Satoshi Scoop Weekly, 21 November 2025
🍨 Your weekly bite of the latest updates from the Bitcoin tech ecosystem!
Crypto Insights
OP_CIV: A New Attempt at Post-Quantum Signature Aggregation for Bitcoin
Bitcoin developer Tadge Dryja proposed the idea of OP_CIV (OP_CHECKINPUTVERIFY) to implement a post-quantum version of Cross-Input Signature Aggregation (CISA). Dryja noted that traditional CISA provides limited savings for elliptic curve signatures, but in post-quantum schemes, signatures can be several thousand bytes (especially for SPHINCS+, Dilithium), occupying over 90% of a transaction. The basic idea of OP_CIV is: A transaction input can prove its relation to another input in the same transaction, and by pointing to another input to say "that's the signature I'm using", without providing one of its own, thereby reducing witness data costs. The proposal is still in the conceptual stage and waiting for community feedback.
Related talk.
Discussion on Introducing OP_STARK_VERIFY in Tapscript
A proposal suggests adding an opcode OP_STARK_VERIFY to Bitcoin Tapscript for verifying bounded-size STARK proofs. Its goal is to validate zero-knowledge proofs on-chain while maintaining transparency and post-quantum security assumptions, without relying on temporary script encoding (like OP_CAT) or introducing numerous arithmetic opcodes. Current discussions show cautious or negative responses. Critics argue that while STARKs are mature and widely deployed (e.g., in Starknet), embedding them in Bitcoin’s consensus layer may conflict with its core principles: simplicity, security, and long-term stability. Key risks include:
- Consensus risk: Adding tens of thousands of lines of complex code for OP_STARK_VERIFY to core validation logic risks unrecoverable network-level failures if bugs appear.
- Economic risk: The verification costs of a STARK proof are not proportional to its byte size, potentially enabling resource-intensive transaction attacks that undermine decentralization.
- Long-term risk (protocol ossification): ZK technologies evolve rapidly; fixing a specific method in the consensus layer creates permanent technical debt and bloating.
The proposal suggests keeping such complex mechanisms at higher layers or considering introducing general, composable primitives rather than monolithic, application-specific solutions.
Nick Szabo: Bitcoin Is Not Magical Anarcho-Capitalism; Arbitrary Data Is Risky
Bitcoin pioneer Nick Szabo posted that anarcho-capitalism, as an abstract ideal, inspires innovation and motivated his involvement in the invention of cryptocurrency. However, in reality, cryptocurrencies are not trustless but rather trust-minimized. Bitcoin and similar layer-1 protocols can withstand more interference than centralized systems but still have technical and legal boundaries.
He also pointed out that past legal risks from the financial sector were relatively manageable due to trust-minimized design and the presence of lawyers familiar with financial law. Arbitrary data, however, introduces larger, harder-to-predict legal attack surface, and the crypto industry lacks sufficient legal expertise to handle it. He warned that imagining Bitcoin or any blockchain as a “Swiss Army knife” resistant to all government legal actions is insanity.
Starknet: Dual-Staked Rollup Model for Sustainable DeFi Domain
Starknet, in Bitcoin’s DeFi Domain, discussed its transition into a BTCFi hub and sustainable DeFi layer for Bitcoin. Since Bitcoin L2s emerged in 2023, BTCFi profits mainly came from token-incentivized liquidity programs, encouraging users to “park” funds in underutilized pools for rewards. Such incentives-based programs are unsustainable due to:
- Limited incentives
- No reliable long-term BTC deployment options, as users keep searching for new opportunities
Starknet proposed dual-staked rollups to address these issues, positioning itself as a sustainable DeFi layer for Bitcoin—where BTC can be actively used in economic activity, not just temporarily incentivized.
BATTLE for Bitcoin: DoS-Resilient Cross-Chain Bridge Protocol Based on UTXO
A research team recently proposed a DoS-resilient dispute layer for Bitcoin—BATTLE for Bitcoin to enhance the security of optimistic cross-chain bridges connecting Bitcoin with rollups or sidechains. The protocol adapts the BATTLE tournament protocol to Bitcoin’s UTXO model, using BitVM-style FLEX components and garbled circuits, combined with on-demand L1 security bonds. Disputes are resolved in logarithmic rounds while recycling rewards, keeping the honest asserter's minimum initial capital constant even under many permissionless challengers. The construction is fully contestable (challengers can supply higher-work counter-proofs) and relies only on standard timelocks and pre-signed transaction DAGs, without new opcodes.
For N operators, the protocol requires O(N²) pre-signed transactions, signatures, and message exchanges, but remains practical for N ≳ 10³, achieving high decentralization.
Vega: Low-Latency, Transparent ZK Proofs Built on Existing Credentials, Outperforming Some Trusted-Setup Systems
Vega is a zero-knowledge proof system that proves statements about existing credentials without revealing anything else. For a 1920-byte credential without trusted setup, Vega achieves 212 ms proving time, 51 ms verification time, 150 kB proofs, and a 436 kB proving key. Its efficiency relies on two principles: fold-and-reuse proving and lookup-centric arithmetization.
- Fold-and-reuse proving exploits repetition and folding opportunities:
- across presentations, by pushing repeated work to a rerandomizable precomputation
- across uniform hashing steps, by folding many steps into a single step
- (for zero-knowledge) by folding the public-coin transcript with a random one
- Lookup-centric arithmetization: extracts relevant values from credential bytes, both for extracting relevant fields without full in-circuit parsing, and to enable length-hiding hashing.
Check out the paper Vega: Low-Latency Zero-Knowledge Proofs over Existing Credentials.
Arcade Tokens: From Internal Tokens to Open, Composable Assets
a16z introduced a new token taxonomy covering seven categories, including network tokens, collectibles, and memecoins. One underappreciated but potentially promising category is the Arcade Tokens: tokens with relatively stable value within a specific software or product ecosystem, typically managed by the issuer (e.g., a company).
These tokens are essentially blockchain versions of familiar assets like airline miles, credit card points, or game currencies—internal currencies maintaining a closed or semi-closed economy. Traditionally, these operated on centralized databases, limiting user ownership, transferability, and user choice. On-chain, arcade tokens become open, interoperable, and composable, unlocking richer market design possibilities.
