[Attempt] Support general-purpose computation and privacy on bitcoin

[ola_xb]

Inspired by BitVM[/https://bitcointalk.org/index.php?topic=5469776.0], invented by @robin_linus, and based on my a few experiences on ZKVM, I wrote an article about how to bring ZK-based programmability and privacy simultaneously to Bitcoin.

Note: It's just my initial thoughts on this, there must be some points that I don't take into account, glad to talk with everyone to find some new possibilities to Bitcoin

The article Link:

https://hackmd.io/-ScUwVz4SHi3936ASfyG7A?view

[ola_xb]

How to verify the computation happened in off-chain(ZKVM) is a problem. And now we would love to use a fraud-proof to solve it. A Bisection protocol used in Arbitrum.


So, we could verify a single instruction of ZKVM on Bitcoin. It's easy to implement it based on the current opcodes set in Bitcoin.

[NotATether]

How to verify the computation happened in off-chain(ZKVM) is a problem. And now we would love to use a fraud-proof to solve it. A Bisection protocol used in Arbitrum.


So, we could verify a single instruction of ZKVM on Bitcoin. It's easy to implement it based on the current opcodes set in Bitcoin.

We're a bit of a long way from seeing an implementation of zk-proofs validating a contract on Bitcoin (as opposed to zk-proofs validating network state, for which work is already happening right now). But it's highly expected that any development of a ZKVM will be done as a separate program, and maybe as an alternative to Lightning Network.

I don't think much thought was given to how LN would interoperate with these other systems though.

[ola_xb]

How to verify the computation happened in off-chain(ZKVM) is a problem. And now we would love to use a fraud-proof to solve it. A Bisection protocol used in Arbitrum.


So, we could verify a single instruction of ZKVM on Bitcoin. It's easy to implement it based on the current opcodes set in Bitcoin.

We're a bit of a long way from seeing an implementation of zk-proofs validating a contract on Bitcoin (as opposed to zk-proofs validating network state, for which work is already happening right now). But it's highly expected that any development of a ZKVM will be done as a separate program, and maybe as an alternative to Lightning Network.

I don't think much thought was given to how LN would interoperate with these other systems though.

Yeah, In terms of the cost and programmability, it's very hard to run a zk-verify contract on Bitcoin directly now. And tbh, it's much harder to support these by changing the bitcoin. So We have to find another way to solve it.  The fraud proof may be used to achieve it. Instead of executing the zk-verify program on the bitcoin, we can just execute one step of zk-verify on the bitcoin. The one-step means the one instruction of VM. It could be easy to implement by using the current opcodes in Bitcoin.

[spartucus]

Interesting post! I think the architecture presented in the picture in the article is feasible, but there are still many details that need to be discussed. Fraud proof has been discussing security, what do you think?

https://s2.loli.net/2023/10/20/nSRyTtkKIqircxC.png

[Cyimon]

Inspired by BitVM[/https://bitcointalk.org/index.php?topic=5469776.0], invented by @robin_linus, and based on my a few experiences on ZKVM, I wrote an article about how to bring ZK-based programmability and privacy simultaneously to Bitcoin.

Note: It's just my initial thoughts on this, there must be some points that I don't take into account, glad to talk with everyone to find some new possibilities to Bitcoin

The article Link:

https://hackmd.io/-ScUwVz4SHi3936ASfyG7A?view

The new valid link:

https://hackmd.io/@xbinSin7Y/BypGGlcJq