Scaling Decentralization.

ZeroSync is spearheading the development of proof systems for Bitcoin. Applying groundbreaking cryptography, we are pioneering the future of Bitcoin scalability, interoperability, and privacy.

Learn More

Proof Systems

Introducing a game-changing compression technique.

Succinct zero-knowledge proofs (ZKP) promise a paradigm shift in blockchain scalability and privacy. While considerable engineering effort is underway in the Ethereum community to apply this technology, no similar investment has yet been made for the Bitcoin network. Therefore, ZeroSync was created to bring these proof systems to Bitcoin for the first time.

Proving hundreds of gigabytes of blockchain history is computationally expensive, but this compression results in a very compact proof. Once a proof is generated, an arbitrary number of nodes in the network can use it to sync with the network instantly. Proofs are succinct, regardless of the growing size of the chain. When the next block is mined, any prover can incrementally extend the previous state proof.

Proof systems play together well with Bitcoin's immutability. They allow to compress the chain and augment it with additional data structures, such as a UTXO set commitment, without requiring any consensus changes. Users can decide individually if they use a proof or conventional bootstrapping. ZKP systems offer great flexibility on top of Bitcoin's rigid base layer and introduce a range of novel applications for exploration.

ZeroSync's Mission

Pioneering the Adoption of Proof Systems in the Bitcoin Ecosystem.

At ZeroSync, our mission is to catalyze the use of proof systems in the Bitcoin ecosystem to improve scalability, accessibility, and privacy. Our main activities are:

  1. Creating a proof system to sync Bitcoin's chain state instantly. Additionally, a toolkit for developers to enhance existing protocols, applications, and services with ZKPs.
  2. Building a community around Bitcoin proofs by presenting the tech at conferences, by providing resources to get people engaged, and by collaborating with other projects in the space.
  3. Working towards the eventual integration of a ZKP verifier into the main layer of Bitcoin.

State Proofs

Sync a node instantly, without having to download hundreds of gigabytes of blockchain data.

Implementing a chain state proof is highly complex, so we are rolling it out in three consecutive stages. As of today, we have completed prototypes for the first two of them.

1. The Header Chain Proof

Similar to an SPV light client, the headers state proof verifies only the block headers, the proof of work, and the difficulty adjustments. Additionally, it augments the header chain with a Merkle tree over all block headers, which enables succinct proofs of inclusion for all blocks and transactions. This state proof is relatively simple, lightweight, and cheap to compute. It will be the first of our proofs to become production-ready.

2. The Assumevalid State Proof

Mimics the assumevalid option of Bitcoin Core. It verifies all Bitcoin consensus rules except for the transaction signatures. More precisely: All witness data is assumed to be valid. Additionally, this proof uses Utreexo to augment the chain with a UTXO set commitment. The team completed an initial prototype of this state proof in February 2023.

3. The Full State Proof

Verifies all Bitcoin consensus rules, including all witness data. Based on the assumevalid state proof, it also verifies all witness data. This is the most costly proof in terms of computation and it requires significant optimizations of the prover to become feasible. It will be the last to become production-ready.

State Proof Demo

Our first major application will be to broadcast state proofs from space via the Blockstream Satellite, for everyone to instantly sync the Bitcoin blockchain almost anywhere on earth.

Developer Toolkit

Enabling a next-generation ecosystem with powerful tools for Bitcoin developers to apply zero-knowledge proofs to their own products and services.

The ZeroSync Developer Toolkit (ZDK) allows developers with minimal domain expertise to integrate proof systems into the existing Bitcoin ecosystem. This enables a zk layer on top of Bitcoin. The following examples give an idea of the novel design space.

More generally, this toolkit can be used to develop more sophisticated off-chain applications, with improved scalability, usability, and privacy.

pip install zerosync

The toolkit is still early-stage and experimental, but you can already integrate our Bitcoin Cairo library into your own project using the Python package manager.

Long-term Vision

ZeroSync catalyses the process of adding ZKP systems to Bitcoin's main layer. A proof verifier on Bitcoin enables a variety of powerful new features such as validity rollups, trustless two-way pegs, or perfect transaction privacy. Our works on off-state proofs aim to explore this design space and help develop tools and best practices for future on-chain proofs.

A good candidate could be a STARK verifier written in Simplicity, if/when it is activated on Bitcoin. Experimenting with STARKs in Simplicity might be possible on the Liquid sidechain soon.

