What will "ZKP+Bitcoin" bring?

Key Takeaways

• Zero-knowledge proof can improve the privacy of Bitcoin because it can hide transaction details, such as amount, address, input and output, etc., while retaining the validity and integrity of the transaction, which can prevent third-party tracking and user analysis trading activities.
• Zero-knowledge proof can improve the scalability of Bitcoin because it can reduce the size of transaction data and verification time. For example, using ZK-STARKs or their improved versions, multiple transactions can be packaged together and verified using zero-knowledge proofs, saving space and time.
• Zero-knowledge proof can improve the innovation of Bitcoin because it can support more functions and applications. For example, using ZK-SNARKs, more logic and calculations can be implemented, and more complex and flexible contracts can be executed without exposing information or increasing overhead.
• Ultimately, zero-knowledge proofs will make Bitcoin more trustless and decentralized, in line with its core values. As technology continues to develop and improve, the potential of Bitcoin and ZKP will continue to be tapped.

More and more teams are adopting zero-knowledge proof technology in blockchain infrastructure and dApps. However, most projects are developed based on Ethereum. However, Bitcoin and zero-knowledge proofs actually have a natural combination, and this field currently lacks due attention. What kind of empowerment will the combination of zero-knowledge proof technology and Bitcoin bring to the Bitcoin network? In this Bing Ventures blog post, we will explore this topic from the perspective of technical principles and application prospects.

A zero-knowledge proof (ZKP) is a mathematical method that allows one party (called the prover) to prove a fact to another party (called the verifier) without providing the verifier with any information about the proof. This approach is very effective for preserving privacy because the prover can provide the proof to the verifier without revealing any information about the proof itself.

Bitcoin can have a natural combination of genes with zero-knowledge proofs. Bitcoin is a decentralized virtual currency that uses a blockchain to record transactions, and all transaction information is public. However, this also means that Bitcoin transaction information can be viewed by anyone, so there is a risk of privacy leakage. And zero-knowledge proof can solve this problem.

By using zero-knowledge proofs, Bitcoin users can encrypt transaction information and prove its validity without revealing the information, thereby achieving a higher level of privacy protection. Zero-knowledge proofs can also improve the scalability of Bitcoin. Currently, Bitcoin's transaction speed is limited by the size of the blockchain and network congestion, which limits its use in large-scale commercial applications. However, by using zero-knowledge proofs, Bitcoin users can process a large amount of transaction information in batches and compress the size of their proofs to an extremely small size, thereby improving the scalability and efficiency of Bitcoin.

Background and Rationale

ZK-SNARKs和ZK-STARKs

Both ZK-SNARKs and ZK-STARKs are variants of zero-knowledge proofs, and what they have in common is to prove the validity of certain data or operations without revealing sensitive information. However, they differ in their implementation, performance, and scope of application.

ZK-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) is a zero-knowledge proof technology based on elliptic curve cryptography. It can convert a complex computational problem into a simple proof that is very small in size and requires no interaction. This means that ZK-SNARKs can verify the correctness of calculations without revealing any calculation information. The application fields of ZK-SNARKs mainly include encryption currency and privacy protection.

ZK-STARKs (Zero-Knowledge Scalable Transparent Argument of Knowledge) is a new type of zero-knowledge proof technology, which is more flexible and secure than ZK-SNARKs. The implementation of ZK-STARKs does not rely on elliptic curve cryptography, but uses hash functions and polynomial interpolation techniques. This makes ZK-STARKs more reliable because instead of relying on unpredictable mathematical puzzles, they rely on the irreversibility of hash functions. In addition, the proof size of ZK-STARKs is larger than that of ZK-SNARKs, but its proof is more verifiable, so it can be applied to a wider range of fields, such as distributed computing and Internet of Things security.

