* [bitcoin-dev] ZeroSync: Introducing Validity Proofs to Bitcoin
@ 2023-05-12 12:12 Robin Linus
2023-05-12 15:32 ` Weiji Guo
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Robin Linus @ 2023-05-12 12:12 UTC (permalink / raw)
To: bitcoin-dev
[-- Attachment #1: Type: text/plain, Size: 1803 bytes --]
Hi all,
Today we are publishing a summary of our research on "ZeroSync: Introducing Validity Proofs to Bitcoin".
Here's the preface:
We introduce ZeroSync, the first-ever proof system addressing Bitcoin’s scalability challenges with Succinct Non-Interactive Argument of Knowledge (SNARKs). ZeroSync compresses the entire Bitcoin blockchain into a compact proof of validity, enabling instant verification and unlocking various innovative applications. We discuss our prototype implementation of a chain state proof, utilizing the Cairo language, Utreexo, and recursive STARKs. Our work enables diverse applications, including quick bootstrapping of full nodes, trustless light clients, enhanced Lightning Network privacy, and secure cross-chain bridges. Chain state proofs require no consensus changes, which is crucial as forks in Bitcoin are challenging to implement and achieve consensus for. Despite the existing bottleneck of prover performance, we present a range of optimization strategies and demonstrate the practicality of generating a complete chain state proof.
Finally, we introduce zkCoins, a client-side validation protocol combined with zeroknowledge SNARKs, drastically improving privacy and throughput of token transactions. In combination with future Bitcoin features, such as Simplicity, zkCoins also enables private and more scalable BTC transactions.
The groundbreaking compression capabilities of SNARKs initiated a paradigm shift in cryptocurrency design, and ZeroSync is pioneering their application to Bitcoin.
You can find the full paper here: https://zerosync.org/zerosync.pdf <https://zerosync.org/zerosync.pdf>
Happy to receive any comments and answer any questions the bitcoin dev community may have about the paper!
Best regards,
Robin Linus
[-- Attachment #2: Type: text/html, Size: 3230 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] ZeroSync: Introducing Validity Proofs to Bitcoin
2023-05-12 12:12 [bitcoin-dev] ZeroSync: Introducing Validity Proofs to Bitcoin Robin Linus
@ 2023-05-12 15:32 ` Weiji Guo
2023-05-12 16:03 ` Robin Linus
2023-06-05 18:47 ` Peter Todd
2023-06-05 18:59 ` Erik Aronesty
2 siblings, 1 reply; 6+ messages in thread
From: Weiji Guo @ 2023-05-12 15:32 UTC (permalink / raw)
To: Robin Linus, Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 2697 bytes --]
Hi Robin,
Could you please expand more on how you plan to "implement a SNARK verifier
on Bitcoin’s base layer"?
For your information, I happen to be the one proposing a new opcode OP_ZKP
to enable the Bitcoin network to verify zkp proofs. My proposal requires a
soft fork. You may find more information from the email archive here:
https://www.mail-archive.com/bitcoin-dev@lists.linuxfoundation.org/msg12601.html
We might be tackling similar issues and probably could benefit from each
other.
Thanks,
Weiji
On Fri, May 12, 2023 at 9:16 PM Robin Linus via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Hi all,
>
> Today we are publishing a summary of our research on "ZeroSync:
> Introducing Validity Proofs to Bitcoin".
>
>
> Here's the preface:
>
> *We introduce ZeroSync, the first-ever proof system addressing Bitcoin’s
> scalability challenges with Succinct Non-Interactive Argument of Knowledge
> (SNARKs). ZeroSync compresses the entire Bitcoin blockchain into a compact
> proof of validity, enabling instant verification and unlocking various
> innovative applications. We discuss our prototype implementation of a chain
> state proof, utilizing the Cairo language, Utreexo, and recursive STARKs.
> Our work enables diverse applications, including quick bootstrapping of
> full nodes, trustless light clients, enhanced Lightning Network privacy,
> and secure cross-chain bridges. Chain state proofs require no consensus
> changes, which is crucial as forks in Bitcoin are challenging to implement
> and achieve consensus for. Despite the existing bottleneck of prover
> performance, we present a range of optimization strategies and demonstrate
> the practicality of generating a complete chain state proof. *
> *Finally, we introduce zkCoins, a client-side validation protocol combined
> with zeroknowledge SNARKs, drastically improving privacy and throughput of
> token transactions. In combination with future Bitcoin features, such as
> Simplicity, zkCoins also enables private and more scalable BTC
> transactions. *
> *The groundbreaking compression capabilities of SNARKs initiated a
> paradigm shift in cryptocurrency design, and ZeroSync is pioneering their
> application to Bitcoin.*
>
>
> You can find the full paper here: https://zerosync.org/zerosync.pdf
> Happy to receive any comments and answer any questions the bitcoin dev
> community may have about the paper!
