How to apply recursive snarks for a fully scalable, fully private, currency

From the very beginning of bitcoin, people worried that it could not scale to the required size.

It does not scale because it is a massively replicated public ledger. Thus any real solution means making the ledger not public. Which means either centralization, a central bank digital currency, which is the path Ethereum is walking, or privacy. You cure both blockchain bloat and blockchain analysis by not putting the data on the reliable public broadcast channel in the first place, rather than doing what Monero does, putting it on the blockchain in cleverly encrypted form, bloating the blockchain with chaff intended to obfuscate against blockchain analysis.

I have for some time remarked that recursive snarks make a fully private, fully scalable, currency, possible. But it seems this was not obvious to everyone, and I see recursive snarks being applied in complicated convoluted stupid ways that fail to utilize their enormous potential. This is in part malicious, the enemy pouring mud into the tech waters. So I guess need to explain.

A zk-snark or a zk-stark proves that someone knows something, knows a pile of data that has certain properties, without revealing that pile of data. Such that he has a preimage of a hash that has certain properties – such as the property of being a valid transaction. You can prove an arbitrarily large amount of data with an approximately constant sized recursive snark.

A recursive snark is a zk-snark that proves that the person who created it has verified a zk-stark that proves that someone has verified a zk-snark that proves that someone has verified …

This explanation is going to require you to know what a graph, vertex, edge, root, and leaf is, what a directed acyclic graph is, what a hash is, what a blockchain is, and how hashes make blockchains possible. And what an sql index is and what it does, and what a primary sql index is and what it does. You need to know what a transaction output is in the context of blockchains, and what an unspent transaction output (utxo) is. Other terms will be briefly and cryptically explained as necessary. All the crypto shills must do the homework that they have been so egregiously neglecting, or else will be silently blocked. I am heartily sick of crypto shills confidently dumping scripts prepared for them by scriptwriters almost as stupid and ignorant as themselves.

A struct is simply some binary data laid out in well known and agreed format. Almost the same thing as an sql row, except that an sql row does not have a well known and agreed binary format, so does not have a well defined hash, and a struct is not necessarily part of an sql table, though obvious you can put a bunch of structs of the same type in an sql table, and represent an sql table as a bunch of structs, plus at least one primary index. An sql table is equivalent to a pile of structs, plus at least one primary index of those structs.

A merkle graph is a directed acyclic graph whose vertices are structs containing hashes

A merkle vertex is a struct containing hashes. The hashes are the edges of the graph. So using recursive snarks over a merkle graph, each vertex has a proof that proved that its data was valid, given that the vertices that its edges point to were valid, and that the peer that created the recursive snark of that vertex verified the recursive snarks of the vertices that the outgoing edges (hashes) of this vertex points to.

So, you have a merkle chain of blocks, each block containing a merkle patricia tree of merkle dags. You have a recursive snark that proves the chain, and everything in it, is valid (no one created tokens out of thin air, each transaction merely moved the ownership of tokens) And then you prove that the new block is valid, given that rest of the chain was valid, and produce a recursive snark that the new block, which chains to previous block, is valid.

A blockchain is a merkle chain and a reliable broadcast channel. In Bitcoin the merkle vertices are very large, each block is a single huge merkle vertex, and each block lives forever on an ever growing public broadcast channel. It is impractical to produce a recursive snark over such huge vertices, and attempting to do so results in centralization, with the recursive snarks being created in a few huge data centers. So we need to structure the data as large dag of small merkle vertices, with all the paths through the dag for which we need to generate proofs being logarithmic in the size of the dag.

A merkle patricia tree is a representation of an sql index as a merkle tree. Each edge of a vertex is associated with a short bitstring, and as you go down the tree from the root (tree graphs have their root at the top and their leaves at the bottom, just to confuse the normies) you append that bitstring, and when you reach the edge (hash) that points to a leaf, you have a bitstring that corresponds to path you took through the merkle tree, and to the leading bits of the bitstring that make that key unique in the index.

