[bitcoindev] Re: OP_ZKP updates

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Weiji Guo <weiji.g@gmail•com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: [bitcoindev] Re: OP_ZKP updates
Date: Mon, 14 Oct 2024 02:00:14 -0700 (PDT)	[thread overview]
Message-ID: <5a7ee837-690b-4e0e-ba7c-a6e344b0589cn@googlegroups.com> (raw)
In-Reply-To: <63186352-b441-4548-b7fa-8ff0d5f6fc97n@googlegroups.com>

[-- Attachment #1.1: Type: text/plain, Size: 2858 bytes --]

One more update before implementations:

1, Combine zkStark and aggregated IPA. Application circuits will be 
developed and proved in skStark,
while the recursive verifier will be developed in aggregated IPA. This way 
we may achieve 6~7 KB proof
size and around 1 second verification time for each OP_ZKP transaction.

2, There will be a threshold value T. That is, any bitcoin block may 
contain at most T OP_ZKP transactions, 
otherwise small miner such as Raspberry Pi 4 won't be able to verify the 
block quick enough, even
as we implement the batched verification for aIPA.

3, Surpassing count T, we may have a block prove to recursively verify the 
proof of all the OP_ZKP 
transactions, generating a new proof for miners to verify. This time we are 
NOT limited to schemes with
batched verification. Therefore we may consider for example, zkStark again, 
so that the verification
will be very fast and the proof size is still acceptable.

We maintain a live doc in GH: https://github.com/opzkp/tea-horse 
Please let me know if you have any comments. 

Regards,
Weiji
On Wednesday, August 28, 2024 at 11:35:55 PM UTC+8 Weiji Guo wrote:

> I believe I have found the solution to the open issue mentioned in the 
> earlier email. It is just recursive 
> verification. Instead of publishing each application circuit's 
> verification key on-chain, we should have 
> only one circuit that OP_ZKP will verify, which is a recursive verifier. 
>
> Interested readers are welcome to visit the GitHub org dedicated for 
> OP_ZKP: https://github.com/opzkp
>
> So far I have just put up the high level ideas here: 
> https://github.com/opzkp/tea-horse. There are nothing
> else yet. But we will add stuff as we move on.
>
> Regards,
> Weiji
>
> On Tuesday, July 23, 2024 at 8:40:08 AM UTC+8 Weiji Guo wrote:
>
>> Yes, that's true. With Dory we will have to work on some pairing-friendly 
>> curve. Not secp256k1.
>>
>> On Tuesday, July 23, 2024 at 3:01:59 AM UTC+8 Weikeng Chen wrote:
>>
>> I need to point out that Dory requires pairing, and therefore it cannot 
>> work with secp256k1?
>> Please circle back.
>>
>> On Monday, July 22, 2024 at 9:16:18 AM UTC-5 Weiji Guo wrote:
>>
>> ———What-ifs———
>>
>> What if the open issue cannot be resolved? We might consider Dory. It is 
>>
>> transparent, requires pairing, and has logarithmic proof size but 
>> concretely larger 
>>
>>

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/5a7ee837-690b-4e0e-ba7c-a6e344b0589cn%40googlegroups.com.

[-- Attachment #1.2: Type: text/html, Size: 5208 bytes --]

     prev parent reply	other threads:[~2024-10-14  9:30 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-22 14:05 [bitcoindev] " Weiji Guo
2024-07-22 18:45 ` [bitcoindev] " Weikeng Chen
2024-07-22 22:38   ` Weiji Guo
2024-08-28 15:33     ` Weiji Guo
2024-10-14  9:00       ` Weiji Guo [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5a7ee837-690b-4e0e-ba7c-a6e344b0589cn@googlegroups.com \
    --to=weiji.g@gmail$(echo .)com \
    --cc=bitcoindev@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox