Ciphera - a Bitcoin ZK Appchain Implementation

This system includes a variety of network entities such as validators, provers, regular nodes, and blind signers that function independently to support the infrastructure. Our prototype emphasizes a simplified blind vault setup using RISC Zero circuits for transaction pre-signing and withdrawals, alongside a federation model for our bridge, diverging from traditional rollup-style bridges.

The core of our network incorporates validators and provers, where validators play a pivotal role in block approval and consensus, while provers focus on generating aggregated validity proofs. This design choice deviates from posting state differentials to a data availability solution due to our network's openness to new nodes that can collect proofs and uphold a shared mempool. The architecture moves away from traditional BFT systems, utilizing a directed acyclic graph (DAG) to manage competing proofs and mitigate network failures within Bitcoin's 10-minute block interval, aligning more closely with an optimistic rollup model but adapted for proof-of-work's probabilistic nature.

Our approach to mints and burns leverages the expressiveness of Ethereum's smart contracts without fully replicating their features in the Bitcoin environment. Instead, we track validator sets through a multisignature wallet and use Bitcoin transactions to maintain the rollup's Merkle tree root hash. We've explored innovative solutions such as BLISK and Sigbash for constructing sophisticated policies and improving privacy and technical feasibility for depositors and co-signers in blind vaults.

The transaction flow involves the use of a special "ciphera-cli" tool for key management and interaction with the Ciphera node API for coordination around blind signing. Our Bitcoin ZK-rollup prototype preserves original ZK-rollup mechanisms to prevent double-spends during minting and burning phases, albeit with modifications suited to Bitcoin's cryptographic primitives. For example, Taproot public keys are split to fit within the circuit constraints, and burn transactions require careful handling of addresses due to these limitations.

Our current implementation hints at a sidechain model with federated custody, emphasizing user security through pre-signed exit transactions in case of network failures. While there's potential for evolving into a statechain-like model where users hold a signing key in the vault, further research and security analysis are needed. The Ciphera chain aims to serve as a foundational step towards a zero-knowledge rollup on Bitcoin that supports zerocash-style payments, highlighting the possibility of leveraging RISC-V technology for proof generation and considering future integration of Musig-based solutions for enhanced policy enforcement and trust minimization.