What will “ZKP+Bitcoin” bring?

What are the benefits of "ZKP+Bitcoin"?

Key Points

More and more teams are adopting ZKP technology in blockchain infrastructure and dApps. However, most projects are developed based on Ethereum. However, Bitcoin and ZKPs actually have a natural combination gene, and this field currently lacks the attention it deserves. What empowerment will the combination of ZKP technology with Bitcoin bring to the Bitcoin network? In this Bing Ventures blog post, we will explore this topic from the perspectives of technical principles and application prospects.

Zero-knowledge proofs (ZKPs) are a mathematical method that allows one party (the prover) to prove a fact to another party (the verifier) without providing any information about the proof to the verifier. This method is very effective for privacy protection, because the prover can provide the proof to the verifier without revealing any information about the proof itself.

Bitcoin has a natural combination gene with zero-knowledge proofs. Bitcoin is a decentralized virtual currency that uses blockchain to record transactions, and all transaction information is public. However, this also means that Bitcoin transaction information can be viewed by anyone, so there is a risk of privacy leakage. ZKPs can solve this problem.

By using zero-knowledge proofs, Bitcoin users can encrypt transaction information and prove its validity without revealing the information, thus achieving a higher level of privacy protection. Zero-knowledge proofs can also improve the scalability of Bitcoin. Currently, the speed of Bitcoin transactions is limited by the size of the blockchain and network congestion, which limits its use in large-scale commercial applications. However, by using zero-knowledge proofs, Bitcoin users can batch process large amounts of transaction information and compress the size of their proofs to a minimum, thus improving the scalability and efficiency of Bitcoin.

Background and Basic Principles

ZK-SNARKs and ZK-STARKs

ZK-SNARKs and ZK-STARKs are both variants of zero-knowledge proofs, and they have in common the ability to prove the validity of certain data or operations without revealing sensitive information. However, their implementation, performance, and application scope differ.

ZK-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) is a zero-knowledge proof technology based on elliptic curve cryptography. It can transform a complex computational problem into a simple proof, which is very small in size and requires no interaction. This means that ZK-SNARKs can verify the correctness of a computation without revealing any computational information. The application areas of ZK-SNARKs mainly include cryptocurrency and privacy protection.

ZK-STARKs (Zero-Knowledge Scalable Transparent Argument of Knowledge) is a new type of zero-knowledge proof technology that is more flexible and secure than ZK-SNARKs. ZK-STARKs are implemented not relying on elliptic curve cryptography, but using hash functions and polynomial interpolation techniques. This makes ZK-STARKs more reliable, because they do not rely on unpredictable mathematical problems, but on the irreversibility of hash functions. In addition, the proof size of ZK-STARKs is larger than that of ZK-SNARKs, but its proof verifiability is better, so it can be applied to a wider range of areas, such as distributed computing and IoT security.

Challenges for Bitcoin to Adopt Zero-Knowledge Proofs

Take Zcash as an example. Zcash uses ZK-SNARKs, a zero-knowledge proof technology, which can be used to hide detailed information about transactions, including transaction amounts and participant identities, to achieve better privacy protection. The technology principle of ZK-SNARKS used by Zcash is roughly as follows:

  • Zcash has two types of addresses: transparent addresses (t-addresses) and shielded addresses (z-addresses). Transparent addresses are similar to Bitcoin addresses, and they publicly display transaction amounts and participants on the blockchain. Shielded addresses use zero-knowledge proofs to protect the privacy of transaction amounts and participants.

  • When a user sends funds from one shielded address to another, they need to generate a ZK-SNARKS proof to demonstrate that they have enough funds and have not spent any funds that have already been spent. This process involves some complex mathematical and cryptographic operations, such as generating public parameters, calculating hashes, and constructing arithmetic circuits.

  • Generating a ZK-SNARKS proof requires a lot of computing resources and time, but verifying a ZK-SNARKS proof is very fast and simple. Verifiers only need to check if the transaction complies with the rules of the blockchain, without knowing any information about the transaction amount or participants.

