bitcoin-dev

Combined summary - OP_ZKP updates

Combined summary - OP_ZKP updates

The discussion brings to light the intricacy of implementing Dory, a cryptographic solution requiring the use of pairing-friendly curves, which stands in contrast to the limitations posed by secp256k1 due to its lack of support for pairing operations.

This distinction is crucial as it underscores the need for selecting cryptographic curves that are compatible with Dory's operational requirements. The focus on pairing is essential for Dory to function effectively, suggesting that alternatives to secp256k1 need to be explored. Despite Dory's promise in offering transparency and efficiency in proof size, there are concerns regarding its relatively larger proof size when compared to other cryptographic solutions. This analysis points towards the complexity involved in choosing a cryptographic framework that not only adheres to technical specifications but also upholds the principles of transparency and scalability.

Weiji Guo has highlighted a significant technical limitation concerning the compatibility of Dory with secp256k1, noting that Dory necessitates a pairing operation absent in secp256k1. This limitation signals a pivotal challenge in utilizing Dory within the specified cryptographic framework, warranting further exploration or the consideration of alternative solutions to mitigate this issue. The specificity of this problem calls for a deeper understanding and application of cryptographic principles to overcome the compatibility hurdles encountered.

The initiative OP_ZKP was introduced with the aim to incorporate Zero-Knowledge Proofs (ZKPs) into Bitcoin transactions, specifically focusing on the selection of an appropriate ZKP scheme that aligns with its proving system. An initial examination of existing ZKP schemes was undertaken to identify a scheme that meets several critical requirements including minimal security assumptions, the capacity for batched verification, and the support for aggregated proving without the need for a trusted setup. Among the considered schemes, the Inner Product Argument (IPA) emerged as a potential candidate due to its transparency, reliance on the Elliptic Curve Discrete Logarithm Problem (ECDLP), and its compatibility with the secp256k1 curve. However, challenges such as linear verification time and scalability of verification keys were identified, with aggregated proving techniques proposed as a solution to reduce complexity and verification time. The deployment of large verification keys remains a concern, impacting the practicability of implementing this approach on-chain. Future considerations involve evaluating the impact on lower-powered devices and the potential necessity to explore alternative schemes like Dory, should unresolved issues with IPA persist. For those interested in delving deeper into related topics, resources on misconceptions about SNARKs provided by a16zcrypto, along with discussions on Torus-based optimization through a Video and Paper, are available for further exploration.

Discussion History

0
Weiji GuoOriginal Post
July 22, 2024 14:05 UTC
1
July 22, 2024 18:45 UTC
2
July 22, 2024 22:38 UTC
3
August 28, 2024 15:33 UTC