So a merkle patricia tree and the structs that its leaf edges point to is an sql table that you can generate recursive snarks for, which can prove things about new transactions to be added to that table. We are unlikely to be programming the blockchain in sql, but to render what one is doing intelligible, it is useful to think and design in sql.

So with recursive snarks you can prove that that your transaction is valid because certain unspent transaction outputs were in the sql index of unspent transaction outputs, and were recently spent in the index of commitments to transactions, without revealing which outputs those were, or what was in your transaction.

It is a widely shared public index. But what it is an index of is private information about the transactions and outputs of those transactions, information known only to the parties of those transactions. It is not a public ledger. It is a widely shared public sql index of private ledgers. And because it is a merkle tree, it is possible to produce a single reasonably short recursive snark for the current root of that tree that proves that every transaction in all those private ledgers was a valid transaction.

Oops, what I just described is a whole sequence of complete immutable sql indexes, each new block a new complete index. But that would waste a whole lot of bandwidth. What you want is that each new block is only an index of new unspent transaction outputs, and of newly spent transaction outputs, which spending events will give rise to new unspent transaction outputs in later blocks, and that this enormous pile of small immutable indexes gets summarized as single mutable index, which gets complicated. I will get to that later – how we purge the hashes of used outputs from the public broadcast channel, winding up with a public broadcast channel that represents a mutable index of an immutable history, with a quite a lot of additional house keeping data that tells how to derive the mutable index from this pile of immutable indices, and tells us what parts of the immutable history only the parties to the transaction need to keep around any more, what can be dumped from the public broadcast channel. Anything you no longer need to derive the mutable index, you can dump.

The parties to a transaction agree on a transaction – typically two humans and two wallets, each wallet the client of a peer on the blockchain.

Those of them that control the inputs to the transaction (typically one human with one wallet which is a client of one peer) commits unspent transactions outputs to that transaction, making them spent transaction outputs. But does not reveal that transaction, or that they are spent to the same transaction – though his peer can probably guess quite accurately that they are.

In the next block that is a descendant of that block the parties to the transaction prove that the new transaction outputs are valid, and being new are unspent transaction outputs, without revealing the transaction or the inputs to that transaction.

You have to register the unspent transaction outputs on the public index, the reliable broadcast channel, within some reasonable time, say perhaps below block height (⌊h/32⌋+2)*32, where h is the block height on which the first commit of an output to the the transaction was registered. If not all the inputs to the transaction were registered, then obviously no one can produce a proof of validity for any of the outputs. After that block height you cannot register any further outputs, but if you prove that after that block height no output of the transaction was registered, you can create a new unspent transaction output for each transaction input to the failed transaction which effectively rolls back the failed transaction. This time limit enables us to recover from failed transactions, and, perhaps, more importantly, enables us to clean up the mutable sql index that the immense chain of immutable sql indexes represents, and that the public broadcast channel contains. We eventually drop outputs that have been committed to a particular transaction, and can then eventually drop the commits of that output without risking orphaning valid outputs that have not yet been registered in the public broadcast channel.

So that the public broadcast channel can eventually dump old blocks, and thus old spend events, every time we produce a new base level block containing new events (an sql index of new transaction outputs, and an sql index table with the same primary of spend commitments of past unspent transaction outputs to transactions) we also produce a consolidation block, a summary block that condenses two past blocks into one summary block, thus enabling the two past blocks that it summarizes to be dropped.

Immediately before forming a block of height 2n+1, which is a block height whose binary representation ends in a one, we use the information in base level blocks 2n-3, 2n-2, 2n-1, and 2n to produces a level one summary block that allows base level blocks 2n-3 and 2n-2, the two oldest remaining base level blocks to be dropped. When we form the block of height 2n+1, it will have an edge to the block of height 2n, forming a chain, and an edge to the summary block summarizing blocks 2n-3 and 2n-2, forming a tree.

