Bitcoin has a scripting language built into it, allowing many types of smart contracts to be created. Examples atomic swapsAnd the Lightning Payment Channels And the Zero-Knowledge Conditional Payments (ZKCPs). this is A later paper by Banasik, Dziembowski, and Malinowski (BDM16) It greatly improves this efficiency. Multiple signatures are also easy to do, and interestingly, much easier than Ethereum.
ZKCPs are very generic and can perform any contract in which counterparties and contract terms are known at setup time, although they do require the use of some new, slow cryptocurrency (which is done off-chain, and Bitcoin never gets exposed).
An even more unusual example is Peter Todd’s reward for anyone who can crash into SHA1, SHA256 or RIPEMD160. SHA1 collision reward taken.
I think the only thing Ethereum can actually do is Bitcoin I can not Do, is the premise on the output being spent. This will be enough to implement vows, which would be a mixed blessing. Andrew Miller argues that the Ethereum account model allows it to enter into contracts more efficiently than the Bitcoin UTXO model, which may be true, but the examples I’ve seen of this (a) lose privacy by storing a lot of irrelevant states in one account and (b) Exploiting the global Ethereum store of key value, which is much more expensive to maintain than the UTXO pool. Efficiently digressing (effective for investigators, not transacting parties :)) achievable through creative use of ZKCP, might be pretty much how the BDM16 paper does an atomic trade-off with them, but I haven’t worked out the details.
As a final note, it is easier, by design, to implement and deploy Ethereum contracts. However, I think the tricky part of smart contracting is to analyze the contracts and prove correct behavior given all the inputs. (Both the Ethereum and Bitcoin script languages fall short of this number, and it’s generally hard to think effectively.)