What Are Bitcoin Zero-Knowledge Proofs (ZKPs) & How Did BitcoinOS Turn Them Into a Reality?

Bitcoin zero-knowledge proofs (ZKPs) are becoming increasingly important for expanding the capabilities of the Bitcoin ecosystem. However, they are also considered mathematically quite dense and, for many, difficult to understand. 

This guide will explain Bitcoin ZKPs and walk you through the first implementation on Bitcoin, thanks to BitcoinOS.

A zero-knowledge proofs (ZKP) is a cryptographic protocol that verifies the content of a claim without revealing the content of the claim itself. In other words, it uses applied cryptography to show whether a claim is true or false without revealing unnecessary data, which is where its name stems from. 

In blockchain networks, ZKPs can ensure confidentiality in transactions by verifying the validity of a transaction without revealing the specific inputs and outputs associated with it. 

Zero-knowledge proofs must fulfill three main criteria:

1. Completeness: If the statement is true, an honest prover (meaning, one who follows the protocol properly) can convince an honest verifier. 
2. Soundness: If the statement is false, a prover (whether following the protocol or not) almost certainly cannot convince an honest verifier.‍
3. Zero knowledge: As the name of the protocol suggests, the most crucial criterion is that no additional knowledge is unveiled during the process of providing proof.

At a basic level, zero-knowledge proofs ask the prover to perform operations that only they can do if the underlying claim is valid. 

The verifier then ensures that these operations are done correctly, to remove the possibility of the prover faking or guessing the answer. 

There are three main elements in a zero-knowledge proof protocol:

1. The witness: the information that cannot be revealed. 
2. The challenge: the question that only someone who has the information can answer correctly.
3. The response: the answer to the question in Step 2. 

Different types of ZKPs work in slightly different ways. One distinction is between interactive and non-interactive proofs. 

Interactive proofs: A two-way communication channel is used between the prover and the verifier. Steps 2 and 3 are repeated many times to ensure that both the soundness and completeness criteria are fully satisfied before the proof is deemed valid. 

Non-interactive proofs: The steps are executed in only one round. Once the prover has provided their proof, it is up to the verifier to complete the process. Non-interactive proofs are simpler and more convenient, making them the more popular choice among developers.

An added layer of security is that, regardless of how many times the prover and verifier complete their sides of the protocol correctly, the verifier will never be able to become the prover to a third party without actually possessing the underlying information. In other words, there is no way for a verifier to become a prover simply based on their experience verifying the protocol, thus potentially tricking a third participant into believing they possess the knowledge in question.

The team behind BitcoinOS, a superchain of interoperable rollups secured by Bitcoin and initiated by Sovryn, has completed its first zero-knowledge proof verified on Bitcoin.

The ZKP used by BitcoinOS for this achievement belongs to the non-interactive proof category and is a type of zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) called BitSNARK. 

Generally speaking, zk-SNARKs use a secret key created before the transaction in a trusted setup ceremony. They can be verified very quickly, often within milliseconds, making them incredibly efficient. 

BitSNARK is the zk-SNARK verification software library developed and used by BitcoinOS.

Also, a blockchain explorer for Bitcoin ZK transactions has been built, where users can see the full set of challenge transactions leading up to the final verification of the ZK-proof. This ensures transparency that still doesn’t reveal the secret information.

One version of the blockchain trilemma states that it is very difficult to have all three at the same time: computational expressivity, scalability, and decentralization. 

One effort to increase computational expressivity while retaining the other two aspects was the creation of SNARKs. It is a system allowing you to run an arbitrary program and then publish a compact and quickly checkable proof that ensures the program was executed without tampering and that its return was valid. 

However, implementing SNARKs the way they were first proposed would require a soft fork. 

BitcoinOS circumvented this by implementing near-trustless BTC bridging that relies on an honest-singleton system, where one honest participant is enough to ensure that system integrity is maintained. The bridges then serve to move transactions between the mainnet and Layer 2 solutions like rollups, with no need for consensus-based changes to the mainnet. 

BitcoinOS also has an alternative approach to verifying the integrity and validity of SNARKs within the ecosystem. It relies on BitSNARKs, a highly optimized implementation of zk-SNARK verification for the Bitcoin mainnet, without requiring complicated general-purpose computation.

All of this paves the way for new upgrades on Bitcoin that don’t have to rely on Bitcoin Improvement Proposals (BIPs) or forks. Additionally, this enables new levels of scalability, as one base-layer transaction can now include thousands of L2 transactions. These transactions can also include smart contracts or can simply be used to transact privately.

In conclusion, Bitcoin ZKPs pave the way for new capabilities on Bitcoin. They will help enable new levels of programmability and, therefore, usability while maintaining the important tenets of the technology: decentralization, security, and scalability. BitcoinOS is among the leading projects pioneering these efforts.

Buy SOV today to have your say in Sovryn’s Bitocracy and help drive the future of Bitcoin and BitcoinOS.

Who invented zero-knowledge proofs?

Zero-knowledge proofs were first proposed in a 1985 paper by authors Shafi Goldwasser, Silvio Micali, and Charles Rackoff, titled “The Knowledge Complexity of Interactive Proof Systems,” as part of the Proceedings of the Seventeenth Annual ACM Symposium on Theory of Computing. In this case, ZKPs were shown for a specific number of theoretic languages. 

Later, in 1991, authors Oded Goldreich, Silvio Micali, and Avi Wigderson showed the extent of their possibilities in a paper titled “Proofs that Yield Nothing But Their Validity or All Languages in NP Have Zero-Knowledge Proof Systems.”

Does Bitcoin use zero-knowledge proofs? 

Bitcoin has been demonstrated as of 2024 to allow zero-knowledge proofs, when the first such proof was successfully implemented. The BitcoinOS verification in block 853626 successfully emulates covenants (conditional payments that only execute with cryptographic proof) on-chain without a soft fork. This opens up the possibilities of using ZKPs on Bitcoin, which include greater scalability, private transactions, and new smart contract capabilities.

‍