Difficulties in using zero-knowledge proofs in Bitcoin

Taking Zcash as an example, Zcash uses ZK-SNARKs in zero-knowledge proof technology, which can be used to hide transaction details, including transaction amount, participant identity, etc., to achieve better privacy protection. Zcash adopts the technical principle of ZK-SNARKS as follows:

• There are two types of addresses in Zcash: transparent addresses (t-address) and hidden addresses (z-address). Transparent addresses are similar to Bitcoin addresses in that they disclose transaction amounts and participants on the blockchain. Stealth addresses use zero-knowledge proofs to protect the privacy of transaction amounts and participants.
• When a user sends funds from one hidden address to another, they need to generate a ZK-SNARKS proof that they have enough funds and are not spending any funds that have already been spent. This process involves some complex mathematical and cryptographic operations, such as generating public parameters, computing hashes, and constructing arithmetic circuits.
• Generating ZK-SNARKS proofs requires a lot of computing resources and time, but verifying ZK-SNARKS proofs is very fast and simple. The verifier only needs to check whether the transaction complies with the rules of the blockchain, and does not need to know anything about the transaction amount or participants.
• By using ZK-SNARKS, Zcash can achieve completely anonymous and verifiable transactions, improving user privacy and usability while maintaining blockchain security and decentralization.

However, the zero-knowledge proof technology adopted by Zcash also has some limitations. First of all, Zcash is UTXO-based, which means that transaction information is not completely masked, but only blocked. Therefore, attackers can infer some useful information by analyzing the patterns and flows of transaction information. This also leads to Zcash's degree of privacy protection is not completely reliable.

Second, Zcash is a separate network based on Bitcoin, which makes it more difficult to integrate it with other applications. This in turn limits its possibilities for wider application, further hampering its development. Although Zcash implements private transactions, the actual usage rate is not high. One of the reasons is that the cost of private transactions is much higher than that of public transactions, which limits its scope of application.

Technical advantages of ZK-STARKs

The use of ZK-SNARKs technology on Bitcoin can indeed achieve transaction anonymity and privacy protection, but this technology has some disadvantages, such as the need for trusted settings and equipment, and the need for a large number of computing and storage resources. In order to solve these problems, some new zero-knowledge proof technologies, such as ZK-STARKs technology, have also emerged.

In simple terms, the process of ZK-STARKs includes the following steps:

• The prover converts the computation he wants to prove into a system of polynomial equations with secret information as variables.
• The prover performs a series of transformations and simplifications on this equation system to obtain a simpler equation system.
• The prover samples and encodes this simplified equation system to obtain a low-dimensional vector.
• The prover hashes and signs this vector to get a short string as his proof.
• After receiving this string, the verifier can verify whether it is correct through some public parameters and algorithms, without knowing the secret information or original calculation.

Compared with ZK-SNARKs technology, ZK-STARKs technology has the following advantages:

1. ZK-STARKs technology does not require trusted settings, that is, it does not need to trust a specific generator, which improves the security of the technology.
2. ZK-STARKs technology can better adapt to lightweight devices and wider application scenarios because it requires less computing and storage resources. This is because its proof generation process is more efficient than ZK-SNARKs, which requires complex encryption and decryption operations. In addition, ZK-STARKs technology can also better utilize the capabilities of parallel computing and distributed computing, so that computing tasks can be processed more efficiently in some cases.
3. ZK-STARKs technology can also support more algorithms and operations, such as hash functions, polynomial operations, etc., which also provides more possibilities for technology expansion and upgrades.

Combination of Bitcoin and ZK-STARKs

EC-STARKs Technology

STARKs technology is a new type of cryptographic proof technology that can communicate with third parties by transferring data while maintaining data privacy. This technique enables off-chain computation and storage of verification data, improving scalability. Compared with ZK-SNARKs technology, STARKs technology is more advanced and can resist attacks from quantum computers.

EC-STARKs technology is the next generation of STARKs technology, which aims to improve the scalability and security of Bitcoin by replacing the hash function with elliptic curves. This technology could make scalability solutions that already exist on Ethereum compatible with Bitcoin. Using EC-STARKs technology, it is possible to run the Bitcoin protocol off-chain and store proofs in STARKs.