At every block height of 4n+2. which is a block height whose binary representation ends in a one followed by a zero, we use the information in the level one summary blocks for heights 4n-5, 4n-3, 4n-1, and 4n+1, to produce a level two summary block that allows the level one summary blocks for 4n-5 and 4n-3, the two oldest remaining lever one summary blocks, to be dropped. The base level blocks are level zero.

At every block height of 8n+4. which is a block height whose binary representation ends in a one followed by two zeroes, we use the information in the level two summary blocks for heights 8n-10, 8n-6, 8n-2, and 8n+2, to produce a level three summary block that allows the level two summary blocks for 8n-10 and 8n-6, the two oldest remaining level two summary blocks, to be dropped.

And similarly, for every block height of 2m+1*n + 2m, every block height whose binary representation ends in a one followed by m zeroes, we use the information in four level m summary blocks to produce a level m+1 summary block than enables the two oldest level m summary blocks to be dropped.

We summarise the data in the earliest two blocks by discarding every transaction output that was, at the time those blocks were created, an unspent transaction output, but is now marked as used in any of the four blocks by committing it to a particular transaction. We discard commits which refer to outputs that have now been discarded by previous summary blocks and have timed out, which is to say, commits in a level m summary block being summarised into a level m+1 summary block that reference outputs in the immediately previous level m+1 summary block. However if, a commit references an output that is now in a summary block of level greater than m+1, that commit has to be kept around to prevent double spending of the previous output, which has not yet been summarised away.

We produce the summary block of past blocks just before we produce the base level block, and the base level block has an edge pointing to the previous base level block, a chain edge, and an edge pointing to the just created summary block a tree edge, a chain edge and a tree edge. And when we summarize two blocks into a higher level summary block, their chain and tree edges are discarded, because pointing to data that the reliable broadcast channel will no longer carry, and the newly created summary block gets a chain edge pointing to the previous summary block at the same level, and tree edge pointing to the previous higher level summary block.

We have to keep the tree around, because in order to register a commit for an output in the blockchain, we have to prove no previous commit for that output in any of the previous blocks in the tree, back to block or summary block in which the output is registered. Only the client wallets of the parties to the transaction can produce a proof that a commit is valid if no previous commit, but only a peer can prove no previous commit. Once all the necessary commits have been registered on the reliable broadcast channel, only the client wallets of the parties to the transaction can produce a proof for each of the outputs from that transaction that the transaction is valid. They do not need to publish on the reliable broadcast channel of what transaction that was, and what the inputs to that transaction were.

So we end up with the blockchain only carrying order log(h) blocks where h is the block height, and all these blocks are likely to be of roughly comparable sizes to a single base level block. So, a blockchain with as many transactions as bitcoin, that has been running as long as bitcoin, will only occupy a few dozen megabytes of disk storage, rather than near a terabyte. Bitcoin height is currently near a hundred thousand, at which height we will be keeping about fifty blocks around, instead of a hundred thousand blocks around.

And when it gets so big that ordinary people cannot handle the bandwidth and storage, recursive snarks allow sharding the blockchain. You cannot shard the bitcoin blockchain, because a shard might lie, so every peer has to evaluate every transaction of every shard. But with recursive snarks, a shard can prove it is not lying.

59 Responses to “How to apply recursive snarks for a fully scalable, fully private, currency”

  1. Patrick McDonahey says:

    Any crypto that must store every single transaction since inception… will not succeed.
    Any crypto that is entirely public, with no client capability for resulting in private anonymous transactions… will not succeed.
    Any crypto that cannot sustain at minimum 5kTPS… will not succeed.
    Any crypto that requires the sender to be online with the recipients… will not succeed.
    Any crypto that is not simply cash, or has any form of “governance”, etc… will not succeed.

    Bitcoin and BTC+LN… will not succeed.

