Zenon Portal v1.5 — A Trust-Reduced Bitcoin Interoperability Protocol

Overview

Zenon Portal v1.5 is a trust-reduced interoperability protocol that separates Bitcoin custody from Zenon execution. Funds never leave the Bitcoin base layer. Instead of transferring assets to a federated multisig, Zenon Portal extends execution capability to Zenon by giving it verifiable, cryptographic knowledge of Bitcoin's state through SPV (Simplified Payment Verification) Merkle inclusion proofs.

The Lifecycle of an Escrowed Bitcoin

1. Deposit: User locks BTC into a Taproot escrow script. 2. Verify: Relayer submits an SPV Merkle inclusion proof. 3. Mint: Zenon credits eBTC to the depositor. 4. Withdraw: User burns eBTC and a FROST threshold signature unlocks the BTC. eBTC is not a wrapped token — it is a Zenon-native accounting receipt representing a verified claim on a base-layer Bitcoin UTXO.

Two Distinct Escrow Classes

Class R (Refund-Protected): Strict user safety. Relayers cannot move or consolidate funds without the user's live cryptographic signature. Key-path spending is mathematically disabled via a NUMS point. Withdrawal requires both the user signature (pk_u) and the relayer threshold (pk_frost_epoch). A unilateral refund leaf allows the user to reclaim funds after ABSOLUTE_EXPIRY using only their own key.

Class P (Pool-Liquidity): Execution efficiency. The FROST Epoch Key is placed at the Taproot internal key, granting relayers unilateral authority to spend the UTXO. This enables seamless, non-interactive withdrawals and UTXO consolidation. The trade-off is exposure to relayer collusion and combined censorship attacks. A time-limited unilateral refund leaf provides a fallback exit.

Trade-Off Matrix: Class R vs Class P

Withdrawal UX: Class R requires the user to be online (interactive), Class P is relayer-managed (non-interactive). Relayer Theft Risk: Impossible for Class R (requires user signature), Vulnerable for Class P (requires threshold collusion). Consolidation Risk: Impossible for Class R, Allowed for Class P during the Safety Window. A9 Attack Vulnerability: Class R is structurally immune, Class P has acknowledged risk. Unilateral Exit Guarantee: Permanent for Class R (if unspent), Time-limited for Class P.

The SPV Verifier

Deposit verification is cryptographic, not social. Zenon maintains a continuous chain of Bitcoin block headers. The verifier relies on a hardcoded, governance-approved GENESIS_CHECKPOINT. All SPV proofs must anchor to a chain descending from this root. Deposits must be valid P2TR (Pay-to-Taproot) transactions and are checked for CVE-2012-2459 resistance.

The Relayer System and FROST Coordination

Relayers provide liveness and, for Class P, pooled custody. They coordinate using FROST (Flexible Round-Optimized Schnorr Threshold Signatures). Unlike MuSig2 which requires n-of-n participation, FROST is a t-of-n scheme. Any subset of t relayers can produce a single aggregate Schnorr signature that satisfies the Bitcoin Taproot key-path, leaving no on-chain evidence of which specific relayers signed.

UTXO Consolidation and the Safety Window

To prevent UTXO fragmentation, relayers can consolidate Class P UTXOs. However, they may only do so once the safety window opens (after 2016 blocks). Once consolidated, the original Bitcoin UTXO ceases to exist, permanently eliminating the depositor's Bitcoin-native exit path.

The Cross-Layer Withdrawal Protocol

Step 1: User burns eBTC on Zenon, protocol locks max fee in reserve. Step 2: Relayer claims withdrawal and reserves a specific UTXO. Step 3: FROST threshold generates and broadcasts the Bitcoin transaction. Step 4: Relayer submits a WithdrawalCompletionProof (SPV) back to Zenon. Step 5: UTXO is marked spent, fee credited to relayer, remainder refunded.

