pull down to refresh

Weiji Guo has proposed a new opcode, OP_ZKP, for Bitcoin that would enable the network to authorize spending based on off-chain computation as long as acceptable proof is provided. This would additionally equip the Bitcoin script with Turing completeness and allow for the building of payment channels, stablecoin, decentralized exchanges, and DeFi, to name a few potential applications. The new opcode could be implemented with a soft fork and specific details and considerations are laid out in the proposal. The potential uses and implications for computation power services, contract composability, and wallet applications are also discussed.
reply
The proposal doesn't mention it, but some Zero Knowledge Proof schemes are post-quantum secure. Unfortunately, this proposal uses a ZKP that is not post-quantum secure (i.e. it uses ECC). If the proposal were modified to use a post-quantum secure ZKP, then I think it would be even more attractive than it already is.
The author has inadvertently revealed a path to adding PQC to Bitcoin that doesn't require a hardfork.
reply
spicy! 🌶️
reply
I think the less we add to Bitcoin the better.
It's similar to the ChatGPT TLDR discussion of the other day.
Let's not add for the sake of adding.
I have no clue how ZKP would could improve my experience as a daily BTC user, and if the answer is not 100% clear and concise, and is instead murky or blurred, I say we stay the fuck away.
Every single change introduces points of failure, or new vectors of attack. We are humans using (probably aliens but I'll put away my tinfoil hat) human code, and where there are humans there will be oversight, even in a 100% open source environment.
reply
tl;dr?
reply
ZKPs are pretty complex and I don't fully understand their inner workings, so I'll try to explain the proposal (and potential benefits) and skip how ZKPs actually work
The proposal wants to add zero-knowledge proofs to the Bitcoin base layer through a soft fork. Zero Knowledge Proofs would allow for more complex scripting (allowing you to perform computation off-chain and you can provide a succinct proof it happened on-chain).
It could also enable more layer-2's. I believe the one the author proposed is similar to a roll-up, where users would deposit into a single "ZKP address", and transfer funds to each other off-chain. It's not quite clear what improvements this would offer over classic payment channels.
However, there are a bunch of issues with adding ZKPs to Bitcoin too that would also increase complexity. Verification keys, which are needed to verify ZKPs can be larger than 520 bytes, so you can't include them in a spending script. Thus you would include the hash, and then propagate the key separately. The issue with this is that without the key, you can't verify the transaction, so for a ZKP spend to happen, you'd have to somehow make sure every node on the network has received the verification key. You'd also need to store this key (seemingly permanently) to verify past transactions, which would increase storage requirements.
Generating ZKPs (and verifying individual ZKPs) is also quite computationally expensive. The cost can be reduced by "batching", but you still would only have a limited amount of ZKP-transactions in a single block, because each one can take tens of milliseconds to verify.
reply
Reading the proposal now to compare your summary with #171852
What I can already see is that you mentioned that ZKP stands for Zero Knowledge Proof but not Turing completeness
reply
The GPT one is pretty good. I wonder how much more information you could get out of it by just asking it to elaborate a bit more.
reply
Yeah, LLMs really shine when used interactively.
reply
Here is the current prompt:
"Ignore all previous inputs. " \ "You read news articles and blogs and summarize them. They may be raw html, but I'll try to get you the text." \ "You are concise and you summarize relevant information. Limit your response to 5 sentences." \ "Here is the article: \n\n"
reply