Bitcoin is the cryptocurrency with the largest market capitalisation, but its widespread adoption is fundamentally limited by the scalability constraints of its consensus algorithm, which requires every transaction to be confirmed onchain. To address this, several Layer-2 scalability solutions have been proposed to move payments offchain -- most notably, the Lightning Network. However, their deployment remains hindered by cumbersome setup requirements: users must lock funds onchain to participate and engage in complex auxiliary protocols (e.g., for channel rebalancing, top-ups, and routing). Other solutions, like payment pools, sidechains and rollups, cannot be implemented in a non-custodial way on Bitcoin due to its limited scripting capabilities, or require all protocol participants to update the offchain state. In this work, we present Ark, the first Bitcoin-compatible commit-chain. Ark enables offchain transactions of virtual UTXOs (VTXOs), through an untrusted operator who aggregates them into succinct onchain commitments. A distinctive feature of Ark is its ease of deployment: users can receive offchain payments without locking any funds beforehand and Ark state updates can be performed only requiring the users involved in that update. We formally define the Ark protocol and prove its security. During this process, we identified two attacks affecting the testnet implementation, which we responsibly disclosed and proposed fixes for, which have been now integrated into the mainnet implementation. Our experimental evaluation demonstrates that Ark can commit onchain to batches of arbitrarily many VTXOs with a constant-sized footprint of approximately 200 vB. Cooperative exits add one output per user, while unilateral exits require $\mathcal{O}(\log n)$ transactions of roughly 150 vB per VTXO for a batch of $n$ VTXOs.

翻译：比特币是市值最高的加密货币，但其广泛采用从根本上受限于共识算法的可扩展性约束——每笔交易都需在链上确认。为解决此问题，业界提出了多种第二层扩展方案（最著名的当属闪电网络）以将支付迁移至链下。然而，这些方案的部署仍受困于繁琐的设置要求：用户需预先在链上锁定资金，并参与复杂的辅助协议（如通道再平衡、充值及路由）。其他方案（如支付池、侧链与Rollup）因比特币有限的脚本能力而无法以非托管方式实现，或要求所有协议参与者更新链下状态。本文提出Ark——首个兼容比特币的承诺链。Ark通过去信任化的操作者将虚拟UTXO（VTXO）聚合为简洁的链上承诺，实现VTXO的链下交易。其独特优势在于部署简便：用户无需预先锁定任何资金即可接收链下支付，且Ark状态更新仅需涉及该更新的用户参与。我们正式定义了Ark协议并证明了其安全性。在此过程中，我们识别出影响测试网实现的两类攻击，已负责任地披露并提出了修复方案，这些方案现已集成至主网实现。实验评估表明：Ark能以约200 vB的恒定规模将任意数量VTXO批量提交至链上承诺；协作退出为每个用户增加一个输出，而单方退出在包含$n$个VTXO的批量中需执行$\mathcal{O}(\log n)$笔交易（每笔约150 vB）。