    Most other projects are pointless, but there are now a small number of other p2p electronic cash projects out there worth tracking, and even buying on prospective of 10yr timeframe, just as BTC did.

    I’ve not sold out of BTC, but have bought 10yr eqivalents in them, for pennies on the dollar.

    BTC/LN will not succeed because they do not posess the necessary properties of P2P Electronic Cash plus offline transactions. Nor have they proposed any viable solutions to meet those realworld demands. And there are all sorts of monkeyworks in the middle.

  2. A2 says:

    Is this paper of any interest, by the way? PDF is free at the time of writing.

    “We introduce Lurk, a new LISP-based programming language for zk-SNARKs. Traditional approaches to programming over zero-knowledge proofs require compiling the desired computation into a flat circuit, imposing serious constraints on the size and complexity of computations that can be achieved in practice. Lurk programs are instead provided as data to the universal Lurk interpreter circuit, allowing the resulting language to be Turing-complete without compromising the size of the resulting proof artifacts. …”

  3. Mister Grumpus says:

    Word’s getting out about Xwitter becoming the GAE WeChat, and thus the GAE Retail Bank, and thus the GAE Panopticon.

    Yet anyone with the chops to pull this off also knows what a “panopticon” is, and what a “zero knowledge snark” is.

    So what happens next? And is this Elon trying to serve the GAE to buy himself some more time? He sure doesn’t need the money.

    • Pseudo-Chrysostom says:

      An everythingapp could theoretically increase the GAE’s capacity for tyranny; but like many other things that theoretically increase the GAE’s capacity for tyranny, it is dependent on Musk’s leadership in particular.

  4. cub says:

    Is it possible to keep ETH decentralized while retaining PoS? Or is another consensus mechanism necessary?

    • jim says:

      Sure it is. But they don’t want to.

      • cub says:

        Are you saying that the ETH developers don’t want to implement a technical solution to combat centralization, or that the current ETH whales don’t want to relinquish their voting power? If the former, what is the solution?

        • jim says:

          The current ETH whales should have voting power, and supposedly do, but they do not.

          So, since proof of stake has been coopted, I propose a new term, proof of share, to do what proof of stake was supposed to do, but does not do.

  5. WW2? says:

    Off Topic: Dropping the atom bombs was unnecessary to end the war with Japan

    Vox Day brought up something I’d never heard before:

    With supporting evidence:

    Claims the Japanese had been trying to surrender for 8 months with basically the same terms that were eventually accepted. The US dropped the A-bombs not to end the war but to demonstrate imperial strength to the rest of the world.

    This feels accurate; WW2 was a religious war, and enemy faiths are not allowed to remain. Plus there’s precedent; the Northern Progs wanted utter subjugation of the South in the US “Civil War”.

    Wondering if anyone more versed in the facts can weigh in on the NRx perspective.

    • jim says:

      Until the Emperor in Cabinet gave the word, Japanese were unable to surrender, because making peace requires cohesion.

      There were substantial elements of the Japanese government that had been trying to surrender for eight months, just as there are elements of the Ukrainian and American governments that have been trying to agree to Russia’s terms for eight months. And did agree to Russia’s terms only for the terms to be ignored. It is not so much that there was conscious intention to break the agreements as that the Global American Empire lacks the cohesion necessary to make peace.

      But these Japanese elements did not have the upper hand, and feared being shot by the die hards. In order to surrender, the emperor in cabinet had to agree to it. Normally the cabinet came to consensus and normally the emperor rubber stamped the consensus of the cabinet. But the cabinet would not come to consensus on peace, even after the nukes were dropped, so the emperor was forced to exercise imperial prerogative, which he very seldom did. It was an extraordinary act, a reassertion of seldom exercised imperial prerogative. And when he finally did lay down the law on his fractious cabinet, elements of the military dropped in on the palace to have a little chat with him, resulting in a whole lot of bullet holes in the palace.

