Author: Weiji Guo 2023-05-04 15:31:22
Published on: 2023-05-04T15:31:22+00:00
Weiji, a Bitcoin contributor, has proposed the use of ZKPs (Zero-Knowledge Proofs) in Bitcoin transactions. Responding to queries about the practicality of such a system, he has suggested that specialized computing power vendors could optimize ZKP computations, and that such vendors could be from both miners and non-miners who are focused on cryptographic engineering. While the verification cost was previously estimated to be high, Weiji now reports that Groth16 verification can be as fast as 1ms while Plonk verification is around 1.6ms, indicating that even a common full node could handle thousands of OP_ZKP transactions. In this case, the ZKP transactions could be put into the mempool and be open to aggregation by some vendor. Full nodes should verify these transactions as well. Weiji believes that it would not be a good idea to treat these transactions with special rules as there is no guarantee that certain OP_ZKP transactions will be aggregated or recursively verified. The cost for standalone OP_ZKP transactions might be higher due to more data and/or higher weighting. This incentivizes vendors to develop aggregation/recursive verification services to drive down fee requirements and profit from doing so (fee extraction). Weiji expects an open market where various vendors can compete against each other, so it makes sense to have these transactions openly visible to all participants. However, some transactions are meant to be off-chain. For example, a would-be smart contract can aggregate many related transactions in an OP_ZKP transaction. Those aggregated transactions should not be transmitted within the Bitcoin network and could even be invalid Bitcoin transactions. Usually, the smart contract operator or its community could host such a service. In the future, Weiji predicts a situation where there are thousands of active smart contracts based on OP_ZKP and each block contains a few hundred OP_ZKP transactions. Each one of them aggregates/recursively verifies many transactions. The effective TPS (transactions per second) of the Bitcoin network could far exceed the current value, reaching the range of thousands or even more.
Updated on: 2023-06-16T18:02:35.424614+00:00