Tom Howard

So what you can formally verify is that "this code meets all properties of this specification". Now a lot of the code we care about has very precise specifications. "This ZK-circuit is satisfied only if {these variables}, follow the exact scalar multiplication relationship". Now this often sounds odd on first pass. (1) How do you express the specification to the formal prover/verification? (2) Do you end up just ... rewriting the code to prove it, so your not actually proving your real code? (3) Did your spec account for everything. (1) We can make the spec something like this: ``` Given: leaf authentication path Output: root such that root = MerkleTreeHash(leaf, path) ``` And then we prove that "this R1CS circuit, if satisfied, implies that the prover's "leaf,path,root" satisfy `root = MerkleTreeHash(leaf, path)`. (2) We must compile our real circuit to the formal verification language. We can't just rewrite the circuit in the formal verifier, that wouldn't prove anything important. This is the huge unlock of AI, where this used to be months-to-year long tasks. Now its compressed to days/weeks. I was a huge FV bear until this year, for this reason. (3) this is always the issue. (Called out-of-model errors) Does your spec account for everything. In the case of Zcash circuits, I have high confidence we do at a spec level. If you understand whats happening, its actually quite simple in abstract terms. Just translating those hashes to efficient circuits is the hard part. There are millions of examples of out-of-model errors. To me the most famous one is KRACK attack: https://t.co/DmHDkwMiMe However FV has gotten incredibly clever. People have (imo shockingly!) expressed constant time, and memory safety into FV language semantics. What we need for circuits is all very simple in comparison.

False. Miners independently chose to suspend only Orchard pool txns, chain was working, other transactions always working. Major miners got access to patch first. Explorers each run their own RPC and did not get patch until after miners implemented (for security). This caused explorers to go offline as they got caught up to the patch the miners were already running. Exchanges now updating the patch that miners are running. Nakamoto consensus is working! Everyone decides to run new code on their own.

I meme a lot but i actually do think this pair continues to go up, zcash currently trades at lower than 1/100th of bitcoin's total valuation w/ better quantum resistant properties while privacy is becoming a popular narrative concerns w/ saylor as key man risk also materializing should be closer to 1/10th valuation, which would be ~.1zec per btc