A Zero-Knowledge Proof Is Verified on Bitcoin For The First Time in History

Earlier this yr, Weikeng Chen and his companions at enterprise agency L2 Iterative determined to shift their consideration to the effervescent Bitcoin ecosystem. Chen, a Chinese language native, had taken discover of the rising curiosity in Bitcoin growth from a number of giant actors within the mining area who began backing totally different initiatives within the Ordinals and layer 2 area.

“I by no means actually realized Bitcoin had a growth neighborhood,” he says, half-joking.

Quick ahead to final week, an open-source initiative led by himself, with sponsorship from infrastructure firm Starkware, has achieved the primary implementation of a zero-knowledge verifier utilizing Bitcoin script.

In an trade the place vital breakthroughs are few and much between, these concerned within the effort are gushing concerning the significance of this milestone. Zero-knowledge proofs, they argue, are the important thing to unlocking Bitcoin’s programmability and scaling its use globally.

Behind this achievement is the exceptional journey of an outsider who picked up Bitcoin growth simply six months in the past and has now coded arguably its most superior piece of software program. I interviewed Weikeng Chen to delve into his motivations, his collaboration with Starkware round OP_CAT and STARKs, and his views on this new period of Bitcoin growth.

Ranging from scratch

A PHD graduate from UC Berkeley with a specialization in cryptography, Chen defined he started in search of a possibility to contribute his technical expertise to the trade to higher place his agency with potential traders and firms. Regardless of his in depth engineering expertise, he shortly realized that sources had been scarce and the educational curve was steep. “Numerous the fabric out there’s outdated and doesn’t replicate the present state of growth.” His affinity for zero-knowledge expertise finally led his analysis to deal with Bitcoin’s potential to carry out the computations required for verifying zero-knowledge proofs.

As one rabbit gap led to a different, Robin Linus’ work on the novel computing paradigm of BitVM got here onto his radar. within the potential of utilizing fraud proofs to implement zero-knowledge programs suitable with Bitcoin, he began poking across the white paper and observed some points with a number of the ideas concerned within the system. “I despatched a message to Robin asking just a few questions on BitVM. My understanding of BitVM from that whitepaper was certainly lifeless unsuitable. I bear in mind Robin’s first response was to ask me who had advised me this,” he remembers laughing. This interplay sparked a quick however productive collaboration between Chen, Linus, and different researchers as they iterated on the unique concept and appeared for methods to optimize it.

“It was apparent to me that this methodology might be used to confirm zero-knowledge proof so my work shortly went within the course of implementing a SNARK verifier.”

A verifier is a cryptographic device that permits the verification of zero-knowledge proofs on the Bitcoin community.

The OP_CAT alternative

Across the identical time, a crew at zero-knowledge trade big Starkware was paying shut consideration to the rising exercise popping out of the Bitcoin neighborhood. For some, it was a very long time coming. Starkware founder Eli Ben-Sasson was arguably the primary individual to debate zero-knowledge expertise within the context of cryptocurrencies at an early Bitcoin convention. Nearly a decade later, Starkware’s analysis and ZK-STARK expertise function the inspiration of a rising variety of purposes within the area.

“Again in 2013, after I instructed utilizing validity proofs to scale Bitcoin, I hoped Satoshi may nonetheless be round and would make it occur sooner. Due to cryptography visionaries like Weikeng Chen and Bitcoin OP_CAT researchers like Andrew Poelstra and Ethan Heilman, my 11-year previous dream feels now inside attain,” Ben-Sasson commented.

Final month, the corporate introduced they had been starting the deployment of quite a few initiatives centered on closing the expertise hole between Bitcoin and zero-knowledge proofs. A $1,000,000 utility grant was provided in the direction of analysis and exploration into the potential of the OP_CAT tender fork proposal.

