Author: Weiji Guo 2023-04-28 08:29:10
Published on: 2023-04-28T08:29:10+00:00
The proposal of a new opcode, OP_ZKP, has been made for Bitcoin to enable zero-knowledge based spending authorization. This would allow the network to authorize spending based on off-chain computation, making the Bitcoin script Turing complete and enabling various applications such as payment channels, stablecoins, decentralized exchanges, and DeFi. The proposal covers various aspects, including how it works, security concerns, dealing with system limitations, scalability, ZKP scheme, and curve choices, potential uses, and ecology implications.To ensure security, spending conditions are bound to certain UTXO set, amount, and recipients using the hash of all this information as public input to the proof. Verification keys could be put into configurations and only their hash used in the scriptPubKey to deal with system limitations. Scalability issues have been addressed by proposing two options: proof aggregation (batching) and recursive verification. Groth16-BN254 is suggested as an initial choice for ZKP schemes and curve choices.The potential uses of OP_ZKP are unlimited, ranging from payment aggregation to DeFi and NFTs. However, there are challenges to overcome, such as maintaining off-network UTXO entries with high security. Ecology implications have also been discussed, with some proofs requiring significant computational power to generate. Further discussion is needed among developers and the community before any BIP can be requested.The article also discusses the potential impact of zero-knowledge proofs (ZKPs) on smart contracts, computation power vendors, and wallet applications. Service providers could work with miners to speed up transaction generation or propose a bundle of transactions to be included in a block, incentivizing further optimization of implementation, engineering, algorithms, or even ZKP schemes. Another challenge is figuring out a systematic way for one smart contract to call another, either on-chain or assisted-off-chain through cross-contract APIs and incentivizing computation power vendors. Finally, the article addresses concerns about the heavy-duty computation task of generating proof to authorize spending and argues that if no secret is involved, there is no need to involve a wallet tasked with safekeeping secrets. In such cases, the ZKP proof could be proof that something happened or exists, making up spending conditions. The author provides links to relevant resources to support their ideas.
Updated on: 2023-06-16T18:02:02.946579+00:00