>
>
>
> Best regards,
> Robin Linus
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: Type: text/html, Size: 3953 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] ZeroSync: Introducing Validity Proofs to Bitcoin
2023-05-12 15:32 ` Weiji Guo
@ 2023-05-12 16:03 ` Robin Linus
0 siblings, 0 replies; 6+ messages in thread
From: Robin Linus @ 2023-05-12 16:03 UTC (permalink / raw)
To: bitcoin-dev, Weiji Guo
[-- Attachment #1: Type: text/plain, Size: 1820 bytes --]
Hi Weiji,
> Could you please expand more on how you plan to "implement a SNARK verifier on Bitcoin’s base layer"?
First, I should clarify that I see this as a long-term option, which will take years. If Simplicity gets activated, we could use it to implement a SNARK verifier on Bitcoin's base layer. But for now, we just plan to experiment with Simplicity on the Liquid sidechain when it gets activated.
> For your information, I happen to be the one proposing a new opcode OP_ZKP to enable the Bitcoin network to verify zkp proofs. My proposal requires a soft fork. You may find more information from the email archive here: https://www.mail-archive.com/bitcoin-dev@lists.linuxfoundation.org/msg12601.html <https://www.mail-archive.com/bitcoin-dev@lists.linuxfoundation.org/msg12601.html>
I've seen it; however, I suppose it is hard to establish consensus over some particular kind of op_snark_verify opcode because there are so many competing proof systems with different trade-offs. For example, STARKs are great for a chain state proof as they are scalable and allow for processing huge circuits; however, I would not favor STARKs for an on-chain verifier because there are other proof systems, such as Plonky2, with much smaller proof sizes.
A nice thing about SNARK verifiers is that once we have any verifier, we can use it to wrap other proofs. E.g., we could "compress" the size of a STARK by verifying it in a Plonky2 proof.
Still, Simplicity offers much more flexibility and allows to update verifiers as the research advances.
> We might be tackling similar issues and probably could benefit from each other.
Sounds good! Please join our Telegram group, if you would like to chat about SNARKs on Bitcoin https://t.me/zerosync_chat <https://t.me/zerosync_chat>
Cheers,
Robin
[-- Attachment #2: Type: text/html, Size: 2883 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] ZeroSync: Introducing Validity Proofs to Bitcoin
2023-05-12 12:12 [bitcoin-dev] ZeroSync: Introducing Validity Proofs to Bitcoin Robin Linus
2023-05-12 15:32 ` Weiji Guo
@ 2023-06-05 18:47 ` Peter Todd
2023-06-05 18:59 ` Erik Aronesty
2 siblings, 0 replies; 6+ messages in thread
From: Peter Todd @ 2023-06-05 18:47 UTC (permalink / raw)
To: Robin Linus, Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 3397 bytes --]
On Fri, May 12, 2023 at 02:12:03PM +0200, Robin Linus via bitcoin-dev wrote:
> Hi all,
>
> Today we are publishing a summary of our research on "ZeroSync: Introducing Validity Proofs to Bitcoin".
>
>
> Here's the preface:
>
> We introduce ZeroSync, the first-ever proof system addressing Bitcoin’s scalability challenges with Succinct Non-Interactive Argument of Knowledge (SNARKs). ZeroSync compresses the entire Bitcoin blockchain into a compact proof of validity, enabling instant verification and unlocking various innovative applications. We discuss our prototype implementation of a chain state proof, utilizing the Cairo language, Utreexo, and recursive STARKs. Our work enables diverse applications, including quick bootstrapping of full nodes, trustless light clients, enhanced Lightning Network privacy, and secure cross-chain bridges. Chain state proofs require no consensus changes, which is crucial as forks in Bitcoin are challenging to implement and achieve consensus for. Despite the existing bottleneck of prover performance, we present a range of optimization strategies and demonstrate the practicality of generating a complete chain state proof.
> Finally, we introduce zkCoins, a client-side validation protocol combined with zeroknowledge SNARKs, drastically improving privacy and throughput of token transactions. In combination with future Bitcoin features, such as Simplicity, zkCoins also enables private and more scalable BTC transactions.
> The groundbreaking compression capabilities of SNARKs initiated a paradigm shift in cryptocurrency design, and ZeroSync is pioneering their application to Bitcoin.
>
>
> You can find the full paper here: https://zerosync.org/zerosync.pdf <https://zerosync.org/zerosync.pdf>
> Happy to receive any comments and answer any questions the bitcoin dev community may have about the paper!
Two serious issues with this proposal:
1) You're creating an alternative implementation of the Bitcoin protocol. There
is a _long_ history of such implementations failing to implement an exact copy
of the consensus rules, leading to potential forks. Obviously, if only used by
otherwise lite clients, there is less of a risk associated with this. But the
risk is there and will expand as this tech is used for more sophisticated
things.
