яobin linus
@robin_linus
Followers
15K
Following
13K
Media
114
Statuses
2K
Creator of https://t.co/k33cIjEcC3, zkCoins, and @ZeroSync_ PhD Student at @Stanford
Joined December 2015
BitStream: Decentralized File Hosting Incentiviced via Bitcoin Payments.
83
400
1K
We just broadcasted the first mainnet transaction having a Blake3 hash lock implemented in Bitcoin Script. One small opcode for BitVM, one giant script for Bitcoin.
62
258
972
I love the smell of slayed heroes in the morning. Keep slaying, my fellow paranoid cryptoanarchists!
49
70
652
Excited to share our work on BitVM bridges: A novel trust-minimized protocol to bridge Bitcoins to second layers. Huge thanks to @lukas_aumayr, @alexeiZamyatin, Andrea Pelosi, @zetavar1, and @matteo_maffei for their amazing contributions 🧡.
39
123
518
We may have discovered a way for BitVM to do permissionless verification, effectively overcoming its primary limitation!. Draft writeup:
30
87
509
We may have discovered a way for BitVM to do permissionless verification, effectively overcoming its primary limitation!🤯. If you're interested in helping us develop a Groth16 verifier using Bitcoin Script, please join the BitVM builders group
12
68
358
I will present BitVM at BitDevs Amsterdam tomorrow!.
The agenda for our special edition of BitDevs Amsterdam tomorrow, October 11 (14.00 to 17.00), is now up on our website. Please find it here: With @josibake @provoost @SomsenRuben @TomStammis . #Bitcoin #Amsterdam.
13
28
356
Great work by @weikengchen: We now have finite field arithmetic for the M31 and Baby Bear fields, as well as for their degree-4 extensions. These are the basis for implementing STARK verifiers on Bitcoin. Exciting times for Script research!.
14
57
301
A little diagram visualizing the drama-to-impact ratio of various Bitcoin proposals
37
61
326
Let’s activate CTV + CSFS. @JeremyRubin finally convinced me — he showed me a clever trick that drastically improves BitVM.
24
53
283
Combining BitVM with zkCoins accelerates Bitcoin from 7 tx/s to 100 tx/s. It can also enhance Lightning with cheaper shared utxos, LN-Symmetry, and covenants. No forks required!. Are you familiar with Plonky2? Please reach out! Let's boost bitcoin!!.🚀🌕.
16
42
257
It's time to admit to ourselves that we oversold Lightning to each other, presumably as a form of PTSD after the block size wars. Time to get over it. LN doesn't work for the masses. @renepickhardt, @brqgoo,. many smart people agree . Let's just activate covenants and build Ark.
#Bitcoin: A Peer-to-Peer Electronic Cash System. If it only/mainly works in a custodial setting and for professionals, then we are (according to the title) failing big times. While creating p2p ecash is hard I still belief we should aim for this and we will eventually achieve it!.
57
37
243
After months in the mempool, our Blake3 transaction has finally been mined, executing the most sophisticated Script in the chain to date. This marks a milestone in our mission of scaling Bitcoin through proof systems and BitVM. Big thanks to @MarathonDH for covering the fees!.
We just broadcasted the first mainnet transaction having a Blake3 hash lock implemented in Bitcoin Script. One small opcode for BitVM, one giant script for Bitcoin.
17
40
243
@PeterMcCormack This enables more expressive Bitcoin contracts. Particularly, it enables functionality that we thought we'd need a softfork for. It might enable trustless sidechains, but that's not fully solved yet.
11
11
241
OP_CAT fundamentally changes Bitcoin's nature, introducing a new attack surface that nobody fully comprehends.
44
36
239
Here's a diagram of BitVM's transaction graph to get a better overview of how it works under the hood
23
38
222
Last week, at the @SFBitcoinDevs meetup at Stanford, @danboneh introduced me to Winternitz signatures. These are more compact Lamport signatures and can cut the transaction fees for BitVM by more than 50%. Check out the first implementation here:.
9
43
230
Andrew Poelstra, Director of Research at @blksresearch, wrote an excellent explainer on Lamport signatures, which are the key mechanism underlying BitVM.
