Nostr Web Client

Rollups strike an interesting balance in the L2 space, while other present more limitations.

It is sufficient to verify a SNARK, Succint Non-interactive ARgument. However, Bitcoin cannot natively verify them.

How does we deal with that?

Please Login to reply.

Instead of verifying it, it can be possible to prove an invalid SNARK. This is called an “optimistic protocol”.

BitVM is such a protocol.

The verifies is split into small pieces, which are linked using Lamport signatures. One of these pieces must fail in case the SNARK is invalid.

This can work on Bitcoin, but it comes with a large on-chain footprint (around 4MB).

Alternative approaches appeared using Garbled Circuits.

BitVMs mechanism can be substituted with Garbled Circuits.

Garbler (prover) encodes a proof on-chain.

Evaluator (verifier) derives a secret through a GC.

If the proof is invalid, the secret is used to slash the Grarbler.

Drawback: need to generate a Garbled Circuit, which can is very large. The cost can quickly explode.

New approach: Glock25.

A new kind of SNARK has been created, which is the smallest one knowledge as of today.

This bring a huge reduction in the amount of gates needed for the GC.

There is still a lot of room for improvements, like alternative garbling schemes.