A Zero-Knowledge Proof Is Verified on Bitcoin For The First Time in History

Earlier this year, Weikeng Chen and his partners at venture firm L2 Iterative decided to shift their attention to the bubbling Bitcoin ecosystem. Chen, a Chinese native, had taken notice of the growing interest in Bitcoin development from several large actors in the mining space who started backing different projects in the Ordinals and layer 2 space.

“I never really realized Bitcoin had a development community,” he says, half-joking.

Fast forward to last week, an open-source initiative led by himself, with sponsorship from infrastructure company Starkware, has achieved the first implementation of a zero-knowledge verifier using Bitcoin script.

In an industry where significant breakthroughs are few and far between, those involved in the effort are gushing about the significance of this milestone. Zero-knowledge proofs, they argue, are the key to unlocking Bitcoin’s programmability and scaling its use globally.

Behind this achievement is the remarkable journey of an outsider who picked up Bitcoin development just six months ago and has now coded arguably its most advanced piece of software. I interviewed Weikeng Chen to delve into his motivations, his collaboration with Starkware around OP_CAT and STARKs, and his perspectives on this new era of Bitcoin development.

Starting from scratch

A PHD graduate from UC Berkeley with a specialization in cryptography, Chen explained he began seeking an opportunity to contribute his technical skills to the industry to better position his firm with potential investors and companies. Despite his extensive engineering experience, he quickly realized that resources were scarce and the learning curve was steep. “A lot of the material out there is outdated and does not reflect the current state of development.” His affinity for zero-knowledge technology eventually led his research to focus on Bitcoin’s ability to perform the computations required for verifying zero-knowledge proofs.

As one rabbit hole led to another, Robin Linus’ work on the novel computing paradigm of BitVM came onto his radar. Interested in the potential of using fraud proofs to implement zero-knowledge systems compatible with Bitcoin, he started poking around the white paper and noticed some issues with some of the concepts involved in the system. “I sent a message to Robin asking a few questions about BitVM. My understanding of BitVM from that whitepaper was indeed dead wrong. I remember Robin’s first reaction was to ask me who had told me this,” he recalls laughing. This interaction sparked a brief but productive collaboration between Chen, Linus, and other researchers as they iterated on the original idea and looked for ways to optimize it.

See also  How Bitcoin is maintaining the $62K level despite sell-offs

“It was obvious to me that this method could be used to verify zero-knowledge proof so my work quickly went in the direction of implementing a SNARK verifier.”

A verifier is a cryptographic tool that enables the verification of zero-knowledge proofs on the Bitcoin network.

The OP_CAT opportunity

Around the same time, a team at zero-knowledge industry giant Starkware was paying close attention to the emerging activity coming out of the Bitcoin community. For some, it was a long time coming. Starkware founder Eli Ben-Sasson was arguably the first person to discuss zero-knowledge technology in the context of cryptocurrencies at an early Bitcoin conference. Almost a decade later, Starkware’s research and ZK-STARK technology serve as the foundation of a growing number of applications in the space.

“Back in 2013, when I suggested using validity proofs to scale Bitcoin, I was hoping Satoshi might still be around and would make it happen faster. Thanks to cryptography visionaries like Weikeng Chen and Bitcoin OP_CAT researchers like Andrew Poelstra and Ethan Heilman, my 11-year old dream feels now within reach,” Ben-Sasson commented.

Last month, the company announced they were beginning the deployment of numerous initiatives focused on closing the technology gap between Bitcoin and zero-knowledge proofs. A $1,000,000 application grant was offered towards research and exploration into the potential of the OP_CAT soft fork proposal.

The announcement was marked by notable enthusiasm, leaving some to wonder what was driving this optimism. Until recently, the prospects of zero-knowledge technology on Bitcoin had been mostly an afterthought — another OP code that might never see the light of day. Indeed, the difficulty of getting consensus over smaller changes to the Bitcoin codebase made it seem unlikely something more complex would ever come to pass.

See also  Ethereum-Based Protocol Alkimiya Creates Market for Hedging Bitcoin Fees

Based on conversations with Starkware contributors, it was around May when they caught wind of Weikeng’s progress on BitVM and the mood shifted dramatically. As it would turn out, the developer had already set his sights on the company’s Circle STARKs technology. In a paper released a couple of months ago, Chen had already identified the latter as a “Bitcoin-friendly proof system.”

After some back and forth, both parties agreed to come together and stand up a joint effort dedicated to an open-source implementation of a STARK verifier using the OP_CAT primitive. “I knew it could be done. We just needed to put all the pieces together,” suggests Chen. The “Bitcoin Wildlife Sanctuary” was born.

Two months later, the project appears to have reached its goal thanks to the collaboration of other developers like Pingzhou Yuan, another early BitVM contributor. Late morning last Friday, Chen jumped into the project’s Telegram group to break the news to other participants: “I think I finished the job!”

Following successful local tests, the developer broadcasted a series of transactions to Bitcoin’s Signet testnet network that would execute the entire script. To optimize on-chain usage, the STARK proof, based on Starkware’s open-source Stwo implementation, is split into concurrent transactions chained together using an OP_CAT based covenant.

At 6:29AM on July 12, 2024, the final transaction was confirmed on the Signet network, signaling what proponents believe could be the beginning of a new era of development on Bitcoin.

“This was a tremendous effort and took a significant amount of time,” said Chen. “We started with nothing. There’s no information about ZK proofs on Bitcoin. There’s no information regarding the mathematical operations to follow. We had to build the full stack, which eventually led to the implementation of the STARK verifier.”

Inspiring a new development path

While the results deserve to be celebrated, Chen is insistent the job is not done. Asked if he was optimistic about his work creating the foundation for new scaling protocols like rollups on Bitcoin, the developer was quick to tamper expectations. 

See also  Analyst Michaël van de Poppe Says Solana Rival Has Upside Momentum, Maps Path Forward for Bitcoin and Ethereum

“The idea roughly works but the proof-of-concept is not production-ready. Validity proofs also take a lot of block space which might turn out to be expensive in the future.”

Contributors at Starkware acknowledge the challenges ahead but are confident the success of the project represents “a monumental leap forward” towards Bitcoin scaling solutions that can leverage their ZK rollup technology.

One thing is for sure, the collaboration is likely to further strengthen arguments in favor of a potential OP_CAT soft fork. In order to put together the verifier implementation, Chen says he had to develop a reliable framework for covenants using CAT which can serve to highlight the versatility of the script improvement proposal. He believes other developers in the ecosystem can play with his code and come to the same conclusion he did regarding its benefits.

“I don’t think there is a lot of risk once we have developed best practices. There are not that many places where this is going to go wrong. We now have a clear demonstration that OP_CAT can be adapted to various covenant projects in a safe way.”

When questioned about his intention to contribute to a future activation process, the developer readily admits he is not familiar enough yet with all of the dynamics around Bitcoin open-source development. Next, he intends to share his progress with members of the development mailing list and hopes others will be able to contribute review, and provide feedback on his work.

Reflecting on his experience so far, Chen immediately points out the importance of creating a fertile environment for new developers entering the ecosystem. He believes many talented developers are passing on the opportunity to build on Bitcoin because of the lack of a cohesive vision.

“There is not a clear sense of direction right now which leaves contributors perplexed about their ability to impact the future. Hopefully, the emergence of new tools and primitives can improve this situation so Bitcoiners are allowed to dream again.” 

Source link