The announcement was marked by notable enthusiasm, leaving some to marvel what was driving this optimism. Till lately, the prospects of zero-knowledge expertise on Bitcoin had been principally an afterthought — one other OP code which may by no means see the sunshine of day. Certainly, the problem of getting consensus over smaller adjustments to the Bitcoin codebase made it appear unlikely one thing extra advanced would ever come to go.

Based mostly on conversations with Starkware contributors, it was round Might once they caught wind of Weikeng’s progress on BitVM and the temper shifted dramatically. As it will end up, the developer had already set his sights on the corporate’s Circle STARKs expertise. In a paper launched a few months in the past, Chen had already recognized the latter as a “Bitcoin-friendly proof system.”

After some forwards and backwards, each events agreed to come back collectively and rise up a joint effort devoted to an open-source implementation of a STARK verifier utilizing the OP_CAT primitive. “I knew it might be completed. We simply wanted to place all of the items collectively,” suggests Chen. The “Bitcoin Wildlife Sanctuary” was born.

Two months later, the mission seems to have reached its objective due to the collaboration of different builders like Pingzhou Yuan, one other early BitVM contributor. Late morning final Friday, Chen jumped into the mission’s Telegram group to interrupt the information to different contributors: “I believe I completed the job!”

Following profitable native assessments, the developer broadcasted a sequence of transactions to Bitcoin’s Signet testnet community that will execute the complete script. To optimize on-chain utilization, the STARK proof, primarily based on Starkware’s open-source Stwo implementation, is cut up into concurrent transactions chained collectively utilizing an OP_CAT primarily based covenant.

At 6:29AM on July 12, 2024, the ultimate transaction was confirmed on the Signet community, signaling what proponents imagine might be the start of a brand new period of growth on Bitcoin.

“This was an incredible effort and took a big period of time,” mentioned Chen. “We began with nothing. There’s no details about ZK proofs on Bitcoin. There’s no data concerning the mathematical operations to comply with. We needed to construct the complete stack, which finally led to the implementation of the STARK verifier.”

Inspiring a brand new growth path

Whereas the outcomes need to be celebrated, Chen is insistent the job will not be completed. Requested if he was optimistic about his work creating the inspiration for brand spanking new scaling protocols like rollups on Bitcoin, the developer was fast to tamper expectations. 

“The thought roughly works however the proof-of-concept will not be production-ready. Validity proofs additionally take loads of block area which could transform costly sooner or later.”

Contributors at Starkware acknowledge the challenges forward however are assured the success of the mission represents “a monumental leap ahead” in the direction of Bitcoin scaling options that may leverage their ZK rollup expertise.

One factor is for certain, the collaboration is more likely to additional strengthen arguments in favor of a possible OP_CAT tender fork. In an effort to put collectively the verifier implementation, Chen says he needed to develop a dependable framework for covenants utilizing CAT which might serve to spotlight the flexibility of the script enchancment proposal. He believes different builders within the ecosystem can play along with his code and are available to the identical conclusion he did concerning its advantages.

“I don’t assume there’s loads of threat as soon as we’ve developed finest practices. There usually are not that many locations the place that is going to go unsuitable. We now have a transparent demonstration that OP_CAT could be tailored to numerous covenant initiatives in a secure means.”

When questioned about his intention to contribute to a future activation course of, the developer readily admits he’s not acquainted sufficient but with all the dynamics round Bitcoin open-source growth. Subsequent, he intends to share his progress with members of the event mailing record and hopes others will have the ability to contribute evaluation, and supply suggestions on his work.

Reflecting on his expertise to this point, Chen instantly factors out the significance of making a fertile atmosphere for brand spanking new builders getting into the ecosystem. He believes many proficient builders are passing on the chance to construct on Bitcoin due to the shortage of a cohesive imaginative and prescient.

“There’s not a transparent sense of course proper now which leaves contributors perplexed about their potential to impression the long run. Hopefully, the emergence of recent instruments and primitives can enhance this example so Bitcoiners are allowed to dream once more.”