Machine: c4-highmem-32
32 vcpus 248 GB RAM
Actual usage is 190/248, in "real-time" mode <100GB
proof size: ~1MB
on-demand hourly cost is $2.085424 USD
total cost: 2.085424*6.5 = $13.55
and this is not even the final form! (this is WITHOUT SHA256 builtin, Cairo M31, GPU acceleration, Proving parallelization)
https://github.com/starkware-bitcoin/raito
Can you explain ZK to me? People throw that word around but I never understood what it meant. How do you prove something without knowledge?
I understand the simple interactive examples; I can prove I possess some information if I reveal calculations with that information, and they can be proven valid, such as I could convince someone I have a private key if I can decrypt enough messages encrypted to its public key.
But I don't understand the non interactive proofs, and I don't understand how you can prove the bitcoin chain for someone without ALSO having the chain.
The zero knowledge part is from the verifier perspective. The prover needs of course the knowledge of the chain in this case. Btw note that we use a STARK proof here for the scaling properties and not for the privacy aspect. The goal is then to be able to verify in 50-100ms the validity of the entire header chain even on a small device like a phone
As for the non interactive part, it’s being obtained using Fiat Shamir, which enable to simulate some random oracle and queries of the verifier without interactivity
