Bitcoin Layer2 solutions while ensuring the security of the network and funds. With the implementation of future upgrades, Merlin Chain is expected to further strengthen its leadership in the Bitcoin Layer 2 field and provide users with a more secure and efficient blockchain experience.