Share this page!

Ruben Somsen 🚵‍♀️🚵‍♂️🚵🚳 Profile picture
Twitter logo
Dec 14, 2021 7 tweets 2 min read
1/7 I often hear people say they want SNARKs (STARKs/zk-sync/zk-rollups) for #Bitcoin, but most are confused what that even means. Common misconceptions are that SNARKs provide something like 100x scaling and that this one "simple" change would enable any functionality they want.
2/7 Let's talk functionality first. SNARKs have only one function: non-interactive witness aggregation. Witness data is e.g. what proves that Alice satisfied the contract that allows her to send money to Bob. SNARKs can compress this data so it takes up much less bandwidth/CPU.
3/7 If you want more functionality, you also need a more expressive scripting language, as SNARKs can only do what you can actually express. And unless you want Bitcoin to inherit Ethereums scaling issues, this requires careful engineering, like the work being done on Simplicity.
4/7 Next, the 100x scaling claim – it's simply untrue. SNARKs only compress witness data, and Bitcoin blocks consist of 50% witness data, so even if you compress to 0 you'd get 2x at most. You can get more with address reuse, but at the cost of privacy – a questionable tradeoff.
5/7 So how does Eth get to 100x? An accounting trick. Eth blocks are limited by gas, and most of the gas is used up by CPU, not bandwidth. SNARKs take up little CPU and high bandwidth, so more data fits in the gas limit, but blocks get much bigger. A de facto block size increase.
6/7 So are SNARKs useful for Bitcoin? Yes, but it's not nearly the "easy 100x" people think. It won't solve on-chain scaling, but it may help to enable more complex contracts that require larger amounts of witness data & computation, provided we first improve Bitcoin's scripting.
7/7
Want more? You can learn more about SNARKs by reading my article, where I also cover how they can theoretically be applied to initial validation (IBD): medium.com/@RubenSomsen/s…

I also discussed SNARKs in a recent podcast with @sj_mackenzie (1h55m16s):

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ruben Somsen 🚵‍♀️🚵‍♂️🚵🚳

Ruben Somsen 🚵‍♀️🚵‍♂️🚵🚳 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SomsenRuben

Ruben Somsen 🚵‍♀️🚵‍♂️🚵🚳 Profile picture
Apr 7
1/7
I just posted my initial feedback on Taro to the bitcoin-dev mailing list. I'll summarize it in this thread.

Taro closely resembles RGB, a protocol I studied extensively, so I'm more familiar with the limitations of both designs than most, and was able to point them out.
2/7 First, let me say this is a valuable protocol. It basically allows tokens to exist inside of BTC's blockchain in a way that minimizes (but doesn't eliminate) on-chain block space usage, while still benefitting fully from Bitcoin's security. None of my points change that.
3/7 What Taro cannot do, however, is act as a smart contracting platform. Taro's design requires you to share the history of a token with the recipient prior to acceptance. If your script contains a conditional statement, the condition will change depending on whether the...
Read 7 tweets
Ruben Somsen 🚵‍♀️🚵‍♂️🚵🚳 Profile picture
Feb 21
1/8 Antoine and Gleb (@ffstls) just posted their excellent CoinPool paper.

What is it about? Simply put: multi party UTXO ownership.

I had the pleasure of receiving an early copy. I'm sharing my technical summary below. Hopefully it can help others in their understanding.

👇
2/8 CoinPool allows unilateral withdrawal from a UTXO with multiple owners while avoiding the factorial state blowup issue.

i.e. ABCD -> BCD -> CD -> D differs from ABCD -> ABD -> BD -> D, etc. Too many states to pre-sign!

This is achieved with op_merklesub and sighash_group.
3/8 Op_merkiesub enforces that the 1st output has the same merkle root minus the taproot script path that was just spent. The key path is similarly altered to remove the unilaterally withdrawing participant in its entirety.

The remaining participants will own this 1st output.
Read 9 tweets
Ruben Somsen 🚵‍♀️🚵‍♂️🚵🚳 Profile picture
Sep 4, 2020
#Statechains non-interactive novation👇

01/12

One aspect of #Bitcoin scaling is channels, e.g. 2-of-2 in Lightning or bigger groups in Lightning channel factories or payment pools.

The trade-off is that you can remain off-chain as long as you interact with the channel members.
02/12

This interactivity is difficult to scale. If 1 person in a channel of 100 people goes offline, the only way to move your money is to go on-chain – quite the pickle!🥒

Luckily, #statechains provide a non-interactive way to swap out of a channel. No cooperation required!
03/12

Let's say Alice and Bob have a regular Lightning channel... Image
Read 12 tweets
Ruben Somsen 🚵‍♀️🚵‍♂️🚵🚳 Profile picture
Oct 27, 2019
1/5 On this week's @UnhashedPodcast we talked to @hasufl about his paper on mining security, and it was incredibly insightful. In this thread I will summarize the core of the argument, which will hopefully show you why the full interview (linked at the bottom) is a must-listen!
2/5 The key finding is that the sunk cost of mining -- which is currently about 50% of the expected revenue over a 2 year period -- is what incentivizes miners to behave honestly. They have essentially pre-bought half the BTC they will mine during this period.
3/5 This financially ties miners to the future price of BTC. If malicious miners cause a permanent 10% price drop, they also lose 10% of the value of their pre-bought BTC. This is equivalent to all miners losing a massive 65k BTC (10% of half the BTC that'll be mined in 2 years).
Read 5 tweets
Ruben Somsen 🚵‍♀️🚵‍♂️🚵🚳 Profile picture
Apr 10, 2019
1/9 Blocks WILL be full sooner or later. We're not making smart use of block space, so we're likely to experience a bumpy fee ride until people adjust their behavior. It's human nature to want to deny unpleasant truths, but it's better to be ready. Here's what you need to know👇
2/9 It costs miners virtually nothing to add a transaction. Block space is given to the highest bidder - if nobody bids, it's practically free. If you think mass replicated immutable blockchain data is at least worth something, then it logically follows that blocks WILL be full.
3/9 Full blocks mean transactions will actually cost something, and that's needed. Not only does it replace the block reward, but Bitcoin's censorship resistance depends on it: a censoring 51% attacker gets the FULL block reward, but NONE of the transaction fees it censors.
Read 9 tweets
Ruben Somsen 🚵‍♀️🚵‍♂️🚵🚳 Profile picture
Feb 27, 2019
1/4
Update your @Ledger hardware wallet ASAP if you haven't already! Last month Ledger released v1.5.5, stating that it contained a "critical security fix on the Bitcoin app" ( ledger.fr/2019/01/16/led… ). I wondered how serious it was, and today I found out the answer...😮
2/4
@LappoSergey from @MyceliumCom found the bug, with some help from @LeoWandersleb. He quietly released a blog post detailing the bug, and it's VERY serious.

The Ledger can be fooled into sending away ALL funds from ALL your accounts, with NO warning from the device...🤐
3/4
This is how it can be exploited:
a. The user initiates a payment on malicious software
b. ALL coins get used as inputs
c. The Ledger gets fooled into accepting a malicious change address (this fault behavior is caused by simply leaving the derivation path empty)
...😶
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(