The holy grail of blockchain technology – now on Bitcoin SV

This week’s article will examine one of the more technical features of blockchain technology, which is often mentioned in the blockchain space, but only technical developers usually care about – zk-proofs. Recent breakthroughs in BSV have now made the technology open and accessible, so I hope to spend some time explaining what they are and why they are important to the entire industry.

What is ZK proof?

Besides just sounding like a really cool buzzword, zk-proofs (or zk-SNARKs as they are sometimes commonly called) are basically a way for one party (or prover) to prove their knowledge of something secret to another party (a verifier) ​​) without revealing the actual thing publicly. As such, this allows a buyer to purchase a secret from a trustless seller if the purchase itself can be accomplished in an atomic fashion.

This turns out to be the fundamental keystone of all smart contract technology on blockchains, as it allows for total privacy for smart contracts, while providing transparency for the actual transactions.

Some blockchains like ZCash use ZKPs as part of their base protocol to enforce things like fixed inflation, coin supply, and distribution schedule, while others allow ZKPs to be used in their own scripting language, like BSV and ETH1.

Although ZKPs are a technology that has been around since the 1980s, their practical use on blockchains has been fraught with difficulties, mainly due to the trade-offs in size and computational resources needed to generate and use them efficiently. Traditional zk-SNARKs required a reliable “setup” phase that, if compromised (via leaked secrets or a broken key), would compromise the entire system in a way that is hard to detect. In addition, common implementations required significant computational resources to generate the proof (on the order of >10s of seconds and >100MB to a few gigabytes of memory). All of these really prevented its use on Bitcoin, given the scaling limitations of BTC2 in terms of transaction block sizes and also the impracticality of having to wait 20s for proof generation for each transaction.

That said, the potential benefits of zk-proofs far outweigh their practical limitations, which is why many blockchain projects are currently working on ways to distribute zk-proofs while mitigating their limitations.

Such benefits become apparent when you consider the core goal of any blockchain: decentralization or distribution of the calculation logic in the processing of smart contracts (in bitcoin these are simply called predicate script or payment terms). In theory, if zk-proofs were implemented as the basic consensus protocol of a blockchain, in practice it would become something like ZCash, and projects like Ethereum would not need to have every node computing the same thing redundantly to make sure that a validator did not cheat. Instead, a prover could just calculate the result of a contract execution, enter the zk proof, and do it—at least in theory.

In practice, due to the sizes of the witness (proof), it becomes increasingly prohibitive due to blockchain economics for platforms that cannot be scaled by volume, such as ETH, where the more complex (and thus useful) zk-secure applications would become too expensive to run due to gas fees that scale with the size of the data to be put on the chain and the amount of computation required. This has severely limited the use of zk proof on Ethereum. On BTC, the problem is that they have a hard limit on the size of transactions and blocks, which also puts positive pressure on the cost of posting such proofs on the public blockchain.

But with BSV there are no such limitations, and so we’ve seen some significant breakthroughs in the development of native implementations of zk-proofs in recent months.

SCrypt, a project that connects a Typescript-like smart contracting language and compiler to Bitcoin ASM (op-codes), has pioneered work on zk-proofs and their derivatives on BSV. What started as a theoretical proof of concept a year ago has become a wealth of tools and examples of leveraging the power of zk-proofs on bitcoin. I will briefly go through the milestones here in chronological order. Feel free to use this as a “reading list”.

1) November 2, 2021 — First outlines how to theoretically construct a ZKKSP where evidence can be used to get an outsourced party to help a buyer find a private key that results in the desired vanity address. This can be done without the seller of the information knowing the actual private key (which would defeat the purpose) while also saving the buyer from doing the computational work themselves to derive the key to the desired vanity address.

2) August 6, 2022 — Almost a year later, a massive breakthrough in creating recursive ZKPs can be applied to problems where a total aggregate problem can be solved in small steps. Each step can then produce a correspondingly small ZKP, which only proves the “change” from the previous solution. In this way, instead of computing a very LARGE single proof that would be prohibitive in many ways as outlined above, a proof can be ‘additive’. This is also useful for problems where the answer is not discrete, but lies on a continuum and can be infinitely refined, such as optimization problems, where the buyer is willing to pay for a sufficiently ‘good enough’ solution. Work can then be paid incrementally rather than being a “winner-take-all” format. Work can be distributed among a group of workers, each of whom contributes his share and is paid for his partial contributions. For example, calculate a Fibonacci series or find consecutive digits in pi, or run BitTorrent!

