What about M31 arithmetic opcodes for efficient STARK verification on Bitcoin ?
Idea: OP_M31ADD, OP_M31SUB, OP_M31MUL, OP_M31INV operating over the M31 Mersenne prime field.
OP_CAT too generic ? OP_STARK_VERIFY too narrow ? This is something in between.
https://hackmd.io/@abdelhamid/m31-opcodes-bitcoin-stark
#bitcoin #starks #zkp
How does it compare to the great script restoration?
And can the Mersenne prime be used to generate *zk* starks?
To verify them yes.
You generate the proof offchain and you verify it on chain
Those are more specific than the ones in GSR. They are really about making efficient STARK proof verification over a specific prime.
So with the arithmetic Opcode's in GSR, how is the size of the proof comparitavely?
