One more update before implementations:<div><br /></div><div>1, Combine zkStark and aggregated IPA. Application circuits will be developed and proved in skStark,</div><div>while the recursive verifier will be developed in aggregated IPA. This way we may achieve 6~7 KB proof</div><div>size and around 1 second verification time for each OP_ZKP transaction.</div><div><br /></div><div>2, There will be a threshold value T. That is, any bitcoin block may contain at most T OP_ZKP transactions, </div><div>otherwise small miner such as Raspberry Pi 4 won't be able to verify the block quick enough, even</div><div>as we implement the batched verification for aIPA.</div><div><br /></div><div>3, Surpassing count T, we may have a block prove to recursively verify the proof of all the OP_ZKP </div><div>transactions, generating a new proof for miners to verify. This time we are NOT limited to schemes with</div><div>batched verification. Therefore we may consider for example, zkStark again, so that the verification</div><div>will be very fast and the proof size is still acceptable.</div><div><br /></div><div>We maintain a live doc in GH: https://github.com/opzkp/tea-horse </div><div>Please let me know if you have any comments. </div><div><br /></div><div>Regards,</div><div>Weiji</div><div class="gmail_quote"><div dir="auto" class="gmail_attr">On Wednesday, August 28, 2024 at 11:35:55 PM UTC+8 Weiji Guo wrote:<br/></div><blockquote class="gmail_quote" style="margin: 0 0 0 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">I believe I have found the solution to the open issue mentioned in the earlier email. It is just recursive <div>verification. Instead of publishing each application circuit&#39;s verification key on-chain, we should have </div><div>only one circuit that OP_ZKP will verify, which is a recursive verifier. </div><div><br></div><div>Interested readers are welcome to visit the GitHub org dedicated for OP_ZKP: <a href="https://github.com/opzkp" target="_blank" rel="nofollow" data-saferedirecturl="https://www.google.com/url?hl=en&amp;q=https://github.com/opzkp&amp;source=gmail&amp;ust=1728982058288000&amp;usg=AOvVaw0wBc72b6Y2BKY4bYEXWo_C">https://github.com/opzkp</a></div><div><br></div><div>So far I have just put up the high level ideas here: <a href="https://github.com/opzkp/tea-horse" target="_blank" rel="nofollow" data-saferedirecturl="https://www.google.com/url?hl=en&amp;q=https://github.com/opzkp/tea-horse&amp;source=gmail&amp;ust=1728982058288000&amp;usg=AOvVaw11T2a7LuyWgVnlEH20FAvz">https://github.com/opzkp/tea-horse</a>. There are nothing</div><div>else yet. But we will add stuff as we move on.</div><div><br></div><div>Regards,</div><div>Weiji<br><div><br></div></div><div class="gmail_quote"><div dir="auto" class="gmail_attr">On Tuesday, July 23, 2024 at 8:40:08 AM UTC+8 Weiji Guo wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Yes, that&#39;s true. With Dory we will have to work on some pairing-friendly curve. Not secp256k1.<div><br><div></div></div><div><div><div dir="auto">On Tuesday, July 23, 2024 at 3:01:59 AM UTC+8 Weikeng Chen wrote:<br></div></div></div><div><div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div><div>I need to point out that Dory requires pairing, and therefore it cannot work with secp256k1?</div><div>Please circle back.</div></div></div></blockquote></div></div><div><div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div dir="auto">On Monday, July 22, 2024 at 9:16:18 AM UTC-5 Weiji Guo wrote:<br></div></div></blockquote></div></div><div><div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">





<p>———What-ifs———<br></p></blockquote></div></blockquote></div></div><div><div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<p>What if the open issue cannot be resolved? We might consider Dory. It is <br></p>
<p>transparent, requires pairing, and has logarithmic proof size but concretely larger </p></blockquote></div></blockquote></div></div></blockquote></div></blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoindev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/bitcoindev/5a7ee837-690b-4e0e-ba7c-a6e344b0589cn%40googlegroups.com?utm_medium=email&utm_source=footer">https://groups.google.com/d/msgid/bitcoindev/5a7ee837-690b-4e0e-ba7c-a6e344b0589cn%40googlegroups.com</a>.<br />