      In order for peace on severely unfavorable terms to go through in the face of determined opposition by a large cabinet faction, the emperor had to exercise imperial prerogative over cabinet dissension and put down a coup.

      The Japanese had captured a pilot, who knew absolutely nothing about nukes, but, under torture by his interrogators, confabulated a huge number of nukes rolling off the assembly lines, being delivered to bases, and the bombers being retrofitted to carry them, being prepared for a mass bombing campaign, because that was what he was familiar with. (In fact each bomb dropped on Japan was a unique experiment hand made by the world’s greatest scientists.) This was reported to the cabinet, that hundreds of nukes were coming and had shown up in large numbers at the airfields, and they still did not agree to surrender.

    • Pax Imperialis says:

      I do not understand the American fixation on the use of nukes during WW2. It was completely proportional to strategic bombing operations at the time. In that regard, the use of nukes was completely normal. Almost no one fixates on the bombing of Dresdan, Toyama, etc which points to cognitive dissonance. Almost no one outside of America cares about the bombing, nuclear or not, either. It’s not like this is an ideological fixation either. Both the American left and right get autistic about it.

      What was completely abnormal about WW2 was the sheer number of bizarre strategic decisions made, likely due to FDR’s international political designs. The Philippians was a complete shit show both in the defense and the liberation. Outright treachery and incompetence by US Generals leading the failed defense was rewarded with Medals of Honor. Later in the war, the US could have simply bypassed the Philippians and gone straight to Okinawa and started the embargo and bombing of Japan a year earlier. Similarly, the US could have bypassed North Africa and taken the nearly defenseless Sardinia and gone straight to Southern France and Italy. There are many other curious decisions that were made during the war that are still shrouded in secrecy, but talking about them often gets seen as conspiracy theory nutjob stuff even though it’s in official US military records and analysis of the time.

      • Pseudo-Chrysostom says:

        FDR worked very hard to make the world safe for communism.

      • Kunning Drueger says:

        The fixation on nuclear weapons, both as a conversational topic/memeplex in the modern era, as well as the organic response to the bombs being dropped on Hiroshima and Nagasaki, arises from the mythology that was constructed to deal with the psychological peril that was introduced when the bombs were dropped. American Society was being rapidly internationalized in a way that had not happened, and specifically not prior to their massive economic expansion. those bombs made a lot of people feel very strongly, in ways they could articulate and apply, but also in ways that they had no capacity to apply, making it akin to a hot poker resting inside your orbital cavity; whatever was going to be done needed to be done quickly. So The managerial revolutionaries used the power of the atom, in a sense, to completely subsume the governmental apparatus of the bureaucracy. The warriors, and this is a very diverse group of people which I am sure you can appreciate, did not really internalize nuclear weapons in a way that could operationalize their inherent desire for status and domination in society. The warrior class took a back seat to the managerial class because the managerial class effected control over the scientific class, who was rightly seen as the most fearsome, capable, and unstoppable appliers of for e in history, using nuclear anything, as well as the plethora of other massive scientific advancements. very quickly on the heels of this, social and ideological changes were instigated, all on the “heat of formation” energy. when warrior Elite, and other elites I imagine, started to Cotton on to what was happening, the managerial elite was more or less ready with a never-ending series of crusades that required the superpower of science. so nuclear weapons must always be the fixation for Americans, as it is what ostensibly makes us the rulers of the world while the understanding thereof is the greatest embarrassment to the country, because we let a bunch of accountancy faggots take over society in a completely stoppable fashion.

        I think it is more than fair to note that the formerly agrarian, formerly isolated, formerly blissfully unaware Americans of the 1940s were just not prepared for what those science experiments unleashed. though much else is talked about in the context of what America is and who Americans are, I think Hiroshima and Nagasaki are probably the most critical single influences on perception in the United States, for a whole host of direct and indirect chains causal factors.