Economic Security: Attributable Slashing

Relayers lock capital bonds on Zenon. They must cryptographically commit to a SpendIntent on Zenon before signing on Bitcoin. On the honest path, they post a valid SigningBundle. On the malicious path, a Watcher submits a SlashProof, resulting in attributable bond forfeiture and Watcher rewards. Caveat: a highly coordinated threshold could compute the FROST key off-protocol and bypass attribution entirely. Class P is trust-reduced, not trustless.

The Unilateral Refund Path

If relayers censor transactions or the Zenon network suffers an outage, the depositor is not stranded. Once the absolute timelock expires, the user broadcasts a raw Bitcoin transaction directly to the base layer, reclaiming their original UTXO. Requirement: the UTXO must remain unspent and the user must still possess their original pk_u key.

eBTC Fungibility and Secondary Holder Risks

eBTC is fully fungible at the protocol accounting level. However, collateral quality varies — Class R UTXOs are shielded while Class P UTXOs are liquid. Secondary risk: if a user buys eBTC on the open market, they do not own the underlying pk_u of the backing UTXO. Secondary holders possess no Bitcoin-native refund path. Their exit relies entirely on Zenon network liveness and pool collateralization.

Synthesis: The Trust-Reduced Bridge

Zenon Portal v1.5 sits between federated multisig bridges (high trust, opaque) and a fully trustless two-way peg (currently impossible on Bitcoin base layer). It does not claim to be trustless — because a trustless Bitcoin bridge does not exist. It is a highly engineered, trust-reduced schematic that forces execution risk into the open, allows users to choose their own exit guarantees, and verifies truth through cryptography rather than social attestation.

Scroll

Zenon Portal v1.5 Blueprint — A trust-reduced interoperability protocol separating Bitcoin custody from Zenon execution. Diagram shows a Bitcoin UTXO connected to a Zenon eBTC token across an air-gap boundary, illustrating how funds remain on the Bitcoin base layer while execution occurs on Zenon Network.

Custody belongs on Bitcoin, execution belongs on Zenon. The Settlement Layer shows a Bitcoin vault containing Taproot UTXOs secured by cryptographic locks. The Execution Layer shows the Zenon engine with gears representing smart contract processing. Bidirectional cryptographic SPV proofs connect the two layers, proving that funds never leave the Bitcoin base layer.

The lifecycle of an escrowed Bitcoin in Zenon Portal: Step 1 Deposit — user locks BTC into a Taproot escrow script. Step 2 Verify — a relayer submits an SPV Merkle inclusion proof to Zenon. Step 3 Mint — Zenon credits eBTC to the depositor. Step 4 Withdraw — user burns eBTC and a FROST threshold signature unlocks the original BTC. eBTC is not a wrapped token but a Zenon-native accounting receipt backed by a verified base-layer Bitcoin UTXO.

The core paradigm of Zenon Portal: two distinct escrow classes that depositors must explicitly choose. Class R (Refund-Protected) provides strict user safety where relayers cannot move or consolidate funds without the user's live cryptographic signature. Class P (Pool-Liquidity) provides execution efficiency where the user delegates key-path authority to the relayer threshold for non-interactive withdrawals, accepting consolidation and theft risks.

Class R escrow script tree: cryptographically bound to user consent. The Taproot internal key is set to a NUMS point, mathematically disabling key-path spending so relayers have zero unilateral power. Leaf 1 (Cooperative Withdrawal) requires an AND condition — both the user signature (pk_u) and the relayer FROST threshold signature (pk_frost_epoch). Leaf 2 (Unilateral Refund) uses an ABSOLUTE_EXPIRY timelock allowing the user to reclaim funds with only their own pk_u key.

Class P escrow script tree: delegated authority for pooled efficiency. The FROST Epoch Key (pk_frost_epoch) is placed at the Taproot internal key, allowing a threshold signature to unlock the key-path and granting relayers unilateral spending authority. This enables seamless non-interactive withdrawals and UTXO consolidation. Leaf 1 provides a time-limited unilateral refund via ABSOLUTE_EXPIRY where the user can reclaim funds using pk_u before the timelock expires.

Trade-off matrix comparing Zenon Portal Class R and Class P escrow models. Withdrawal UX: Class R is interactive requiring an online user, Class P is non-interactive and relayer-managed. Relayer Theft Risk: impossible for Class R (requires user signature), vulnerable for Class P (requires threshold collusion). Consolidation Risk: impossible for Class R, allowed for Class P during the Safety Window. A9 Attack Vulnerability: Class R is structurally immune, Class P has acknowledged risk. Unilateral Exit Guarantee: permanent for Class R if unspent, time-limited for Class P.

Establishing truth with the SPV Verifier: deposit verification in Zenon Portal is cryptographic, not social. Zenon maintains a continuous chain of Bitcoin block headers. A Merkle tree branches from the block headers to validate P2TR (Pay-to-Taproot) deposits with CVE-2012-2459 resistance. All SPV proofs must anchor to a chain descending from a hardcoded, governance-approved GENESIS_CHECKPOINT deployment constant.

The Relayer System and FROST Coordination in Zenon Portal. Seven relayer nodes arranged in a ring connect to a central lock icon representing the aggregate Schnorr signature. Relayers use FROST (Flexible Round-Optimized Schnorr Threshold Signatures), a t-of-n scheme where any subset of t relayers produces a single signature satisfying the Bitcoin Taproot key-path. Unlike MuSig2 which requires n-of-n participation, FROST leaves no on-chain evidence of which specific relayers signed.

UTXO Consolidation and the Safety Window in Zenon Portal. A timeline shows the Safe Period (green) where the user holds the unilateral refund right, followed by a Consolidation Safety Window boundary at 2016 blocks, then the Consolidation Window (orange) where relayers may merge multiple Class P UTXOs into a single larger UTXO. Once consolidated, the original Bitcoin UTXO ceases to exist, permanently eliminating the depositor's Bitcoin-native exit path.

The cross-layer withdrawal protocol spanning Zenon and Bitcoin. Step 1: user burns eBTC on Zenon, protocol locks max fee in reserve. Step 2: relayer claims the withdrawal and reserves a specific UTXO. Step 3 (on Bitcoin): FROST threshold generates and broadcasts the Bitcoin transaction. Step 4: relayer submits a WithdrawalCompletionProof via SPV back to Zenon. Step 5: UTXO is marked spent, fee credited to the relayer, remainder refunded. Relayers prioritize UTXOs nearest to expiry to preserve pool collateralization.

Economic security through attributable slashing: the accountability loop in Zenon Portal. Relayers lock capital bonds on Zenon, then must cryptographically commit to a SpendIntent before signing on Bitcoin. On the honest path, relayers post a valid SigningBundle on Zenon (checkmark). On the malicious path, spending without intent triggers a Watcher to submit a SlashProof, resulting in attributable bond forfeiture and Watcher rewards. Caveat: a highly coordinated threshold could compute the FROST key off-protocol, bypassing attribution — Class P is trust-reduced, not trustless.

The ultimate exit: the unilateral refund path in Zenon Portal. If relayers censor transactions or the Zenon network suffers an outage, the depositor is not stranded. A User Node connects through an ABSOLUTE_EXPIRY hourglass timelock to a Bitcoin Vault. Once the timelock expires, the user broadcasts a raw Bitcoin transaction directly to the base layer, reclaiming their original UTXO. Requirement: the UTXO must remain unspent and the user must still possess their original pk_u key.

eBTC fungibility and secondary holder risks in Zenon Portal. Class R UTXOs (shielded, orange) and Class P UTXOs (liquid, green) flow into a funnel producing the unified eBTC supply. eBTC is fully fungible at the protocol accounting level, but collateral quality varies. Secondary risk: if a user buys eBTC on the open market, they do not own the underlying pk_u of the backing UTXO and possess no Bitcoin-native refund path. Their exit relies entirely on Zenon network liveness and pool collateralization.