From acc05548f14d4c19d66a0accad6f61f9f6ce6e8a Mon Sep 17 00:00:00 2001 From: moonsettler Date: Wed, 27 Nov 2024 01:39:24 +0100 Subject: [PATCH] Add: Use for proving computation section --- bip-PC.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/bip-PC.md b/bip-PC.md index 12227ca6e1..287fc99ff2 100644 --- a/bip-PC.md +++ b/bip-PC.md @@ -120,6 +120,25 @@ ELSE ENDIF ``` +### Use for proving computation + +Merkle trees can be used to prove out computation where the root of the tree +represents the function and the leaves represent the inputs and output. There +are practical limits to the entropy space for the inputs as it needs to be +iterated over and hashed up. + +Currently MAST trees can cover 128 bits of entropy space, which is well over +the practical limits to iterate over and merklize. Therefore we assume this +capability does not materially extend what computations are possible to prove +out in bitcoin script. While `OP_PAIRCOMMIT` is not limited to a height of 128, +that should not be prectically feasible to utilize. + +There is a way to reduce the size of the witness for proving out computation, +by eliminating the merkle path inclusion proofs, using `OP_CHECKSIGFROMSTACK` +together with `OP_PAIRCOMMIT`. This method involves deleted key assumptions, +most likely using MPC to create an enormous amount of signatures for the stack +elements representing the inputs and the output of the function. + ## Reference Implementation A reference implementation is provided here: @@ -174,7 +193,7 @@ TBD ## Credits -Jeremy Rubin, Brandon Black, Salvatore Ingala, Anthony Towns +Jeremy Rubin, Brandon Black, Salvatore Ingala, Anthony Towns, Ademan555 ## Copyright