      • TheDividualist says:

        No one expected Japan will surrender. Nukes made them. At least one has to concede that it had great psychological effect.

    • Aidan says:

      Not really. Japan was not “trying to surrender”. Its cabinet of six was deadlocked on whether or not to surrender. Three said surrender, three said keep fighting. So the war continued as usual. One of the war faction said he would flip if good terms could be guaranteed. So they reached out to the USSR (under neutrality pact) asking Stalin to mediate a potential surrender. Stalin was not interested, and instead decided to break neutrality and attack Manchukou. Then the US dropped the bombs. After these two things happened, someone from the surrender faction asked the Emperor to tiebreak the deadlock, and the emperor chose surrender. Not all that useful debating whether it was the nukes or the USSR that spurred the cabinet to take the matter to the emperor.

  6. User481 says:

    You have used three Merkle-type terms here. Only one appears in the literature, the Merkle tree. It appears to me then that you are applying the the idea of a Merkle index to other types of graphs, where:

    Merkle chain* ⊂ Merkle tree ⊂ Merkle directed acyclic graph (DAG)

    Merkle chain example: Bitcoin blockchain*

    Merkle tree example: The Bitcoin transactions in a single block

    Merkle DAG example: Hedera Hashgraph

    Is this correct?

    *ignoring temporary blockchain forks for simplicity

    • jim says:


      It is odd that only “Merkle tree” appears in the literature, since the set of bitcoin transactions form a merkle dag, and that is the biggest and most important use in the world of a graph whose edges are hashes.

      Satoshi confusingly used the term “timestamp server”, that being the major use in his time of a graph whose edges are hashes, but, of course, what he proposed was not in fact a time stamp server.

      Further, a merkle tree is seldom useful unless its leaves are merkle dags, which they usually are. If the literature does not use the term, so much the worse for the literature. They should. And I expect, will.

  7. Chad Boomer says:

    [*not funny*]

  8. SJ says:

    Here’s an article about the shortage of construction workers;

    I was chatting with some construction Mexicans while at work the other day. The guy with the shovel digging a hole was making $40 an hour. Of course none of us raised in the GAE culture would go work hard digging a hole in triple digit heat because none of us have chaste and obedient wives and children to work hard for. Of course his wife was pregnant with his third child and he was twenty three.

    The end of the article is quite hilarious,

    “More money is going to need to be spent on training additional workers, bringing people into this industry,” Vankudre said. “Because otherwise we are going to hit a point in the future where we’re just not building the things we want to, not because we don’t have the money, but because we don’t have the people.”

    Gee we don’t need actual production guys, we just need more money! If we only have more slips of paper to somehow create more training for the nobody that wants to do this work. Then we could make more paper to give to the no one to do the work we want done.

    I got into it last week at work. As you all know my work is now run by an “AI” program, Dave, which has tiny minute steps for everybody to do everything and it is continually growing. Of course it doesn’t work. Here’s another example. We closed a building and no longer use the building. Dave thinks we still lease it and use it so Dave orders people to go to the building and do things. Because the straight white men who created Dave have all been fired, immediately after they finished Dave, and replaced with gay trans niggers and massively obese single moms, no one knows how to make Dave understand that we don’t own that building anymore and there is no equipment in the building. Dave is very upset that nobody is going to the building and scanning their badges anymore.

    Anyway the executives know that Dave is perfect and will increase production, except it has decreased production. We used to be able to just lie and trick Dave enough for people to get their jobs done which has caused the executives to triple down on Dave. Now production is massively down, like actual production is down approaching 15%, but Dave is reporting that production is actually up about 15%. Dave is reporting that we have all these goods that simply do not exist. These numbers are being reported in the earnings report and the stock price is doing great.

    I’m not even going to get into the fight I had with an executive moron Friday but he told me that Dave literally can’t be wrong because it is an artificial intelligence and it doesn’t know how to lie. I attempted to explain to him that actual real production has nothing to do with Dave compliance, but the executive is of course a total clueless moron. It boggles the mind that people this stupid are now in charge.

