Nostr Web Client

BitVM is such a protocol.

The verifies is split into small pieces, which are linked using Lamport signatures. One of these pieces must fail in case the SNARK is invalid.

This can work on Bitcoin, but it comes with a large on-chain footprint (around 4MB).

Alternative approaches appeared using Garbled Circuits.

Please Login to reply.

BitVMs mechanism can be substituted with Garbled Circuits.

Garbler (prover) encodes a proof on-chain.

Evaluator (verifier) derives a secret through a GC.

If the proof is invalid, the secret is used to slash the Grarbler.

Drawback: need to generate a Garbled Circuit, which can is very large. The cost can quickly explode.

New approach: Glock25.

A new kind of SNARK has been created, which is the smallest one knowledge as of today.

This bring a huge reduction in the amount of gates needed for the GC.

There is still a lot of room for improvements, like alternative garbling schemes.