While there are a lot of projects working on using zero-knowledge proofs to scale and improve blockchain infrastructure or dApps, most of them are built on Ethereum. Comparably, the possibilities of applying zero-knowledge proofs to the Bitcoin network are much less explored. 

However, theoretically, zero-knowledge proofs have a huge potential to improve the Bitcoin network in terms of privacy, scalability, security, and room for innovation. 

For example, as a decentralized virtual currency, Bitcoin uses the blockchain to store all the transaction information. That means everyone is accessible to such information, leaving the network with privacy risks. Zero-knowledge proofs (“ZKPs”) is a technology that can be effectively used in privacy protection. It is a mathematical method by which one party (the prover) can prove to another party (the verifier) that a given statement is true without revealing any additional information about the statement. Using ZKPs, transaction data can be encrypted, enabling users to transact with more privacy on the Bitcoin blockchain. 

Additionally, the Bitcoin network is considered unsuitable for commercial use because of its slow transaction speed due to limited block size and the issue of network congestion. ZKPs can help scale the network to solve this by buddling up transactions for batch processing and minimizing the size proofs for validation.

Let’s delve into the landscape in this field and the potential to be discovered.

ZkSNARKs vs ZkSTARKs

ZkSNARKs and zkSTARKs are two prominent vibrations of the zero-knowledge proof technology. Both allow one party to prove to another the validity of a given statement without revealing any sensitive information. But they differ in their workings, performance, and possible use scenarios. 

ZkSNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) are based on elliptic curve cryptography (ECC), which involves complex mathematical equations that are difficult to solve. They can generate extremely small-sized proofs without interacting with either the prover or the verifier. ZkSNARKs are mostly used in cryptocurrencies and privacy protection.

ZkSTARKs (Zero-Knowledge Scalable Transparent Argument of Knowledge) are a new type of zero-knowledge proof technology. They use a much simpler mathematical framework that includes irreversible cryptographic hash functions and polynomial interpolation, allowing them to be implemented more efficiently on a larger scale.

And different from zkSNARKs, zkSTARKs do not require a potentially vulnerable trusted setup phase, making them more secure. zkSTARKs are also considered to be quantum resistant.

ZkSTARKs have larger proof sizes than zkSNARKs but the proof for zkSTARKs can be verified by anyone without access to any external parameters. Also, they can better support parallel processing and distributed computing, enabling them to handle complex computing tasks efficiently. This means zkSNARKs can be used in wider fields such as Internet-of-Things. 

ZkSTARKs also allow developers to use more complex algorithms and run complex mathematical operations, thus providing more possibilities for technological upgrades. 

As zkSNARKs were developed ahead of zkSTARKs, they have got a head start in terms of adoption.

Limitations of ZkSNARK-based Bitcoin Projects

Take Zcash for example. Zcash is a code fork of the Bitcoin protocol. It builds on the existing work of the Bitcoin core team to enable shielded transactions that encode the sender, recipient, and amount using zk-SNARKs. 

Zcash works like this. Firstly, there are two types of Zcash addresses, shielded and transparent. Transparent addresses start with “t” and behave similarly to Bitcoin addresses, exposing the address and balance on the blockchain. Shielded addresses that start with “z” include the privacy enhancements provided by zero-knowledge proofs.

Secondly, when users send cryptocurrencies between shielded addresses, a zkSNARK proof will be generated to prove that the sender has enough amount of a cryptocurrency that is unspent. The process involves complex mathematical and cryptographical operations including generating the public parameters, calculating the hashes, and constructing arithmetic circuits.

While generating a zkSNARK proof takes a lot of time and computing power, validating a zkSNARK proof is very fast and simple. The validator only needs to check if a transaction is processed in line with the consensus rules of the blockchain without knowing the amount, sender, and receiver of the transaction.

In this way, the use of zkSNARKs helps Zcash achieve anonymity and verifiability for transactions.

