Kurchack

Yeah we had 10k, part of it still is pending after some discussion on Discord, and the $KAS price has been going lower so its 9.3k USD now. Also today we got more details / finetuning / confirmation on the package we are negotiating. It is a bit better then before, meaning we can be in London for more days and with more people. These 2 reasons make us promoting this once more.

The best way to understand Toccata is not that “Kaspa gets smart contracts.” That frame is too small. What Toccata really does is turn the UTXO into a programmable state cell without forcing Kaspa’s base layer to become a global computer. That distinction matters because in an account-based VM, contract state usually lives inside one shared execution environment. Every app competes inside the same global machine for execution, storage, ordering, and replay. Toccata takes the opposite route. It keeps Kaspa closer to Bitcoin’s UTXO discipline, but gives each UTXO enough introspection, identity, and proof-verification power to enforce real state transitions locally. KIP-17 is the syscall layer. It lets a script inspect the transaction trying to spend it: version, locktime, subnet ID, gas, payload slices, input and output counts, input DAA score, script public keys, amounts, and output structure. In plain terms, the coin being spent can reason about the transaction spending it. It can enforce that the next output recreates the same covenant, that the amount flows correctly, that the payload commits to the right data, that a spend path is only valid after a certain time, or that a malformed transition must be rejected. KIP-20 gives that local state continuity. Covenant IDs make covenant membership consensus-tracked instead of something an indexer merely infers after the fact. A covenant-labeled UTXO cannot just be forged into existence. It has to continue an existing covenant lineage or genesis-initialize correctly from a unique outpoint and committed authorized outputs. That means the application has an identity the protocol itself can police. Then KIP-16 adds the compression layer. "OpZkPrecompile" lets Kaspa verify proofs of off-chain computation instead of re-executing that computation on-chain. Groth16 gives compact verification, while RISC Zero-style STARK paths point toward heavier, more general verifiable execution. The base layer does not become the executor. It becomes the judge. That is the architecture Toccata is introducing: covenant-controlled state, consensus-enforced lineage, lane-aware sequencing, and ZK-verified computation, all anchored to proof-of-work. Not an EVM clone. Not DeFi pasted onto Kaspa. A UTXO-native verification layer where money becomes conditional, stateful, and provable without surrendering the base layer to a global VM.

since many (~4) asked me about the zcash bug - - - earlier this year I had this convo with a zcash core dev: zk: it's weird that kaspa is pruning past records me: why does it need to keep 'em? zk: the whole point of ledgers is to prove correctness of all state transitions me: the whole point of ledgers is to provide focal points for the consensus state zk: the whole point... me: hmm then why did you come work in zcash? you know the Sprout->Sapling counterfeiting bug zk: Turnstile guarantees that the counterfeit could have been very limited me: true but you still cannot prove or even reason about correct state transitions besides the total supply cap zk: that's actually a good point ---- the most hardcore cryptography coin is shifting away from correctness proofs to practical-enough proofs. I believe this is a step in the right+practical direction, yet the paradigm shift should not go unnoticed - -cryptography is giving way to consensus. if you came to zcash for cryptographic integrity, reconsider. there are many good reasons to root for zcash prospering. zcash is serving a more important role than bitcoin, whose utility for the original mission is by now blurry. cryptographic integrity is/should not be one of those reasons. ---- BTW the bug should definitely have been exploited. I don't know the personal values of Taylor Hornby, and I shouldn't be required to make the effort to learn them. I only know that if I found such an exploit, it wouldn't take me more than a few minutes to tempt myself into printing a longint amount of ZEC and deciding later what to do with it. I wouldn't necessarily use it to exit the pool immediately and corrupt the supply, I'd wait to see if some portion of the broken pool does not seem to migrate on time (probably lost funds), in which case I would not think twice before claiming the funds myself. you could argue that no harm done, and you might be right, but then again you are here -- in zcash / in crypto -- for its consensus dynamics, the ability to coordinate interests and convictions across different trust zones around some shared asset; not for some pristine mathematical integrity.