26
47
189
The OP_RETURN PR is both extremely inflammatory and largely inconsequential to the Citrea protocol—the very justification used for proposing it. How about we just close it? Leaving it open also contradicts the Core devs’ usual policy of not merging any controversial changes.
15
27
207
To all bitcoin developers, researchers, entrepreneurs, investors, speculators, podcasters, Twitter influencers, NFT artists, shitcoiners, scammers, spooks and feds: Merry Christmas everyone! 🧡.🎄🎅🎁🎄 🎁 🎅 🌟 ❄️ 🔔 👼 🍪 🧦 ⛄.
18
9
192
Stop simping for politicians.
10
13
187
@Yashraj__ @Rob1Ham This enables more expressive smart contracts on bitcoin.Particularly, it enables functionality that we thought we'd need a softfork for.
8
11
178
Realized the bit commitments I "invented" for BitVM are actually Lamport signatures which @JeremyRubin already told me about in 2021. Updated the BitVM white paper to add a proper citation of Jeremy's work.
7
20
177
Wondering why he deleted that post.
imagine if 99% of the population knew you could just edit HTML for screenshots.
15
19
160
I think I can safely say that nobody understands OP_CAT. What we do know, though, is that it fundamentally changes Bitcoin’s nature. Here’s how it enables token protocols on the base layer, paving the way for AMMs and introducing Ethereum-like MEV.
21
33
175
Imagine people were as passionate about activating OP_CTV as they are about debating OP_RETURN….
20
28
170
Anyone interested in a gig to implement sha256 in Bitcoin Script?. You can build upon the primitives we built for Blake3 (u32 arithmetic, bitwise XOR, bitwise rotations,. ).
15
36
159
BitVM does not enable trustless sidechains, however it does enable trust-minimized sidechains. E.g. having 1 prover and 100 verifiers. As long as there's at least 1 honest verifier then the peg is secure. Probably we can also have verifiers verifying the verifiers.
Some early comments on BitVM. 🧵. TL;DR: at this stage, BitVM is a generic "state channel"; that's powerful, but not enough to enable a 2-way peg (trustless sidechains). I'll also briefly compare it with MATT.
21
13
157
Let's ignore all the distractions and instead focus on finally activating covenants.
14
29
148
Here's a first sketch of a solution for the "1 prover vs n verifiers" case of running a BitVM. The multi-party setting enables much more interesting use cases. Still, it's not quite a trustless bridge for BTC on sidechains.
14
21
150
Had a great week researching BitVM2 with @matteo_maffei, @zetavar1, and their group at @SecPrivTUWien. It's an honor to build, break and improve bridges with excellent academic Bitcoiners like Andrea Pelosi, @lukas_aumayr, Christos Stefo, and @alexeiZamyatin. Thank you! 🙏
9
15
148
I overreacted and want to apologize to the @citrea_xyz team. Their engineers are making highly valuable contributions to the BitVM2 implementation, and I enjoy working with them on building bitcoin bridges.
7
16
147
Congrats to @czxbinance, the winner of our first Bitcoin Script coding challenge!! 🥳🤓🥳. Many thanks to the bounty sponsors @atomicalsxyz @alexeiZamyatin @0xkevinhe @alexlmiller 🙏. Here's Andrew's address: bc1qchtm4fqeqy0yup6la5utw7fpfvgz9r0xz5hu2m.
10
33
142
@DylanLeClair_ For BitVM we need a number of building blocks and the hash function is the most complex one. Now we have all the individual parts completed and just have to assemble them.
8
10
137
More cypherpunks getting excited about bridges.
9
6
134
Oh no, what did I do?! My notifications are full of Faketoshi fans now :(.
27
3
135
Exciting to see the first Ark transactions on mainnet!.
6
23
140
Since a few people asked me to summarize the CTV scriptSig trick for BitVM bridges, I wrote up a detailed post on Delving Bitcoin. TL;DR: no more committee, no more existential honesty assumption.
Let’s activate CTV + CSFS. @JeremyRubin finally convinced me — he showed me a clever trick that drastically improves BitVM.
5
29
132
CTV is too limited. TXHASH is much better for Ark and BitVM. E.g. BitVM enables bridges which guarantee safety and liveness of the peg, as long as 1 of N verifiers is honest. With TXHASH verifiers can join and leave at any time, non-interactively. So N > 1000 becomes possible.
13
22
115
Steven Roose just submitted a PR for TXHASH which is a great covenants proposal similar to CTV, but more expressive. Steven and @brqgoo designed it for Ark to solve some edge cases regarding fees, which wasn't possible with CTV. I strongly support TXHASH.
11
24
119
Impressive contribution by SuccinctPaul, peinlcy, Cyimon, and PayneJoe! .Very soon BitVM2 will be able to verify the first SNARK proofs on Bitcoin.
As @robin_linus said, the Snark Verifier script on Bitcoin is very important in BitVM2 (. Today we are thrilled to announce that the Zulu Network team has Open-Sourced the first ZKP Verify Code Implementation using Bitcoin Script! ⏫.It involves mainstream
17
30
87
This is a PR aimed at pruning that toxic waste from the UTXO set. Even the mere discussion of mitigations like these increases the risk for 'investors' who buy into that garbage. I strongly support this initiative.
13
19
112
@nikzh Stop that "can't even multiply numbers" FUD. It's sheer nonsense based on a misunderstanding of the paradigm. I bet you 1 BTC that you can run an entire CPU for a billion cycles.
8
3
109
I like covenants. However, the recent hype has been a bit too yolo for my taste. Thus I am trying to balance the discussion by exploring the design space of 'evil covenants':.
18
19
107
People ask me a dozen times per day, so here's my official statement:. Citrea does _not_ use BTC. Only tokens. They are planning to use BitVM when we've completed our implementation, but until then you cannot use it for Bitcoin transactions. Though I like their BitVM experiments.
1/7 Today, Bitcoin’s First ZK Rollup comes out of stealth. Introducing Citrea 🍊🍋. Citrea is the first rollup that enhances the capabilities of Bitcoin blockspace with zero knowledge technology.
5
17
101
If you're curious to learn more about how Bitcoin transactions work under the hood, here's a collection of 'hand-parsed' raw TXs, which helped me a lot to understand them more clearly.
3
23
94
Paul is right. The 42-byte drama isn't real actually. Ocean hardly mines any blocks at all. We're getting sidetracked. Let's better get back to discussing which softfork to activate in 2024.
Still no block. .
8
12
99
Bad news: @ajtowns broke the BitVM CTV trick .Good news: @JeremyRubin fixed it.
✓ script validated under consensus rules.Funding txid : dc7a6aeaa54560612e79e6d0dd5c5435d603a50bb634ee309c86e94fab41fa84.Funding tx :.
8
75
89
Calling op_cat a covenants proposal is like calling a hammer a screwdriver. Sure, you could use it that way, but wouldn’t you rather just use a screwdriver?. These half-truths only hurt the consensus process. Let’s focus on solid solutions like TXHASH or Introspection Opcodes.
5
15
94
Mein erster Bitcoin Vortrag auf Deutsch.
Mit Zero Knowledge Proofs (ZKPs) ein Decentralized Web auf #Bitcoin bauen? - BTC23 ft. @robin_linus .
5
6
91
@adam3us There's an essential difference between ZKCPs and BitVM. For a ZKCP the prover has to know the solution to the circuit upfront. E.g. You couldn't play chess in a single ZKCP. Maybe combining ZKCP with state channels might be more expressive?.
2
5
91
Make Bitcoin cypherpunk again.
zkCoins enables best-in-class privacy and scalability for self-custodial bitcoin.
6
12
93
It's funny — Altcoins like Ethereum are basically unregulated banks, dodging regulations with decentralization theater. But because more centralization means more efficiency, there’s a race to see how centralized you can get without getting busted — and Solana seems to be winning
@ethereumfndn So does Vitalik still have three supervotes or is it just one vote per board member? . And did he have three supervotes in Jan 2018 as Patrick seems to have said, or did he have a single vote, as Ming told him?.
8
23
97
A common misconception is that BitVM uses lots of block space for the huge Bitcoin Scripts. The key idea is to have these Scripts only to align the incentives such that you will never have to execute them.
@Only1temmy No, because it uses optimistic computation. BitVM will almost always settle in just a simple regular transaction. The unhappy path is unlikely because it will end very expensive for the dishonest party.
12
11
94
The BitVM project does not endorse any company. Be cautious of anyone claiming otherwise.
5
15
92
We've implemented Blake3 because that allows the BitVM to verify Merkle inclusion proofs. This way we can have sheer infinite memory.
6
9
86
Those NFT clowns are launching their new token scam this month. Explains why they are so desperately trying to stir up some drama by fabricating lies about legit projects. They're promoting shitcoins.
16
7
89
What if Satoshi wanted to hide his identity so badly he decided to get a court to declare that he isn't?.
17
2
87
Every podcast featuring Pieter Wuille reminds me of Twitter's Razor:. The more competent someone is, the more time they spend doing awesome shit, and the less time they have for shitposting.
5
3
89
Do you know any good beginner-friendly resources to learn Bitcoin Script?.
26
8
85
Do people really believe the WEF is clever enough to trick most of the world into following their agenda and at the same time they are too stupid to check Milei's Twitter before offering him a stage?.🤔
15
3
85
Once again, the EU is attacking the human rights of all Europeans.
📣Official statement: the new EU chat controls proposal for mass scanning is the same old surveillance with new branding. Whether you call it a backdoor, a front door, or “upload moderation” it undermines encryption & creates significant vulnerabilities.
1
17
85
The RISC Zero prover is now fully open-source! Take your existing Rust programs and generate zero-knowledge proofs with only minimal code modifications. 🔥🔥🔥.
Today, we’re proud to announce a major addition to zero knowledge public goods for the developer community. We plan to open source three technological innovations: High-Speed Recursion, Proof Composition and a STARK-to-SNARK Wrapper, all under the Apache2 licensing structure.
2
8
86
Cypherpunks in Berlin researching bridges and scalability. Can we create smaller proofs?. @lucidLuckylee @n1ckler @liameagen
Had a great week researching BitVM2 with @matteo_maffei, @zetavar1, and their group at @SecPrivTUWien. It's an honor to build, break and improve bridges with excellent academic Bitcoiners like Andrea Pelosi, @lukas_aumayr, Christos Stefo, and @alexeiZamyatin. Thank you! 🙏
5
5
84
Let's focus on facts, not fiction, when discussing proposals like op_cat. Informed decisions lead to better outcomes.
9
20
84
😺
if OP_CAT was re-enabled, the same technique could be extended to arbitrarily long byte vectors in order to use Bitcoin's non-arithmetic opcodes like hashes and signature checks.
11
9
75
Impressive optimization of field multiplication in BitVM, reducing worst-case fees by nearly 50%!.🔥🔥🔥.
We’re excited to share significant optimizations we’ve made in verifying field multiplications in Script, which reduce the SNARK verifier script used in BitVM by over 1.2 GB. Our new primitive TMUL has unlocked much more efficient ZK verification on Bitcoin. 1/
2
15
81
Don't get me wrong here: Lightning is great! Always still amazed when using it. The point is that it can't scale enough. And Ark is not a competitor but more of an add-on. Gives you all the advantages of Cashu but without requiring trust. All we need is covenants. Ideally, CAT.
It's time to admit to ourselves that we oversold Lightning to each other, presumably as a form of PTSD after the block size wars. Time to get over it. LN doesn't work for the masses. @renepickhardt, @brqgoo,. many smart people agree . Let's just activate covenants and build Ark.
11
3
80
Two years ago, I started working on universal computation on top of DLCs. However, you have to trust an oracle, which makes this approach inferior to a simple federation. However, I'm glad to see people trying to improve upon the BitVM design.
4
9
80
"Wizards" are highly skilled Bitcoin developers with deep knowledge of cryptography and security. Their excellent engineering and research are an inspiration to many. In contrast, frauds who call themselves "Wizards" to promote scams are as hubristic as pretending to be Satoshi.
5
10
81
Concretely, it allows us to get rid of the presigning committee, removing the existential honesty assumption for safety. Additionally, CTV simplifies various aspects of the protocol. Finally, CSFS reduces the cost by a factor of 10.
6
3
81
@BobMcElrath It is strictly superior. For a ZKCP the prover has to know the solution upfront.
1
2
78
With OP_CAT onchain transactions can be instant like Lightning payments.
This is a very cool use case of OP_CAT.
8
12
75
The developer bounty for SHA256 just got increased .🔥🔥🔥.
We will also support and offer up a developer bounty for a successful implementation of sha256 in native Bitcoin Script. 🔥 We contribute 0.05 BTC reward. We may double the reward as a bonus. After this task is done we have a follow up task that is similar and will offer a.
6
12
77
I have great respect for Super Testnet for always speaking his mind and also not hesitating to correct his statements when he said something incorrect 🧡.
5
5
78
It was a great pleasure to talk about BitVM and bridges at MIT Bitcoin Expo @MITBitcoinClub !. Here you can find the recordings. My talk starts around 3:00:00, PM sessions of day 1.
4
14
78
So exciting! The first activation drama that I am gettin personally involved in. These two guys with opposing opinions are both misrepresenting my opinion to make an argument for their own opinion. 🧡. I think we do need covenants but I am not pushing for CTV asap. TXHASH ftw!
13
8
66
Now we're at 0.2 BTC for the SHA256 bounty!! 🔥.
An efficient and usable sha256 implementation is a key building block for improving L2 bridge safety and rollups on #Bitcoin. @hirosystems loves anything that makes building on the Bitcoin L1 easier, so we're adding .05 BTC to the reward pool as well.
8
5
72
Es ist stark, was ihr mit @_einundzwanzig_ auf die Beine stellt und daher bedeutet mir eure Wertschätzung viel. Herzlichen Dank!. 💪🤓🧡.
Der EINUNDZWANZIG Verein hat sich zum Ziel gesetzt, optimale Rahmenbedingungen für die bevorstehende Hyperbitcoinization zu schaffen, insbesondere im deutschsprachigen Raum. Anlässlich der Wahl des neuen Vorstands spenden wir 5M Sats an den herausragenden Entwickler @robin_linus.
3
3
70
🤫shhh! @brian_trollz will kill me when he figures out that BitVM is just a workaround to enable bip300 🤣.
9
9
68
The BitVM will have a set of high-level instructions, which are similar to what @monautical calls a "jet leaf".
this transaction spends a taproot leaf script which implements a BitVM circuit component for adding two 31-bit unsigned integers. instead of hundreds of individual binary logic gates in separate tapleaves, this component rolls the whole operation into a single large "jet leaf".
3
5
70
Non-technical summary of the drama:. A vocal minority argues over whether Core or Knots is right. The sane majority believes we all got PsyOp'd and/or that it’s finally time to activate CTV. DISCLAIMER: This tweet was sponsored by the Central Committee for Softfork Propaganda.
What's your interpretation of this week's drama?.
8
10
80
Once again, the EU is attacking the fundamental human rights of all Europeans. Criminals can trivially bypass this "Chat Control", so it certainly cannot serve any purpose other than illegal mass surveillance of law-abiding citizens.
"Chat Control", the EU law proposal that could ban encrypted messenger services in the EU will return again this month. The bill is aimed at searching all private messages and chats for suspicious content (so-called chat control or child sexual abuse regulation). According to
2
19
65
Ark PoC in December 👀👀👀.
@roasbeef @robin_linus @renepickhardt PoC in December. (Let’s hope so). So far in closed development. We are figuring things out as we build it. Off-chain bandwidth at Visa-scale TPS:.270 kB per round per user. Some unroll math:. For capital requirements please see the Ark section:.
3
11
65
I'm starting to get what Luke means and begin to think he's right.
@oomahq @LaurentMT @ChrisMartl @robin_linus @FreedomIsntSafe @wokebutfocused @ocean_mining @SamouraiWallet Even when we roll out Sv2, miners still shouldn't mine spam. I would consider it largely a failure to decentralize if miners just ran Core with defaults.
6
2
64
"Some Day Peg: A crazy two-way peg bridging BTC to other chains." . Don't try this at home! And don't blame me, blame @brqgoo and @super_testnet! .
18
9
64
Probably even the most criminal Bitcoin users are saints in comparison to @SenWarren and her friends.
3
4
65