In case you missed it, Starkware, a company that has historically been active in the Ethereum ecosystem, Announced Yesterday, we set out plans to begin dedicating significant resources to new scaling opportunities for Bitcoin that have emerged over the past few months.
The group, pioneers of zero-knowledge systems, have revealed plans to leverage OP_CAT to bring STARK technology to Bitcoin. The proposed soft fork would make zero-knowledge proofs natively verifiable, opening up an entirely new design space for developers.
This announcement is seen by many as a significant technical milestone for the Bitcoin protocol, and I would like to offer my personal opinion on the matter.
Long awaited
As Starkware CEO Eli Ben-Sasson points out in the announcement, the idea of using zero-knowledge to improve Bitcoin is not new. Developers have been discussing applications of the technology for over a decade. Ben-Sasson himself said: Presented A very early concept of this idea was presented at the Bitcoin Conference in San Jose in 2013. In 2017, Blockstream developers Gregory Maxwell, Pieter Wuille, and Andrew Poelstra co-published a research paper on the use of Bulletproof, a zero-knowledge protocol that supports confidential transactions in Bitcoin.
In recent years, BitVM creator Robin Linus has begun developing ZeroSync, a compression technique used to create zero-knowledge proofs for the Bitcoin blockchain. When fully implemented, it will significantly reduce the resources required to run a Bitcoin node. In 2022, the Human Rights Foundation contacted current Alpine Lab researcher John Wright to Full Report On the potential of Bitcoin validity rollup using zero-knowledge proofs.
Zero-knowledge proofs have a wide range of uses, and there’s still more to be heard about them. Many expect this technology to define the next era of computing, and I wouldn’t bet against that expectation. It’s almost certain that higher-level Bitcoin applications will soon start leveraging zero-knowledge proofs, and this trend is only expected to grow in the future.
still early
Most of the technical advances in zero-knowledge cryptography have been achieved in the past decade. The field is rapidly evolving as cryptographers become more interested in applications of the technology. Researchers are competing to see who can most reduce the time and resources required to create and verify these proofs. At the moment, most proof systems remain computationally expensive. Different protocols make different tradeoffs, but improvements have focused on verification, allowing the average user to verify proofs quickly and efficiently. The pace of innovation shows no signs of stopping, but generating proofs at scale requires a lot of work. Specialized Hardware And large scale operations.
Despite the massive unlocking and significant achievements in the field, it is worth noting that 10 years is not a very long period in crypto. Many of the recent proposals leverage technologies that are considered technically sound but are not as battle-hardened and tested as Bitcoin. In 2018, a hidden inflation bug was discovered. discovered Zcash’s ZK-SNARK implementation could allow an attacker to counterfeit currency. In fairness, the STARK construction proposed by Starkware is considered much more secure as it is more transparent.
It’s hard to get excited about roll-ups
It’s hard to get excited about roll-ups
One of the motivations for this project is to enable zk-rollups in Bitcoin. Rollups are a highly touted product that uses off-chain sequences to scale applications and throughput. zk-rollups, or validity rollups, propose to enable off-chain systems that do not require additional trust assumptions by creating proofs of a system’s transaction records and allowing users to independently verify them.
today, none Most of Ethereum’s major rollup implementations implement this system in full. Each relies on a central operator who is responsible for both proving and ordering transactions. In the rare cases where a proof is actually generated, only authorized actors can submit it to prevent fraud. Starkware’s Starknet Currently, there is no mechanism provided for users to force their transactions out of the system if an operator stops cooperating or the infrastructure goes down.
Nearly every project has billions of dollars in escrow that are effectively secured by multiple sets of signing keys. The same group of people who control those keys can also upgrade rollup contracts and control the associated funds. Just a few days ago, Linea, the sixth largest rollup on Ethereum, was unilaterally created. Stopped by operatorFollowing the hack, all user funds have been frozen.
There is an alternative, more optimistic case, one that I’m probably not suited to write about, but a lot of work and resources are being put into solving the problems outlined above. A complete, trust-free vision will require a significant amount of research to achieve.
There’s also the possibility that ROLLUP could evolve into a complex, weird monster that only a few people can control, like Ethereum.
BitVM Side Quest
of Introducing BitVM This paper, published by Robin Linus last year, really kick-started the Bitcoin zero-knowledge race. Starkware has been getting attention for its history, but Alpine Lab, Citrea and Bitlayer We are actively researching ways to optimize zero-knowledge proofs in our implementation.
It will be interesting to see what choices they make going forward and whether they stick to their guns. A strong case can be made that OP_CAT brings a lot of efficiency, but it is not yet clear exactly what the tradeoffs are. I expect many companies will continue to explore the BitVM path and simply emulate zero-knowledge computation. In either case, it is important to point out that bridging funds off the Bitcoin chain to other systems comes with light client security that is susceptible to reorganization attacks.
Last month, a lot of air time was allocated to Liquidity issues Around BitVM. Given the current user profile of these types of solutions, I find the idea that this would prevent everyone from participating somewhat dubious. It may not be practical or sustainable, but I honestly don’t know if there’s a market for this. Again, users currently have billions of dollars entrusted to multisig, which makes anything else nearly untrustworthy in comparison.
Increased funding for developers
The $1 million allocated to research funding is a positive for the ecosystem. This is an encouraging development for the growing mindshare around OP_CAT. It’s likely that the bug bounties won’t amount to anything, but it will be interesting to see what comes from work that focuses more on proofs of concept and applications. It’s easy to raise eyebrows at these funding sources, but ultimately, the results of these efforts will be judged on their technical merits. Bitcoin’s development process is not as easily influenced as some commentators would have you believe.
It’s also important to remember that OP_CAT is just one piece of the scripting puzzle. Breakthroughs in specific use cases are exciting, but don’t let them cause you to lose sight of the bigger picture. None of these technologies are mature enough to produce significant benefits in the short term. Rushing to upgrade today seems a bit reckless when we still have years to go before we can reliably implement these systems. If you need a centralized virtual machine, there are plenty of sidechains to choose from.
At the moment, we are breaking new ground every day and it is difficult to even predict where we will be in a month. I am cautiously optimistic about the progress we are making in improving the Bitcoin script, but I feel it would be unfair to promise anything at this point. We need to wait for things to settle down for a while.
