The whole this situation is very similar to the one with Theranos. Theranos' succinct blood test analysis machine was producing zero-knowledge proofs that it works as intended.
As we know, Theranos' devices were capable to execute only a fraction of analysis with a high error rate. However, Theranos team was claiming that analysis is full and accurate. Is it possible that we have the same story with zero-knowledge proofs applied to blockchain verification?
When you describe your ZK-proof system, do you describe "how you want it to work" or "how it actually works"?
I was trying to make some honest challenges with my claims, but do you also agree there is not much being said as for how these proofs are being used and how they are secure within the Bitcoin framework?
Yes, I completely agree with you. They don't provide us much information about how these proofs are being used and how they are secure within the Bitcoin framework. They want us to believe their product works as intended without disclosing the full data. It's kind of ZK-proof in real life.
Anyways, I guess ZeroSync exists only as a prototype, as RobinLinus writes. I doubt this prototype is working as described in the real-life test scenario and within a reasonable time limit. I doubt the team has a clear picture of how to finalise the product. It's not clear whether we talk about a working product or about a vision of how it should look like in the future.
Second, there are many proposals which try to utilise ZK-proof system in blockchain networks. It's very common that their developers do not understand what "the complete verification" actually means. The complete list of verifications performed within "a complete verification" might not be as complete as it sounds.
Last but not least. According to RobinLinus, Zerosync relies on the third party ZK-proof library and on math which is "sound and well-established in the research community".
Cairo and ZKSTARK is very sound stuff in my own opinion, I went through some workshops on it myself. But the idea that the ZK part is thrown out makes me entirely confused, the whole point of the ZKSTARK prover is to have an efficient ZK proof. These are also transparent proofs as they require no trusted setup. But the offered STARK non-ZK proofs don't seem to offer much value, this in my opinion needs to be elaborated on heavily.
For example if I want to prove I know 5+5=10 I can just write that out in clear text. There is no secret information, and thus why wrap the data in a non-standard prover and verification scheme? I was proposing just use a merkle tree for such a thing, for example lets say I want to prove a tx to send bob 50 sats and alice 25 sats. I can do:
sign(sha256(50 | bob)) sign(sha256(25 | alice)) and hand you these signed merkle branches, then you could use them in an extended tree of fully signed commitments that would match hashes when the input data is reproduced perfectly. Such you have a fully transparent proof of knowledge that is to be revealed eventually and you do not need some archaic verification scheme.
