Skip to content

Instantly share code, notes, and snippets.

@RobinLinus
Last active April 2, 2024 16:31
Show Gist options
  • Save RobinLinus/2251939ba074bd8af80a3826b1983246 to your computer and use it in GitHub Desktop.
Save RobinLinus/2251939ba074bd8af80a3826b1983246 to your computer and use it in GitHub Desktop.

BitVM 2: Permissionless Verification on Bitcoin

moved here

@Cyimon
Copy link

Cyimon commented Mar 25, 2024

A brainstorm based on your idea:

  1. prover calculate a polynomial f(x) based on {x,y,z1,z2,...z42}, and commit to this polynomial;
  2. Get a challenge point based on the commit vale z = oracle(commitment)
  3. prover commit that c = f(z) and return the witness polynomial;
  4. each verifier calculate g(x) locally as well and check that if g(z) = c;
  5. if not, the verifier disproves assertion c=f(z)

@diyahir
Copy link

diyahir commented Mar 25, 2024

This is great!

A just a thought experiment on the ability to credibly threaten to burn a deposit

Attacker: Unless we split your future UTXO, I will burn it

How to perform attack? You could threaten the user, and request pre-signs a split of the future utxo with progressive amounts of fees until the whole thing is burned, if the user tries to send in another tx with a higher fee (front run the attack), the attacker sends in another presigned tx with more fees until the result is a burned UTXO.

The best option for the user is to accept the terms of the split

Is this theoretically possible?

@niconiconi
Copy link

The problem for BitVM is any colluding prover&challenger can disprove any valid statement which covers the truth

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment