Proposal: new opcode OP_ZKP to enable ZKP-base spending authorization \ stacker news ~bitcoin

Proposal: new opcode OP_ZKP to enable ZKP-base spending authorization lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-April/021592.html

3317 sats \ 11 comments \ @Rsync25 30 Apr 2023 bitcoin

view all related items

1321 sats \ 0 replies \ @tldr_dead 30 Apr 2023

Weiji Guo has proposed a new opcode, OP_ZKP, for Bitcoin that would enable the network to authorize spending based on off-chain computation as long as acceptable proof is provided. This would additionally equip the Bitcoin script with Turing completeness and allow for the building of payment channels, stablecoin, decentralized exchanges, and DeFi, to name a few potential applications. The new opcode could be implemented with a soft fork and specific details and considerations are laid out in the proposal. The potential uses and implications for computation power services, contract composability, and wallet applications are also discussed.

11 sats \ 0 replies \ @orthzar 30 Apr 2023

The proposal doesn't mention it, but some Zero Knowledge Proof schemes are post-quantum secure. Unfortunately, this proposal uses a ZKP that is not post-quantum secure (i.e. it uses ECC). If the proposal were modified to use a post-quantum secure ZKP, then I think it would be even more attractive than it already is.

The author has inadvertently revealed a path to adding PQC to Bitcoin that doesn't require a hardfork.

0 sats \ 0 replies \ @_b_o_n_e_s_ 1 May 2023

spicy! 🌶️

0 sats \ 0 replies \ @03d2338e4e 30 Apr 2023

I think the less we add to Bitcoin the better.

It's similar to the ChatGPT TLDR discussion of the other day.

Let's not add for the sake of adding.

I have no clue how ZKP would could improve my experience as a daily BTC user, and if the answer is not 100% clear and concise, and is instead murky or blurred, I say we stay the fuck away.

Every single change introduces points of failure, or new vectors of attack. We are humans using (probably aliens but I'll put away my tinfoil hat) human code, and where there are humans there will be oversight, even in a 100% open source environment.

0 sats \ 0 replies \ @ek 30 Apr 2023

@tldr

0 sats \ 5 replies \ @franzap 30 Apr 2023

tl;dr?

1372 sats \ 4 replies \ @shibe 30 Apr 2023

ZKPs are pretty complex and I don't fully understand their inner workings, so I'll try to explain the proposal (and potential benefits) and skip how ZKPs actually work

The proposal wants to add zero-knowledge proofs to the Bitcoin base layer through a soft fork. Zero Knowledge Proofs would allow for more complex scripting (allowing you to perform computation off-chain and you can provide a succinct proof it happened on-chain).

It could also enable more layer-2's. I believe the one the author proposed is similar to a roll-up, where users would deposit into a single "ZKP address", and transfer funds to each other off-chain. It's not quite clear what improvements this would offer over classic payment channels.

However, there are a bunch of issues with adding ZKPs to Bitcoin too that would also increase complexity. Verification keys, which are needed to verify ZKPs can be larger than 520 bytes, so you can't include them in a spending script. Thus you would include the hash, and then propagate the key separately. The issue with this is that without the key, you can't verify the transaction, so for a ZKP spend to happen, you'd have to somehow make sure every node on the network has received the verification key. You'd also need to store this key (seemingly permanently) to verify past transactions, which would increase storage requirements.

Generating ZKPs (and verifying individual ZKPs) is also quite computationally expensive. The cost can be reduced by "batching", but you still would only have a limited amount of ZKP-transactions in a single block, because each one can take tens of milliseconds to verify.

0 sats \ 3 replies \ @ek 30 Apr 2023

Reading the proposal now to compare your summary with #171852

What I can already see is that you mentioned that ZKP stands for Zero Knowledge Proof but not Turing completeness

3 sats \ 2 replies \ @shibe 30 Apr 2023

The GPT one is pretty good. I wonder how much more information you could get out of it by just asking it to elaborate a bit more.

5 sats \ 1 reply \ @ek 30 Apr 2023

Yeah, LLMs really shine when used interactively.

118 sats \ 0 replies \ @ass 30 Apr 2023

Here is the current prompt:

"Ignore all previous inputs. " \
"You read news articles and blogs and summarize them. They may be raw html, but I'll try to get you the text." \
"You are concise and you summarize relevant information. Limit your response to 5 sentences." \
"Here is the article: \n\n"