RobinLinus/bitvm2.md Secret

Last active April 2, 2024 16:31

Star 4 You must be signed in to star a gist
Fork 0 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/RobinLinus/2251939ba074bd8af80a3826b1983246.js"></script>
Save RobinLinus/2251939ba074bd8af80a3826b1983246 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

BitVM 2: Permissionless Verification on Bitcoin

Cyimon commented Mar 25, 2024

A brainstorm based on your idea:

prover calculate a polynomial f(x) based on {x,y,z1,z2,...z42}, and commit to this polynomial;
Get a challenge point based on the commit vale z = oracle(commitment)
prover commit that c = f(z) and return the witness polynomial;
each verifier calculate g(x) locally as well and check that if g(z) = c;
if not, the verifier disproves assertion c=f(z)

diyahir commented Mar 25, 2024

This is great!

A just a thought experiment on the ability to credibly threaten to burn a deposit

Attacker: Unless we split your future UTXO, I will burn it

How to perform attack? You could threaten the user, and request pre-signs a split of the future utxo with progressive amounts of fees until the whole thing is burned, if the user tries to send in another tx with a higher fee (front run the attack), the attacker sends in another presigned tx with more fees until the result is a burned UTXO.

The best option for the user is to accept the terms of the split

Is this theoretically possible?

niconiconi commented Mar 25, 2024

The problem for BitVM is any colluding prover&challenger can disprove any valid statement which covers the truth

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment