delvingbitcoin

Proving UTXO set inclusion in zero-knowledge

Proving UTXO set inclusion in zero-knowledge

Original Postby Adam Gibson

Posted on: September 24, 2024 20:53 UTC

The inquisitive nature of the query centers around the capabilities and limitations of utilizing aut-ct for proving aspects related to UTXOs, particularly focusing on whether it's feasible to demonstrate knowledge of a witness that would facilitate script execution for a UTXO.

The response delineates a clear distinction based on the type of spending public keys (sPKs) involved. For sPKs that are primarily constructed through logical conjunctions of keys or leverage elliptic curve (EC) arithmetic—akin to methods employed in Taproot tweaks—the possibility of generating proofs is deemed straightforward owing to their alignment with EC mathematics.

However, the scenario shifts significantly when considering sPKs that incorporate hash locks. Due to the inherent challenges associated with proving non-algebraic hashes, such as those produced by SHA2, within this framework, the feasibility of generating succinct and manageable proofs diminishes markedly. This challenge underscores the complexity of designing proofs for hash-based constructs within the aut-ct system, highlighting a notable limitation in its applicability. Consequently, the discussion implicitly advocates for the preference towards utilizing Taproot anonymity sets in examples, which align more closely with the capabilities of aut-ct, thus avoiding the cumbersome nature of proofs for hash lock-based sPKs.