2) If the tech advances to the point where proof-generation is fast enough to
happen in real time, Bitcoin miners adopting it along with and other widepsread
adoption it may cause Bitcoin to lose its decentralization. At the heart,
Bitcoin's consensus is a proof of publication scheme: miners are (weakly)
forced to publish blocks by the fact that users and other miners demand blocks
to both validate their coins, and mine further. Without blocks themselves being
published on a timely basis, the censorship resistance of Bitcoin fails because
only a subset of miners actually have the necessary block data to create new
blocks with transactions in them. There's also other scenarios where these
capabilities could be abused, eg with "illegal data" being published in the
chain.
Re: #2, the Bitcoin technical community would be smart to find ways to *defeat*
ZKP schemes, with the goal of making it technologically infeasible to use them
for recently created blocks (eg the last few days worth).
--
https://petertodd.org 'peter'[:-1]@petertodd.org
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] ZeroSync: Introducing Validity Proofs to Bitcoin
2023-05-12 12:12 [bitcoin-dev] ZeroSync: Introducing Validity Proofs to Bitcoin Robin Linus
2023-05-12 15:32 ` Weiji Guo
2023-06-05 18:47 ` Peter Todd
@ 2023-06-05 18:59 ` Erik Aronesty
2 siblings, 0 replies; 6+ messages in thread
From: Erik Aronesty @ 2023-06-05 18:59 UTC (permalink / raw)
To: Robin Linus, Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 2405 bytes --]
"The sender
could store redundant copies of the encrypted transaction data with
multiple trust-
minimized middlemen, for the recipient to download when they come back
online."
sounds like a nostr event sent to a half dozen relays
On Fri, May 12, 2023, 9:15 AM Robin Linus via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Hi all,
>
> Today we are publishing a summary of our research on "ZeroSync:
> Introducing Validity Proofs to Bitcoin".
>
>
> Here's the preface:
>
> *We introduce ZeroSync, the first-ever proof system addressing Bitcoin’s
> scalability challenges with Succinct Non-Interactive Argument of Knowledge
> (SNARKs). ZeroSync compresses the entire Bitcoin blockchain into a compact
> proof of validity, enabling instant verification and unlocking various
> innovative applications. We discuss our prototype implementation of a chain
> state proof, utilizing the Cairo language, Utreexo, and recursive STARKs.
> Our work enables diverse applications, including quick bootstrapping of
> full nodes, trustless light clients, enhanced Lightning Network privacy,
> and secure cross-chain bridges. Chain state proofs require no consensus
> changes, which is crucial as forks in Bitcoin are challenging to implement
> and achieve consensus for. Despite the existing bottleneck of prover
> performance, we present a range of optimization strategies and demonstrate
> the practicality of generating a complete chain state proof. *
> *Finally, we introduce zkCoins, a client-side validation protocol combined
> with zeroknowledge SNARKs, drastically improving privacy and throughput of
> token transactions. In combination with future Bitcoin features, such as
> Simplicity, zkCoins also enables private and more scalable BTC
> transactions. *
> *The groundbreaking compression capabilities of SNARKs initiated a
> paradigm shift in cryptocurrency design, and ZeroSync is pioneering their
> application to Bitcoin.*
>
>
> You can find the full paper here: https://zerosync.org/zerosync.pdf
> Happy to receive any comments and answer any questions the bitcoin dev
> community may have about the paper!
>
>
>
> Best regards,
> Robin Linus
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: Type: text/html, Size: 3648 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] ZeroSync: Introducing Validity Proofs to Bitcoin
@ 2023-08-28 7:49 blk0
0 siblings, 0 replies; 6+ messages in thread
From: blk0 @ 2023-08-28 7:49 UTC (permalink / raw)
To: bitcoin-dev
[-- Attachment #1: Type: text/plain, Size: 773 bytes --]
Peter Todd wrote:
>Two serious issues with this proposal:
>1) You're creating an alternative implementation of the Bitcoin protocol. There
>is a _long_ history of such implementations failing to implement an exact copy
>of the consensus rules, leading to potential forks. Obviously, if only used by
>otherwise lite clients, there is less of a risk associated with this. But the
>risk is there and will expand as this tech is used for more sophisticated
>things.
There is a general purpose zkVM implementation for the RISC-V instruction set:
https://www.risczero.com/
Since Bitcoin Core can be compiled for RISC-V, and RiscZero can prove
execution traces of a RISC-V VM, this argument no longer applies: the exact
consensus rules would be applied and verified.
@blk014
[-- Attachment #2: Type: text/html, Size: 6117 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-08-28 7:49 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-12 12:12 [bitcoin-dev] ZeroSync: Introducing Validity Proofs to Bitcoin Robin Linus
2023-05-12 15:32 ` Weiji Guo
2023-05-12 16:03 ` Robin Linus
2023-06-05 18:47 ` Peter Todd
2023-06-05 18:59 ` Erik Aronesty
2023-08-28 7:49 blk0
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox