Replying to Avatar A₿del fgu

This is for the proof generation of the whole header chain. Not for the verification. The verification of the proof takes 50-100ms even on a small device.
Avatar
A₿del fgu 3mo ago

Seeing some of the comments, I realize there might be some confusion or misunderstanding about what this means. I confirm and re-iterate that this is an incredible performance and that no other proving system in the world today can achieve such feats with this level of cost-efficiency, trustlessness, and soundness. We're pushing the boundaries of ZK tech to make Bitcoin's history verifiable in ways that were unimaginable before.

First, some comments suggested sarcasm like: "They got it all the way 'down' to 6.5 hours", implying it's slow or underwhelming. Hmm, I think there's a huge confusion here! The 6.5 hours is the time to generate the FULL RECURSIVE PROOF for the entire chain. This is done ONLY ONCE, by ONE machine (and we're optimizing to bring costs down further).

LETS FOCUS ON THE REAL DEAL => Verification takes just 50-100 MILLISECONDS, even on small devices like phones. It's not about proving time, it's the asymmetry STARKs provide: proving is compute-intensive but one-off; verifying is blazing fast and scales infinitely. As we work hard to be able to prove full block execution (scripts, txs, etc.), verification will still be ~100ms for the whole chain. That's the game-changer!

Next element: "Proofs don’t validate." Actually, verifying the proof does validate! Instead of re-executing everything (the slow, traditional way), you verify the STARK proof, which cryptographically guarantees the same result, but exponentially faster and with less computation. It's like compressing validation into a tiny, efficient check without sacrificing security.

To explain further, here's a high-level workflow for our Compressed SPV Proof (using STARKs via Cairo+Stwo):

- Batch Execution: An executor processes batches of Bitcoin block headers (e.g., 1-10k, then 10k-20k) with bootloader and assumevalid Cairo programs, generating traces and execution inputs.

- Proof Generation: A prover creates a STARK proof attesting that block validation logic was correctly executed over those headers.

- Verification: The compressed proof + current chain state + MMR root goes to an on-chain/off-chain verifier, which trustlessly confirms:Validity & linkage of all headers back to genesis.

* Target block's inclusion (via MMR proof).

* Sufficient cumulative difficulty/work.

* Correct timestamps & consensus rules.

* Target tx inclusion (via Merkle/SPV proof).

See more details: https://github.com/starkware-bitcoin/raito

Reply to this note

Please Login to reply.

Discussion

No replies yet.