    So we are transitioning into creating numbers in Dave rather than the product we actually are supposed to make. At what point does this all collapse? I guess if we just print more money then construction workers will magically appear, just as if we change the numbers in Dave our product will just magically appear. Maybe if we all become lawyers and create more and more billable hours like anonymous fake we can trade all the receipts for anything we could ever want.

    • Mayflower Sperg says:

      “Given we can’t produce more workers in our own country, it makes sense that we would have to find them from other places.”

      Then do what Dubai does: You come, you work, and when the job’s done, you go back home to Bangladesh. Anyone who overstays gets arrested, deported, and barred from entering the country for many years.

      If you’re that ditch-digger and Joe Biden says, “Hola amigo, you’re a citizen now!”, say “muchas gracias” but keep your family in Mexico. If you bring them to the USA, they’ll quickly naturalize and sterilize, with your daughters becoming sluts and your sons slackers.

    • Adam says:

      The modern merchant does not really seem to understand cooperation. At my workplace when I started, the owner was dead set on having one man run material on a certain machine. So one guy feeds the machine then walks around and unloads it. It took some time but I was able to show him if you put one guy one each end, loading and unloading, the machine never stops, and two guys can run three times the material in half the time of one. Plus you free up the machine, and the machines around it that share the space.

      The ability of even the above average to solve pedestrian logical problems has crashed through the floor. Even in small companies, even in construction, there is an extreme lack of order and uniformity. Guys don’t even talk like guys anymore, they talk like women and fags. Men take to order like a duck takes to water. But finding someone who can give and take orders is very rare. I can’t imagine what it’s like in corporate America.

      As far as the Mexicans, another generation and they will be completely converged. They may have the benefit now of the rural effect, where parents and grandparents and families are tight knit and apply a lot of social pressure to marry and stay married, but that won’t last long. All the 8s and 9s are making it into their 30s childless and unmarried.

      I hate to black pill, and I do have faith and hope, but it is getting harder by the day to imagine a future in the west.

      • Your Uncle Bob says:

        At $40 an hour for unskilled manual, I guarantee that Mexican beat out an Amerikaner willing to do that. I know young guys doing tougher work for less.

        We’re at a weird point where customers, stockholders and chamber of commerce pillars of the community positively like seeing likely illegals working on their projects. It makes them think they’re getting a deal.

        On the other hand, and in support of Adam’s point, in my work now I do get a general impression of a generational oppositional defiance disorder. Tell a first time worker to do something, or how to do something, or why something’s done a certain way, or even the easiest best way for them not the company to do something, and some of them do some random other thing instead. You can’t even reverse psychology them because it’s not the opposite, it’s entirely off at an angle.

        But before I go full boomer on this topic, I ask myself how they got that way. Told to stay inside, sit down, shut up and sit still by nice white liberal schoolmarm teachers for 12 or 16 years, and drugged into compliance if they’re too fidgety. Passive aggressive “not gonna, can’t make me, but I’m not gonna come out and say so” is all some of them have left.

        And despite that, pay enough and some of their generation get it together after all. We do have some younger Amerikaners coming along, and my field is still white first, Mexican second with a gap, black third with a bigger gap.

        I know the full solution is status and virgin pussy, but “pay the man” plus a dose of closed borders is still the easiest partial solution. And yet, our elites can’t bring themselves to accommodate even the easy partial solution. Gotta FIREize everything, gotta bring wages down to fight inflation.

      • Magnus says:

        *terrible advice deleted*

  9. alf says:

    I’ve nothing useful to comment about the post.

    But, seems as good a time as any for some housekeeping with regard to the blogroll. My suggestions:

    GraveLord NRX – dead link.
    Bloody Shovel – dead link. I don’t think Spandrell has an active blog?

