In case you missed it, Starkware, a company historically active in the ethereum ecosystem, bitcoin-for-mass-use/”>Announced yesterday plans to begin allocating significant resources to new bitcoin scaling opportunities that have emerged in recent months.
Pioneers of zero-knowledge systems, the group has revealed plans to leverage OP_CAT to bring its STARK technology to bitcoin. The soft fork proposal could allow zero-knowledge proofs to be verified natively, opening up a whole new design space for developers.
The announcement is considered by many to be a major technical milestone for the bitcoin protocol. Here are my unsolicited 2 cents on the matter.
long time to come
As Starkware CEO Eli Ben-Sasson points out in his announcement post, the idea of using zero knowledge to improve bitcoin is nothing new. Developers have been debating the applications of this technology for more than a decade. Ben Sasson himself presented Very early concepts of the idea at a bitcoin conference in 2013 in San Jose. In 2017, Blockstream developers Gregory Maxwell, Pieter Wuille, and Andrew Poelstra co-published a research paper on the use of Bulletproof, a zero-knowledge protocol to support confidential transactions in bitcoin.
In more recent years, BitVM creator Robin Linus pushed work on ZeroSync, a compression technique used to create proofs without knowledge of the bitcoin blockchain. Once fully implemented, it would significantly reduce the resource requirements needed to run a bitcoin node. In 2022, the Human Rights Foundation commissioned current Alpen Labs researcher John Light to produce a full report on the potential for validity accumulations in bitcoin, using zero-knowledge proofs.
Zero-knowledge proofs have a wide range of applications and we're not done hearing about them yet. Many expect the technology to define this next era of computing, and it would be difficult to bet against it. It is almost guaranteed that higher-level bitcoin applications will start taking advantage of them soon and we can only expect this trend to grow from now on.
It is still early
Most of the technological advances around zero-knowledge cryptography have been achieved in the last ten years. The field is evolving rapidly as more cryptographers become interested in the applications of this technology. Researchers have been in something of an arms race to figure out who could save the most time and resources needed to produce and verify those tests. Today, most test systems remain computationally expensive. Different protocols involve different tradeoffs, but improvements have focused on verification so that the average user can verify proof quickly and efficiently. While the pace of innovation has been relentless, generating that evidence at scale is likely to require specialized hardware and large operations.
Despite massive unlocks and significant achievements in the field, it is worth noting that a decade is not exceptionally long in crypto circles. Many of the newer proposals leverage techniques that are considered technically sound, but not as tried and tested as those in bitcoin. In 2018, a hidden inflation error was detected. discovered in the ZK-SNARK implementation of Zcash, which could have allowed an attacker to counterfeit the currency. To be fair, Starkware's proposed STARK build is considered significantly more secure due to its more transparent nature.
It's hard to get excited about rollups
It's hard to get excited about rollups
One of the motivations for this project is to enable zk-rollups on bitcoin. For those unfamiliar, rollups are highly touted products that use off-chain sequencing to scale applications and performance. Zk-rollups, or validity rollups, propose creating proofs of the system's transaction log that can then be independently verified by users, enabling off-chain systems that do not require additional trust assumptions.
Today, none of the major cumulative implementations on ethereum have fully implemented this system. Each has a central operator responsible for both testing and ordering transactions. In the rare cases where evidence is actually generated, only authorized actors can submit it to prevent fraud. Starkware Starknet It currently does not offer any mechanism for users to force their transactions out of the system if the operator stops collaborating or its infrastructure goes down.
Virtually every project has billions of dollars on deposit that are effectively secured by a set of multi-signature keys. The same group of people responsible for managing those keys can also update the accrual contract and control the associated funds. Just a couple of days ago, ethereum's sixth largest rollup, Linea, was unilaterally x.com/LineaBuild/status/1797283448153112591″>stopped by operatorand all user funds were frozen after a hack.
There is an alternative, more optimistic case, which I am probably not qualified to write, but a lot of work and resources are being invested into solving the problems described above. A significant amount of research will be needed for the full, trustless view to manifest.
It's also possible that rollups will evolve, as ethereum has, into curious beasts of complexity that only a handful of people can tame.
BitVM's Side Mission
Robin Linus' introduction of BitVM last year is what really kicked the zero-knowledge race in bitcoin into high gear. Starkware is making headlines because of its resume, but several teams like it x.com/AlpenLabs/status/1785730103122513943″>Alpen Laboratories, x.com/citrea_xyz/status/1798144454370672760″>Citrea and x.com/BitlayerLabs/status/1796193385536999578″>bit layer They are actively researching how to optimize zero-knowledge proofs for their implementations.
It will be interesting to see what decisions they make in the future and whether they stick with it or not. A strong argument can be made that OP_CAT introduces many efficiencies, but it is still unclear exactly what the advantages and disadvantages are. I hope that many companies will continue to explore the BitVM path and simply emulate zero-knowledge computing. It is important to note that in both cases, bridging funds from the bitcoin chain to any other system involves light client security that is susceptible to reorganization attacks.
In the last month a lot of air time has been given to liquidity problems around BitVM. Considering the current user profile for those types of solutions, the idea that this would prevent anyone from participating seems a little dubious to me. It may not be practical or sustainable, but I'm honestly not sure the market that exists for this will care much. Again, users are currently depositing billions of dollars into multi-signatures, so anything else will seem almost unreliable in comparison.
More funding for developers
A million dollars spent funding research is a net benefit to the ecosystem. This is an encouraging development for the growing mindset around OP_CAT. A bug bounty is unlikely to lead anywhere, but I'm interested to see what comes of more focused work on proof of concepts and applications. It is easy to disapprove of the origin of those funds, but ultimately the outcome of those efforts will be judged on their technical merits. The bitcoin development process is not as easily influenced as some commentators would have you believe.
It's also important to remember that OP_CAT is just one piece of the script puzzle. Advances in specific use cases are interesting, but they are rarely enough to justify losing sight of the bigger picture. None of these technologies are mature enough to generate significant dividends in the short term. Rushing an update today, when it would still take years to reliably deploy these systems, seems a bit reckless. If people want centralized virtual machines, there are many sidechains to choose from.
We're breaking new ground every day right now and it's hard to even predict where we'll be a month from now. I'm cautiously optimistic about the progress being made around improvements to the bitcoin script, but it doesn't seem justified to commit to anything at this time. We'll have to let the dust settle for a while.