In case you missed it, Starkware, a company historically active in the Ethereum ecosystem, Announce Yesterday plans to begin allocating significant resources towards new Bitcoin scaling opportunities that have emerged over the past months.
The group, a pioneer in zero-knowledge systems, has revealed plans to leverage OP_CAT in order to bring its STARK technology to Bitcoin. The soft fork proposal could allow zero-knowledge proofs to be verified locally, opening up a whole new design space for developers.
This announcement is viewed by many as an important technical milestone for the Bitcoin protocol. Here are my unwanted 2 cents on this.
Long time coming
As Starkware CEO Eli Ben Sasson noted in his announcement post, the idea of using zero knowledge to improve Bitcoin is not new. Developers have been discussing applications for the technology for more than a decade already. Ben Sasson himself foot Very early concepts of the idea at a Bitcoin conference in 2013 in San Jose. In 2017, Blockstream developers Gregory Maxwell, Peter Wohl, and Andrew Poelstra co-published a paper on using Bulletproof, a zero-knowledge protocol to support confidential transactions on Bitcoin.
In recent years, BitVM creator Robin Linus has urged work on ZeroSync, a compression technology used to create zero-knowledge proofs for the Bitcoin blockchain. Once fully implemented, it will significantly reduce the resource requirements needed to run a Bitcoin node. In 2022, the Human Rights Foundation commissioned John Light, a current researcher at Alpen Labs, to produce a report Full report On the possibility of accumulating validity on Bitcoin, using zero-knowledge proofs.
Zero-knowledge proofs have a wide range of applications, and we're nowhere near the end of hearing about them. Many expect technology to define this next era of computing, and it would be hard for me to bet against it. It is almost guaranteed that higher level Bitcoin applications will start taking advantage of it soon and we can only expect this trend to grow from here.
It's still early
Most of the technological gains around zero-knowledge encryption have been made in the past ten years. This field is developing rapidly as more cryptographers become interested in applications of the technology. Researchers have been in something of an arms race to see who can provide the most time and resources to produce and verify this evidence. To date, most proof systems remain computationally expensive. Different protocols make different trade-offs, but improvements have focused on verification so that the average user can verify proofs quickly and efficiently. Although the pace of innovation has been relentless, such evidence will likely need to be generated on a large scale Specialized devices And big operations.
Despite the massive conquests and significant achievements in this field, it should be noted that a decade is not exceptionally long in crypto circles. Many recent proposals take advantage of technologies that are technically sound but are not as battle-hardened and tested as Bitcoin. In 2018, there was a hidden inflationary error Discover In the ZK-SNARK implementation of Zcash which could have allowed an attacker to counterfeit the currency. In fairness, Starkware's proposed STARK construction is significantly more secure due to its more transparent nature.
It's hard to get excited about collections
It's hard to get excited about collections
One of the motivations for this project is to enable zk-rollups on Bitcoin. For those who are not familiar, batch products are very popular products that use off-chain serialization to expand applications and productivity. Zk-rollups, or validity rollups, propose creating proofs of a system's transaction history that can then be independently verified by users, allowing for off-chain systems that do not require additional trust assumptions.
today, no one One of the major wrapper applications on Ethereum has fully implemented this system. Each one relies on a central operator responsible for verifying and ordering transactions. In individual cases where evidence is actually generated, only authorized entities can provide it to prevent fraud. starqueer Starkent It currently offers no mechanism for users to take their transactions out of the system if the operator stops cooperating or their infrastructure goes down.
Almost every project has billions of dollars in deposit that are effectively secured by a set of multi-signature keys. The same group of people responsible for handling these keys can also upgrade the pooled contract and control the funds associated with it. A few days ago, the sixth largest backlog on Ethereum, Linea, was carried out unilaterally Stopped by operatorAll user funds were frozen after the hack.
There is an alternative, more optimistic case, which I may not be well suited to write about but there is a lot of work and resources being put into solving the problems described above. A great deal of research will be needed for the complete and unreliable view to emerge.
It is also possible that, as happened with Ethereum, pools will evolve into complex, curious beasts that only a few people can tame.
BitVM side quest
The introduction of BitVM by Robin Linus last year is what really launched the zero-knowledge race on Bitcoin to its highest levels. Starkware makes headlines for its resume but many teams love it Alpen Laboratories, Setria And Petair layer They are actively researching how to improve zero-knowledge proofs for their applications.
It will be interesting to see what choices they make moving forward and whether or not they stick to their guns. A strong case can be made that OP_CAT offers many efficiencies but it is not yet clear exactly what the trade-offs are. I expect many companies will continue to explore the path of BitVM and emulate zero-knowledge computing. It is important to note that in both cases, transferring funds from the Bitcoin chain to any other system involves light security for the client which is vulnerable to reorganization attacks.
I've been given a lot of airtime in the past month to Liquidity issues About BitVM. Given the current user profile for those types of solutions, I find the idea that this would prevent anyone from participating a bit questionable. It may not be practical or sustainable, but frankly I'm not sure the market that exists for this cares much at all. Then again, users are currently depositing billions of dollars in multisig, so anything else would seem almost unreliable by comparison.
More developer funding
Allocating $1 million to fund research is a net positive for the ecosystem. This is an encouraging development for the growing intellectual engagement around OP_CAT. Bug bounties are unlikely to lead anywhere, but I'm interested to see what comes out of more focused work on proof of concepts and applications. It's easy to mock where this money comes from, but ultimately the outcome of those efforts will be judged on their artistic merits. The Bitcoin development process is not as easily affected as some speakers think.
It's also important to remember that OP_CAT is only one piece of the script puzzle. Breakthroughs in specific use cases are exciting, but rarely enough to justify losing sight of the big picture. None of this technology is mature enough to generate significant profits in the short term. Rushing to upgrade today when it will take years to reliably implement these systems seems a bit hasty. If people want centralized VMs, there are plenty of sidechains to choose from.
We're breaking new ground every day at this point, and it's hard to even predict where we'll be a month from now. I'm cautiously optimistic about the progress being made in terms of Bitcoin script improvements but it seems unwarranted to commit to anything at this time. We'll need to let the dust settle for a while.