However, there are some limitations to Zcash’s use of this technology. Firstly, like Bitcoin, Zcash uses unspent transaction outputs (UTXO) to determine what transactions are spendable. This means transaction data has been yielded but only shielded from the public.  By analyzing patterns and traffic of transactions between the shielded addresses, attackers may obtain information that can undermine users’ privacy. 

Secondly, Zcash maintains its own blockchain, which makes it difficult for Zcash to integrate or interact with other applications. This has limited the application of Zcash and impeded its further development. Despite its success in achieving privacy-preserving transactions, the use of Zcash is low. Also, privacy-preserving transactions have a much higher cost than public transactions, which is one of the reasons behind Zcash’s low use and another limitation of it.

Experiments and Prospects of Applying ZkSTARKs to Bitcoin

The characteristics of zkSTARKs mean that they might be the more suitable ZKP technology for Bitcoin. 

One of the cutting-edge experiments is called elliptic-curve STARKs or EC-STARKs. EC-STARKs aims to increase Bitcoin’s scalability and security by moving off-chain the validation of the Elliptic Curve Digital Signature Algorithm (ECDSA) signature using STARKs. By replacing hash functions with elliptic curves, EC-STARKS can make already-existing scalability solutions for Ethereum compatible with Bitcoin. You can run an off-chain protocol for Bitcoin and keep proofs in STARKs. It means Bitcoin can be emulated inside STARKs, allowing highly sophisticated protocols to be built on Bitcoin-based tokens with the same elliptic curve keys.

Put simply, this technology can not only increase the scalability of Bitcoin but also enable the Bitcoin blockchain to transform itself into a platform where developers can create dApps, potentially becoming a rival for Ethereum. It also enhances privacy and reduces storage needs as data can be turned into significantly smaller proofs. However, some of the challenges include compatibility with the existing Bitcoin infrastructure and the demand for computing resources. 

zkSTARKs can also be used to prove the validity of block headers, enabling light clients to verify the latest state of the chain in an instant. In combination with UTreeXO, a dynamic hash-based accumulator designed for the Bitcoin UTXO set, zKSTARKs can be used to instantly sync a Bitcoin full node without the need to download gigabytes of blockchain history. And a block can be validated only by checking the UTreeXO root hashes that represent the whole UTXO set and the output state. 

ZkSTARKs may also be applied to the transaction verification process, including serialization of transactions, calculation of Double-SHA256 hashes, secp256k1 operations, and other core operations in the verification process. They could ensure a high degree of security and operational reliability in the process. What’s more, ZKSTARKs can also be used to verify Cairo built-ins for Bitcoin acceleration. Leveraging the built-in feature of Cairo, the highly efficient zero-knowledge proof system of StarkNet, the efficiency of the transaction verification process could be dramatically increased.

Beyond the above-mentioned, zkSTARKs have other potential applications. For example, in combination with Taro, they can make Taro more scalable, allowing it to process more transactions and support larger-scale applications, thus paving the way for the multichain deployment of Taro and potentially expanding the use cases of Bitcoin. 

Also, by using zkSTARKs to compress transaction history into a single transaction and effectively shield transaction data, confidential transactions can be achieved on the Bitcoin blockchain. Furthermore, zkSTARKs can be used to realize the primitive of Taro, achieve serialization of assets by TVL, and realize and verify the Merkle-Sum Sparse Merkle trees (MS-SMT). These operations could effectively enhance privacy and security. And layer-2 solutions such as the Lightening Network can leverage zkSTARKs to verify Bitcoin transactions more efficiently without sacrificing privacy. 

More and more projects are starting to experiment with adopting zero-knowledge-proof technology to the infrastructure and dApps in the Bitcoin network. Some of the solutions are promising to accelerate the use of this technology in harnessing the block space of the Bitcoin blockchain and improving the blockchain’s privacy and scalability. 

But overall, most of the activities are on Ethereum. There is an obvious lack of attention to the intersection of Bitcoin and zero-knowledge-proof technology. What’s more, the current engineering practice is lagging far behind the achievements of academic research. 

We believe more exploration and experiments are needed in this space, but it is a promising direction worth our attention and support.