Add: Use for proving computation section

bitcoin · Nov 27, 2024 · c49bc72 · c49bc72
1 parent 43259a7
commit c49bc72
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/bip-PC.md b/bip-PC.md
@@ -120,6 +120,25 @@ ELSE
 ENDIF
 ```
 
+### Use for proving computation
+
+Merkle trees can be used to prove out computation where the root of the tree
+represents the function and the leaves represent the inputs and output. There
+are practical limits to the entropy space for the inputs as it needs to be
+iterated over and hashed up.
+
+Currently MAST trees can cover 128 bits of entropy space, which is well over
+the practical limits to iterate over and merklize. Therefore we assume this
+capability does not materially extend what computations are possible to prove
+out in bitcoin script. While `OP_PAIRCOMMIT` is not limited to a height of 128,
+that should not be practically feasible to utilize.
+
+There is a way to reduce the size of the witness for proving out computation,
+by eliminating the merkle path inclusion proofs, using `OP_CHECKSIGFROMSTACK`
+together with `OP_PAIRCOMMIT`. This method involves deleted key assumptions,
+most likely using MPC to create an enormous amount of signatures for the stack
+elements representing the inputs and the output of the function.
+
 ## Reference Implementation
 
 A reference implementation is provided here:
@@ -174,7 +193,7 @@ TBD
 
 ## Credits
 
-Jeremy Rubin, Brandon Black, Salvatore Ingala, Anthony Towns
+Jeremy Rubin, Brandon Black, Salvatore Ingala, Anthony Towns, Ademan555
 
 ## Copyright