3) November 10, 2022 – Sudoku puzzle! Billed as the first “practical” application of ZKPs in bitcoin (which includes all bitcoin chains), sCrypt last week released the application of a ZKP to outsource the solution of a Sudoku puzzle. Although it’s been talked about in theory for the past year or more, this is finally something to see the code in real life.

With this example, developers can now, in a trustless way, outsource general problems to the public as a stateless bountyand the provider of the solutions can safely collect the bounty in a way that does not demand any escrow or intermediary. This deserves some pause and thought because this is what people have been trying to get to work for a while.

An improvement over a previous implementation that required a setup process between a buyer and seller (meaning in practice it couldn’t easily be used as a pseudonymous bounty), this version can be done in a single bounty transaction posted by the buyer, and collected of a pseudonymous seller in a single transaction.

While this example uses Sudoku as a puzzle to solve, any puzzle that can be easily verified can use this method.

Think traveling salesman solutions for logistics companies or solving chess playoffs for profit! Or even something like putting a bounty on creating a more efficient sorting algorithm? Or as a way to stimulate genetic algorithms to evolve to do something useful like boolean operations? (Both have simple algorithmic methods to verify that they are indeed valid solutions).

4) November 14, 2022 – Proof of Reserves – Given the recent collapse of Defi giant FTX, many companies have started talking about implementing proof of reserves to show the world that it has control over the assets that it claims it should, and in addition, anyone to whom it owes obligations can be “counted on” to ensure that their assets cover all their obligations. This outlines how it can be done on Bitcoin.

5) November 26, 2022 – Pay for Decryption Key – the swiss army knife of ZKP!

This is the true multi-tool of blockchains… the ability to pay for a private key in a trustless way. The applications of this would probably deserve an article on their own. Nefarious hackers have previously exploited this use case with attacks like cryptolocker where a hacker encrypts all your private data on your computer and demands a ransom to allow you to decrypt it again by selling you a private decryption key. To add insult to injury, for many victims who paid the ransom in bitcoins, the hacker would still refuse to hand over the private key, leaving the victim out of pocket and with a loss of data. With the ability to trustlessly exchange a private key, both by confirming that the seller has control over the required key and that payment for the key cannot occur if the key is not released at the same time, this opens up many use cases, from trustless digital marketplace exchange to inheritance and digital legacy -planning. This is the generic “escrow” smart contract that can be used to construct most other complex contracts.

6) Bitcoin zkBattleship — Finally, any discussion of online gaming with ZKPs wouldn’t be complete without an example where it doesn’t take an “oracle” of knowledge to know the state of the shared game board, such as Battleship, really shines. This type of game can be extended to most card games where there is a “dealer” condition, namely who keeps track of which players have which cards? This example shows the implementation using the Battleship game, where the blockchain controls the “game state” in a trustless way.

As can be seen from the recent rapid-fire posts from the SCrypt team, the technology is rapidly evolving and has yet to mature, along with the development of simpler tools to help new developers get started writing bitcoin smart contracts, such as uses ZKPs. But the floodgates are now officially open. Let the games begin!

width=”562″ height=”315″ frameborder=”0″ allowfullscreen=”allowfullscreen”>

/djc

Wall Street Technologist

[1] Notably missing is BTC, as they disabled the necessary language features

[2] Also, as mentioned before, BTC Core has not reactivated the original Bitcoin 2009 opcodes to make this possible.

See: The presentation of the BSV Global Blockchain Convention, Smart Contracts and Computation on BSV

width=”562″ height=”315″ frameborder=”0″ allowfullscreen=”allowfullscreen”>

New to Bitcoin? Check out CoinGeeks Bitcoin for beginners section, the ultimate resource guide for learning more about Bitcoin – as originally envisioned by Satoshi Nakamoto – and blockchain.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *