fgu >>>>> ngu
freedom tech will save the world
Time to shake the balance of power in the world honestly
Global majority ftw
That’s super cool!
My only caveat is to use STARKs and not SNARKs.
Also for quantum resistance
zero knowledge proofs are truly another 0 to 1.
it's a complete paradigm shift.
a new way to verify integrity of computation.
on bitcoin and other blockchains the way to verify integrity of the network is by re-executing everything.
you run your full node (you should! it's the only way to have true sovereignty), and you validate everything, the consensus rules are respect, execution is correct, etc.
but of course this process is hard to scale, because of the tension between making this verification accessible to anyone (and hence to low hardware and devices), and increasing throughput / computation power.
zkp breaks this dichotomy. you can preserve fully the ability to verify cheaply, efficiently, even on small devices, without even re-executing blocks.
it feels magical, but this is really what it brings.
you, as an individual, even with a raspberry pi, can verify fully the actions performed by big machines, even super computers, even if they have 1000000x more compute power than you.
we are yet to see the implications of such a new paradigm really.
it started with blockchains, for scaling and privacy, because right now this is the only "industry" that is sufficiently paranoid to desire trustlessness, but you can be certain that zero knowledge proofs will shake many more industries (healthcare, military / defense, logistics, ai, you name it).
it's a whole new world of possibilities.
btw, starks are the endgame of zero knowledge proofs.
truly scalable, no trusted setup, quantum resistant, pure mathematical power.
those things are not just moon math anymore.
they work, in real world. starknet proving system alone has secured over $1.5 trillion (yes trillions!) of cumulative trading volume over 5 years running in production, has processed over a billion transactions.
it's the most battle tested zkp system in the world.
zkps will change the world, first because they will turn bitcoin into truly unstoppable private and scalable p2p cash for the planet. and remember, if you fix the money, you fix the world (i truly believe in this!).
but then they will also change many more industries.
prove the world, one stark at a time!
Ok I will be back more often. Fucking network effect of X is hard to fight.
Time to do my part for real and bring more folks to the freedom of speech protocol
Proposal: OP_STARK_VERIFY - Native STARK Proof Verification in Bitcoin Script.
Check this sir nostr:nprofile1qqs0dqlgwq6l0t20gnstnr8mm9fhu9j9t2fv6wxwl3xtx8dh24l4auspzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtcpzemhxue69uhkzat5dqhxummnw3erztnrdakj7us2nqv . Michael is from my team. We are cooking some cool shit that might unlock this in the future.
Always looking for more ways to leverage ZK for Bitcoin and Nostr. What is the need exactly ?
Oh ok cool. We did not finish yet. We will complete it when we reach the next milestone on Raito. Because right now the way we verify non spending of UTXO in zkpoor is naive and extremely inefficient which makes it impossible to prove on a large range of blocks.
Once we have proving of utreexo it will be much easier.
Also we found a way to couple the proof to the legit owner of the coins after the hackathon that we did not implement yet. Simply passing a public key as argument when generating the proof and adding it in the output of the proof. Only legit owner is able to generate a valid proof of ownership of the input UTXOs so then the owner can just send a message off chain to prove they generated the proof. To avoid someone just taking the proof and claiming to own coins they don’t own.
Here you go: https://github.com/AbdelStark/zkpoor
I understand your concern here. This is fair criticism
"If I wanted to destroy bitcoin I would just fund infinite developers who are very talented and tell them to make it better."
- Michael Saylor on op_return
I think he is not completely wrong, there is a risk. A risk of distraction, a risk of wanting to work on cool stuff because they are exciting, etc. those risks exist.
BUT, in my opinion, what Michael Saylor actually thinks is closer to this:
“If I wanted to destroy Bitcoin I would just scare people so that no one touches it and address the remaining issues and challenges that prevent Bitcoin to truly become P2P cash at the planet scale. It will make it easier for us to capture it and just hammer the NGU and digital gold narratives. Fuck their cypherpunk values and their hope of freedom.”
Who benefit the most from scaring people from ever touching Bitcoin again to try to improve it and fulfill its promise ? I think that considering Bitcoin final now is the biggest gift to governments or any powerful adversarial forces that would want to capture Bitcoin or prevent it from being adopted widely as money, and not just as digital gold.
Complacency also can kill Bitcoin. Job is not finished. The real fight has barely started.
https://blossom.primal.net/04dbdf0f6a405f0658a0d64a4773505be5812e89950928b43ea5498725e781c1.mov
Seeing some of the comments, I realize there might be some confusion or misunderstanding about what this means. I confirm and re-iterate that this is an incredible performance and that no other proving system in the world today can achieve such feats with this level of cost-efficiency, trustlessness, and soundness. We're pushing the boundaries of ZK tech to make Bitcoin's history verifiable in ways that were unimaginable before.
First, some comments suggested sarcasm like: "They got it all the way 'down' to 6.5 hours", implying it's slow or underwhelming. Hmm, I think there's a huge confusion here! The 6.5 hours is the time to generate the FULL RECURSIVE PROOF for the entire chain. This is done ONLY ONCE, by ONE machine (and we're optimizing to bring costs down further).
LETS FOCUS ON THE REAL DEAL => Verification takes just 50-100 MILLISECONDS, even on small devices like phones. It's not about proving time, it's the asymmetry STARKs provide: proving is compute-intensive but one-off; verifying is blazing fast and scales infinitely. As we work hard to be able to prove full block execution (scripts, txs, etc.), verification will still be ~100ms for the whole chain. That's the game-changer!
Next element: "Proofs don’t validate." Actually, verifying the proof does validate! Instead of re-executing everything (the slow, traditional way), you verify the STARK proof, which cryptographically guarantees the same result, but exponentially faster and with less computation. It's like compressing validation into a tiny, efficient check without sacrificing security.
To explain further, here's a high-level workflow for our Compressed SPV Proof (using STARKs via Cairo+Stwo):
- Batch Execution: An executor processes batches of Bitcoin block headers (e.g., 1-10k, then 10k-20k) with bootloader and assumevalid Cairo programs, generating traces and execution inputs.
- Proof Generation: A prover creates a STARK proof attesting that block validation logic was correctly executed over those headers.
- Verification: The compressed proof + current chain state + MMR root goes to an on-chain/off-chain verifier, which trustlessly confirms:Validity & linkage of all headers back to genesis.
* Target block's inclusion (via MMR proof).
* Sufficient cumulative difficulty/work.
* Correct timestamps & consensus rules.
* Target tx inclusion (via Merkle/SPV proof).
See more details: https://github.com/starkware-bitcoin/raito
This is for the proof generation of the whole header chain. Not for the verification. The verification of the proof takes 50-100ms even on a small device.
As for the non interactive part, it’s being obtained using Fiat Shamir, which enable to simulate some random oracle and queries of the verifier without interactivity
The zero knowledge part is from the verifier perspective. The prover needs of course the knowledge of the chain in this case. Btw note that we use a STARK proof here for the scaling properties and not for the privacy aspect. The goal is then to be able to verify in 50-100ms the validity of the entire header chain even on a small device like a phone
I see your point and understand your perspective. Does not change my point about the fact that the tech that powers Starknet is orthogonal to this
Yes this is what I am saying through the lines. With still some objective criticism on the current state of Knots (which is not something that cannot change)
Welcome to the freedom of speech protocol
Gm from Hong Kong Nostriches.
Bitcoiners in Hong Kong, register and come to our event on Monday.
We will discuss covenants, Rollups, STARKs, Cashu, Lightning network and more.
https://lu.ma/3q2zemn9?locale=en-GB
#BitcoinEvent #BitcoinConference #BitcoinDevsGathering
Yes very acceptable!
I did not benchmark but I suspect the ts execution times would me much higher.
Btw I will add wasm compatibility for usage of the rust lib in browser and in JavaScript projects
By popular demand (from 1 person), I added a BLSAG (Back's Linkable Spontaneous Anonymous Group) variant in Nostringer, similar to Monery scheme.
bLSAG signatures are linkable but still anonymous.
Can detect duplicate voting or track usage of a credential.
Introducing Nostringer - unlinkable ring signatures (SAG) for Nostr pubkeys.
Instead of doing some Ghibli stuff I implemented a prototype of unlinkable ring signatures for Nostr.
It's using Monero style Spontaneous Anonymous Group signatures (SAG).
What does it enable ?
Ring signatures allow multiple members of a group to sign a message without revealing which member actually signed it.
I explored this after chatting with nostr:nprofile1qqsydl97xpj74udw0qg5vkfyujyjxd3l706jd0t0w0turp93d0vvungpzpmhxue69uhkummnw3ezumt0d5hszythwden5te0dehhxarj9emkjmn99ujcnqad who wants to use this concept for WalletScrutiny. Basically his idea would be to let users write reviews as accredited wallet developers. Because of the competition between wallets it's better to not disclose who posted a review.
It would be sufficient to know that it was posted from someone belonging to a group of accredited developers.
Checkout the demo and repo in the links below.
Live demo: https://nostringer.starknetonbitcoin.com
Nostringer in Typescript was fun, but did it again in a serious language this time: nostringer-rs is born, a blazing fast unlinkable ring signature scheme, written in Rust 🦀
Try it with the cli: cargo install nostringer_cli && nostringer_cli demo
https://github.com/AbdelStark/nostringer-rs
It’s basically equivalent to the size of the ring.
Its ring size multiplied by 32, and add 32 bytes.
So if ring size is 10 it’s 342 bytes.
If ring size is 100 it’s 3232 bytes.
Hey. I don’t know if/when I will have time to do it myself but if someone wants to work on that and submit a PR that would be cool.
It would enable interesting use cases.
Let’s do the opposite. Find devs to contribute and we will help to fund them to work on this if there is demand