Tech Stack

ZeroSync is based entirely on free and open-source software.

STARKs and the Cairo Language

ZeroSync is based on STARK proofs, which are are relatively simple in comparison to other proof systems. STARKs rely only on hash functions and polynomials. No novel cryptographic assumptions are required. And most importantly, there is no trusted setup.

To implement Bitcoin proofs we are using the Cairo language created by StarkWare. We are working closely together with the developers of all STARK tools underlying ZeroSync. read more
  • We are using Giza, a free and open source STARK prover and verifier, based on Winterfell
  • To generate proofs on consumer devices we're using MiniSTARK, a GPU-accelerated prover
  • In the long-term, we might switch to StarkWare's open source StarkNet prover when it is published

ZeroSync Cairo Codebase

Our Cairo code base is available on GitHub, and offers various modules such as

“After years of frustration about slow syncing, users will be able to sync with the network much faster, and with less computation. It’s a technological leap akin to the transition from slow dial-up internet to high-speed broadband”
— Eli Ben-Sasson STARKs co-inventor and StarkWare president
“ZeroSync is first of its kind in the Bitcoin space, compressing the chain and producing proofs about processing its state in a light client manner today and as a full node in the future, enabling new ways to interact with Bitcoin. It’s an ambitious project which is led by a motivated and smart team that I had the luck to see take it from an idea that seemed extremely hard to a reality.”
— Kobi Gurkan Head of Research at Geometry
“ZeroSync is an amazing project tackling this design space.”
— Olaoluwa Osuntokun CTO and Co-Founder at Lightning Labs

About

We are a Swiss nonprofit organization developing public goods.

Board

The ZeroSync Association, based in the Swiss canton of Zug, is governed by a board represented as a multi-signature wallet with key holders who have earned a strong reputation in the field of Bitcoin or ZKP systems. The key holders' names are not public as a security measure and to preserve their privacy. If you consider sponsoring ZeroSync, they can contact you to reveal their identities.

Core Contributors

Robin Linus, Lukas George, Tino Steffens, Max Gillett, Andrew Milson

Sponsors

ZeroSync development is sponsored by research grants from

Partners

ZeroSync collaborates in projects with various industry partners

Media

Learn more about STARKs on Bitcoin

Publications and Articles

A selection of publications and articles about the technology and the project.

Presentations and Podcasts

Roadmap

Heading to production-grade Bitcoin proofs.

Our prototype is a strong indicator of the technical feasibility of a Bitcoin proof system. Now we want to bring this technology into the real world.

Improve Prover Performance

The fundamental bottleneck is the prover performance. Significant optimizations are required. read more
  • Switch to the cairo-rs runner, which is much faster because it is written in Rust, in comparison to the runner we're currently using, which is written in Python.
  • Use a STARK-friendly hash function for the recursive verifier
  • Implement Cairo builtins for sha256 and secp256k1. Also implement remaining builtins for bitwise, pedersen, ecdsa, ec_op
  • Use the Goldilocks Field to save memory and improve performance

Complete Bitcoin Consensus

We still have to implement some remaining Bitcoin consensus rules. read more
  • The sighashes (ALL, NONE, SINGLE, ANYONECANPAY, ... )
  • A script interpreter (implement all opcodes)
  • All payment types, Legacy: p2pk, p2pkh, p2sh, SegWit: p2wpkh, p2wsh, Taproot: p2tr; key path & script path spend
  • Schnorr signature verification

Security Hardening

Applying best practices to ensure the security of the proof system. read more
  • Do plenty of automated testing. E.g., use all static test vectors from Bitcoin Core. Also add fuzzing
  • Hire externals to perform code reviews and security audits
  • Run a public bug bounty program

Integration into the Ecosystem

Gradually rolling out the proof system for real-world use cases. read more
  • Integrate the header chain into a light client like Neutrino.
  • Integrate a full state proof into btcd or Electrum
  • Build a tool to sync a Bitcoin Core full node. Running a zerosync'd full node requires no modification of the code of Bitcoin Core. We just copy the UTXO set into Core's chainstate directory after verifying it. Ideally, this is combined with the new AssumeUTXO mode to sync instantly, while still having a backup check for the state proof.
  • Define a set of new network messages for Bitcoin's peer-to-peer network to share state proofs among nodes.

History

Growing from an idea into reality.