  • By using ZK-SNARKS, Zcash can achieve completely anonymous and verifiable transactions, while maintaining blockchain security and decentralization, and improving user privacy and usability.

However, the zero-knowledge proof technology used by Zcash also has some limitations. First, Zcash is based on UTXO, which means that transaction information is not completely hidden, but only shielded. Therefore, attackers can infer some useful information by analyzing the pattern and flow of transaction information. This also means that the degree of privacy protection provided by Zcash is not completely reliable.

Second, Zcash is based on the independent network of Bitcoin, which makes it more difficult to integrate with other applications. This also limits its potential for broader application and further hinders its development. Although Zcash has implemented private transactions, its actual usage rate is not high. One reason is that the cost of private transactions is much higher than that of public transactions, which also limits its scope of application.

ZK-STARKs’ Technical Advantages

While using ZK-SNARKs technology on Bitcoin can indeed achieve anonymity and privacy protection for transactions, this technology has some drawbacks, such as requiring trusted setup and devices, and requiring a large amount of computing and storage resources. To address these issues, some new zero-knowledge proof technologies, such as ZK-STARKs technology, have also emerged.

Simply put, the process of ZK-STARKs includes the following steps:

  • The prover converts the calculation he wants to prove into a polynomial equation group, with secret information as variables.

  • The prover performs a series of transformations and simplifications on this equation group to obtain a simpler equation group.

  • The prover samples and encodes this simplified equation group to obtain a low-dimensional vector.

  • The prover hashes and signs this vector to obtain a short string as his proof.

  • After receiving this string, the verifier can check whether it is correct through some public parameters and algorithms, without knowing the secret information or original calculation.

Compared with ZK-SNARKs technology, ZK-STARKs technology has the following advantages:

  1. ZK-STARKs technology does not require trusted setup, that is, it does not require trust in a specific generator, which improves the security of the technology.

  2. ZK-STARKs technology requires less computing and storage resources, so it can better adapt to lightweight devices and more extensive application scenarios. This is because its proof generation process is more efficient compared to the complex encryption and decryption operations required in ZK-SNARKs. In addition, ZK-STARKs technology can also better utilize the capabilities of parallel and distributed computing, and thus can more efficiently handle computing tasks in certain situations.

  3. ZK-STARKs technology can also support more algorithms and operations, such as hash functions and polynomial operations, which provides more possibilities for the technology’s expansion and upgrade.

Combining Bitcoin and ZK-STARKs

EC-STARKs Technology

STARKs technology is a new type of cryptographic proof technology that allows for communication with third parties while maintaining data privacy. This technology moves the computation and storage of verification data off-chain, thus improving scalability. Compared to ZK-SNARKs technology, STARKs technology is more advanced and can resist attacks from quantum computers.

EC-STARKs technology is the next generation of STARKs technology aimed at improving the scalability and security of Bitcoin by replacing hash functions with elliptic curves. This technology allows for scalability solutions already in place on Ethereum to be compatible with Bitcoin. Using EC-STARKs technology, Bitcoin protocols can be run off-chain with proofs stored in STARKs.

In short, Bitcoin can be simulated in STARKs, allowing for highly complex protocols for Bitcoin-based tokens to be established using the same elliptic curve keys. The use of EC-STARKs technology allows for off-chain protocol execution for Bitcoin while maintaining proofs in STARKs. This approach not only improves the scalability of Bitcoin but also allows for highly complex protocols to be established on Bitcoin, increasing privacy.

This technology takes the scalability and privacy of Bitcoin to a new level, making it a better platform. Developers can create more complex applications on Bitcoin, solidifying its position in the cryptocurrency market.

Prospects for ZK-STARKs in Bitcoin

The application of ZK-STARKs is also in line with Bitcoin’s conservative design philosophy, requiring no trusted aggregation but rather using hash functions, Merkle trees, and polynomials to increase transparency and security. One advantage of EC-STARKS on Bitcoin is that it can increase the privacy of Bitcoin, as it does not require the details of transactions to be public. Another advantage is that it can reduce the storage requirements of Bitcoin by compressing large amounts of data into a small proof. One challenge of EC-STARKS on Bitcoin is that it requires more computational resources as it involves complex mathematical operations. Another challenge is that it requires more coordination and standardization, as it needs to be compatible with Bitcoin’s existing protocols and infrastructure.

From a technical point of view, the applications of ZK-STARKs can be divided into aspects such as light nodes, full nodes, and verification methods. Light nodes can use stark proof to verify block header states, enabling fast synchronization. Full nodes can achieve validity proof by using UTXO states and utreexo technology, which represents UTXO states in a new format and does not require viewing the entire UTXO state. In terms of verification methods, only the utreexo root + final state needs to be provided to begin block verification.

In addition, there are many potential applications of ZK-STARKs. For example, combined with the Taro protocol, Bitcoin can be transformed into a more universal asset, expanding its application scenarios. By combining ZK-STARKs with Taro, the scalability of the Taro protocol can be improved, allowing it to handle more transactions and support larger-scale applications, opening the door for the multi-chain deployment of the Taro protocol. Bitcoin’s privacy has always been an issue, and the application of ZK-STARKs technology can greatly enhance Bitcoin’s privacy. By using ZK-STARKs technology, the entire transaction history can be compressed into a single transaction, effectively hiding users’ transaction information.

Future Outlook

Furthermore, ZK-STARKs can be used for Bitcoin transaction verification, including Bitcoin transaction serialization, double SHA calculation, secp256k1 operation, etc. These operations are the core of Bitcoin transaction verification, and using ZK-STARKs can ensure a highly secure and reliable Bitcoin transaction verification process. ZK-STARKs can also be used to verify the accelerated Cairo built-in functions of Bitcoin. Cairo is an efficient zero-knowledge proof system, which, when combined with the accelerated Cairo built-in functions of Bitcoin, can achieve efficient and secure Bitcoin transaction verification.

ZK-STARKs can also be used to implement Taro primitives and asset TLV serialization, as well as MS-SMT implementation and verification, etc. These operations can effectively protect the privacy and security of Bitcoin transactions and further improve the credibility and reliability of Bitcoin transactions. As a second-layer solution for Bitcoin transactions, the Lightning Network can achieve more efficient and secure Bitcoin transactions by combining with ZK-STARKs technology. Utilizing ZK-STARKs technology, Bitcoin transactions on the Lightning Network can be quickly verified without sacrificing transaction privacy.

We are seeing more and more teams adopting zero-knowledge proof technology in blockchain infrastructure and dApps. Some of these new solutions may accelerate the application of zero-knowledge proof in the blockchain space and help with privacy and scalability in a better way. However, most of the projects are based on Ethereum for development, and Bitcoin lacks the attention it deserves in the zero-knowledge proof field. Worse still, engineering practices have not caught up with academic progress to some extent. We need to do more implementation and exploration in this area, while also paying more attention and support to this field.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Take bitcoin to pay? How much do you want to open?

Recently, Deloitte, one of the four major audit firms, now allows its employees to use the mobile bitcoin wallet to p...

Blockchain

Getting started with blockchain | Teach you how to understand Bitcoin computing power

We often see information on changes in bitcoin computing power in media reports in the industry. For example, from Ma...

Blockchain

Bitcoin: the beneficiary of the era of wealth transfer

Foreword: This generation of people has accumulated a lot of wealth because the American baby boomers enjoyed the Ame...

Blockchain

Research Report: Can Bitcoin Be a Safe-Haven Asset?

Source: Digital Asset Research Author: Greg Cipolaro; Lucas Nuzzi Overview The debate over whether Bitcoin is a "...

Opinion

1 in every 5 Americans is a cryptocurrency holder? In fact, not that many.

Many American cryptocurrency holders only own a small amount and are not highly concerned about the progress of crypt...

Blockchain

The bitcoin community has a big brain, only because the smallest unit Satoshi needs a symbol.

The Bitcoin community is trying to do it by hand. The smallest unit of bitcoin, satoshi, is named after its inventor,...