In short, Bitcoin can be emulated in STARK, allowing highly complex protocols for building Bitcoin-based tokens using the same elliptic curve keys. The use of EC-STARKs technology can run in Bitcoin's off-chain protocol, while keeping the proof in STARK. This approach not only improves the scalability of Bitcoin, but also allows for the establishment of highly complex protocols on Bitcoin with greater privacy.

This technology takes Bitcoin’s scalability and privacy to a whole new level, making Bitcoin a better platform. In this way, developers can create more complex applications on Bitcoin, making Bitcoin's position in the cryptocurrency market more stable.

ZK-STARKs application prospects in Bitcoin

The application of ZK-STARKs is also in line with Bitcoin's conservative design philosophy. It does not require a trusted collection, but uses technologies such as hash functions, Merkle trees, and polynomials to improve the transparency and security of Bitcoin. One advantage of EC-STARKS over Bitcoin is that it can improve the privacy of Bitcoin because it does not require the details of transactions to be disclosed. Another advantage is that it reduces Bitcoin's storage requirements, since it can compress large amounts of data into a small proof. One challenge of EC-STARKS on Bitcoin is that it requires more computing resources because it needs to perform complex mathematical operations. Another challenge is that it requires more coordination and standardization, as it needs to be compatible with Bitcoin's existing protocol and infrastructure.

From the perspective of technical implementation, the application of ZK-STARKs can be divided into light nodes, full nodes and verification methods. Light nodes can use stark to prove the status of block headers to achieve fast synchronization. The full node can realize the validity proof through the UTXO state, and use utreexo technology to represent the UTXO state in a new format, so that there is no need to view the entire UTXO state. In terms of verification methods, you only need to give utreexo root + final state to start verifying incoming blocks.

In addition, there are many potential directions for the application of ZK-STARKs. For example, the combination with the Taro protocol makes Bitcoin a more general asset, which further expands the application scenarios of Bitcoin. By combining ZK-STARKs with TARO, the scalability of the TARO protocol can be improved so that it can handle More transactions and support for larger-scale applications will open the door for multi-chain deployment of the TARO protocol. In addition, the privacy of Bitcoin has always been a problem, and the application of ZK-STARKs technology can greatly improve the privacy of Bitcoin. By using ZK-STARKs technology, the entire transaction history can be compressed into a single transaction, effectively hiding the user's transaction information.

What to watch in the future

Furthermore, ZK-STARKs can be used for the verification of Bitcoin transactions, including the serialization of Bitcoin transactions, double SHA calculations, secp256k1 operations, etc. These operations are the core of Bitcoin transaction verification, and the use of ZK-STARKs can ensure that the verification process of Bitcoin transactions is highly secure and reliable. ZK-STARKs can also be used to verify Bitcoin’s accelerated Cairo built-in functionality. Cairo is an efficient zero-knowledge proof system that, when used in conjunction with Bitcoin's accelerated Cairo built-in capabilities, enables efficient Bitcoin transaction verification and security.

ZK-STARKs can also be used to implement Taro primitives and asset TLV serialization, as well as MS-SMT implementation and verification, etc. These operations can effectively protect the privacy and security of Bitcoin transactions, and further improve the credibility and reliability of Bitcoin transactions. As a second-tier solution for Bitcoin transactions, the Lightning Network can achieve more efficient and secure Bitcoin transactions by combining ZK-STARKs technology. Using ZK-STARKs technology, Bitcoin transactions on the Lightning Network can be quickly verified without sacrificing transaction privacy.

We see more and more teams adopting zero-knowledge proof technology in blockchain infrastructure and dApps. Some of these new schemes may have the potential to accelerate the adoption of zero-knowledge proofs in the blockchain space and help privacy and scalability in a better way. However, most projects are developed based on Ethereum, while Bitcoin lacks due attention in the field of zero-knowledge proofs. To make matters worse, engineering practice has in some sense not caught up to academic achievement. We need more implementation and exploration in this area, and more attention and support should be given to this field.