On 19 July 2024, a transaction was successfully spent using a zero-knowledge proof on the BSV blockchain (BSV) mainnet.
A Zero-Knowledge Proof lets one party (a prover) who claims to know a secret, convince another party (a verifier) that the claim is valid, whilst not revealing the secret. Because of the hiding nature of ZKP, it can be used in many cases where privacy is desirable. More importantly, it can also be used as a building block to construct more sophisticated protocols.
In a blog post published on Medium, Wei Zhang (Research Director at nChain) explained that the BSV network successfully verified a Groth16 proof as part of a transaction validation.
Notably, this is the first time that this has been achieved on the BSV blockchain or any of its competing chains. This is a significant milestone for Bitcoin node implementations as it paves the way for smart contracts on-chain. Bitcoin, perceived as lacking computation capability, can now verify proofs that computations are done correctly via the BSV blockchain implementation. This approach to smart contracts not only offers scalability but also addresses privacy concerns over a public blockchain.
‘We chose to implement Groth16 because its characteristics are well suited to optimising transaction size, and therefore transaction fees. Groth16 has the smallest proof size among all SNARKS with a very efficient verification algorithm,’ Zhang said.
‘Our smallest implementation to date is Groth16 for the curve BLS12–381, which achieves a locking script size of 480KB and an unlocking script of 40KB. We chose to implement it on BSV as it supports large number arithmetic and has a default script size limit of 500KB on its mainnet. Moreover, taking advantage of the low transaction fee rate on BSV, we only paid roughly USD 0.015 for creating and spending the transaction.’
Zhang added that he and his team are now refining and improving our implementation to deploy recursive Groth16 on-chain. You can follow their progress on GitHub.
Recently, BitVM and StarkWare have made similar impressive announcements. StarkWare published a series of transactions that verified a STARK proof, while BitVM verified a SNARK proof.
The big difference is that all of these transactions were published on the BTC testnet (Signet) rather than the mainnet. They can be moved to the mainnet only if the network enables OP_CAT, an opcode that concatenates inputs. sCrypt was the first to implement Groth16 verification on the BSV testnet. Their 5MB verification script was improved by a hackathon entry ZkBaguette which reduced its size to 1.2 MB.
