reply on: i read the luke dashjr hit piece - @udiWertheimer \ stacker news ~bitcoin

pull down to refresh

100 sats \ 11 replies \ @standardcrypto 26 Sep \ on: i read the luke dashjr hit piece - @udiWertheimer bitcoin

how does the zk proof work?

what are the advantages of this approach over utreexo where you download (to verify) but don't save the transactions?

"technically. hard fork but not actually a hardfork" wtf. seems intentionally confusingly worded. no wonder it leaked and set off alarm bells. don't blame the haters, blame the bad communicator.

Luke IS asking us to trust him. Most of us know how transactions are verified by now. the zk stuff is reaearchy and black magic.

300 sats \ 3 replies \ @tomlaies 27 Sep

how does the zk proof work? what are the advantages of this approach over utreexo where you download (to verify) but don't save the transactions?

A merkle tree IS A ZK PROOF. You prove something (an item is a node/leaf of the tree) without revealing the whole knowledge (all leaves).

It's used in Bitcoin for transactions - a more zk-proof-esque usage is in web crypto. When you connect to a website, the exsistence of a certificate revocation can be proven without downloading all certificates - just a few nodes in the tree.

Cryptographers often consider things like merkle trees or signatures not ZK proofs but to be categories on their own ... but they totally do prove a statement without revealing all the knowledge.

0 sats \ 2 replies \ @Murch 29 Sep

No, merkle trees are not zero-knowledge proofs.

0 sats \ 1 reply \ @tomlaies 29 Sep

Cryptographers often consider things like merkle trees or signatures not ZK proofs but to be categories on their own ... but they totally do prove a statement without revealing all the knowledge.

100 sats \ 0 replies \ @Murch 29 Sep

Your first sentence is:

A merkle tree IS A ZK PROOF.

Later you write:

…but they totally do prove a statement without revealing all the knowledge.

A zero-knowledge proof reveals no information except that the statement is true. This is not a property that merkle trees have. Many proofs don’t reveal all the knowledge. E.g., ECDSA signatures don’t reveal the private key, and yet they prove that you are in possession of it.

So no, merkle trees are not ZK proofs, and it’s just false to claim that they are.

83 sats \ 4 replies \ @optimism 26 Sep

Think about it this way: if you run wasabi wallet, you're not hosting any BRC-20s either, thanks to BIP-157.

121 sats \ 3 replies \ @standardcrypto 26 Sep

this like a better lite client spv right?

still not a verifying node if you do this though. just a better / safer light node.

0 sats \ 2 replies \ @optimism 26 Sep

Yes. Thus, if you skip any transaction, even based on ZKP authoritarianized with some multisig, you're also not a verifying node

100 sats \ 1 reply \ @standardcrypto 26 Sep

how is that a hard fork though?

any more than an spv node is a hard fork.

0 sats \ 0 replies \ @optimism 26 Sep

I think that's the point? It doesn't have to be.

0 sats \ 0 replies \ @adlai 26 Sep

I'm not sure there is an implementation of this yet. It would could be quite involved and self-defeating, if the zk machinery ends up being less efficient than just downloading and verifying the spam.

0 sats \ 0 replies \ @kepford OP 26 Sep

I mean, is Luke asking? Or is that a private chat conversation.