    Mencius moldbug – Pretty nice site.
    Aidan’s new blog –

    Am I missing anything? Maybe Igor Chudov’s substack because of his contributions to covid? I’m not a regular enough reader of his stuff to make that call though.

    • jim says:

      Thanks for the reminder. I have been neglecting the blog roll.

      Chevauchee is great stuff, and Igor Chudov is full of useful scientific information.

  10. deltahedge says:

    The concept of recursive stark proofs is already done by starknet:

    I didn’t fully get your approach but how it differ from that? Just the privacy aspect (utxo + new transactions)?

    • jim says:

      They enable the record of who transacted with whom to be discarded from the reliable broadcast channel, but it still gets sent out to everyone in the clear.

      Also, because they are generating proofs about material that is not organized to make it suitable for generating zk-stark proofs, needs big memory and big machines, leading to centralization. Everyone can cheaply evaluate the proof that the transactions were valid, without needing their own copy of the transactions, but the proof is expensive thus is apt to be produced by a few big centralised players, leading to dangerous concentration of power.

      Their system generates proof that they evaluated other people’s transactions and found them valid. This is the wrong way. Inefficient, wastes bandwidth, concentrates power. The parties that transacted should generate the proofs that each of them transacted honestly and correctly, without broadcasting their transactions.

      Each client wallet should prove its money was honestly acquired from other client wallets that honestly acquired it, No need to broadcast on the reliable broadcast channel how much, or which client wallets. No one should be evaluating other people’s transactions for correctness. Waste of disk space and bandwidth. Scaling problem, privacy problem. Unnecessarily complicated and indirect. It is a wart growing on a wart.

  11. Chad Boomer says:

    [*not funny*]

  12. Jatt Aryaa says:

    [*link to propaganda deleted*]

    • Jatt Aryaa says:

      True, without the ability to larp as Vedic – whites have nothing left.

      Anything that attacks their self-esteem at such a critical juncture is enemy propaganda.

      The idea that the Indo Aryan languages don’t directly descend from Vedic Sanskrit, but something older is nevertheless interesting.

      Btw, Indus Valley wasn’t dark skinned or south Indian. The closest genetic distance is with Pashtun or Baloch ie loe steppe, low Indian HG, High Neolithic Iran.


      • Fidelis says:

        Who the fuck is funding this particular breed of shill. It’s such an odd script to be running.

      • jim says:

        > The idea that the Indo Aryan languages don’t directly descend from Vedic Sanskrit

        Is nuts.

        When you go further and further back, trying to reconstruct the ur ancestor of languages, there is a lot of noise in your model fitting, so highly motivated reasoning can produce any result one wants for the extremely distant past. It is like seeing flying saucers in the clouds.

        The cities of Bronze age India burned and were flattened at the same time as the cities of Bronze Age civilization in the west and in the middle east burned and were flattened. The old writing was completely lost in India, and barely survived in the West, so, invasion. Which invasion we can now trace in remarkable detail by the genetic evidence. Bronze Age India was flattened by people who originated a few hundred miles from where the people who the people who flattened western Europe originated. The two branches took two separate paths, eventually meeting again in India.

        If you track language ancestry, it duplicates the results you get by tracking genetic ancestry.

  13. Prince Prostate, Ph.D says:

    As a loud and proud gay man, I applaud the NRx plan to ban all pornography everywhere.

    [*deleted for being gross, disgusting, and obscene*]

    • jim says:

      That was quite funny, and what you are parodying is far too real. But also stomach turning.

      • Mayflower Sperg says:

        Would you support a ban on gay, interracial, and cuckold porn?

        • Prince Prostate, Ph.D says:

          Just my position:

          Gay and tranny stuff should be prohibited. The original funny post’s position was that banning straight porn and imprisoning straight men for possessing it may indeed drive some unfortunate men, particularly if they are involuntarily celibate, to the arms of faggots; I explained in somwhat explicit detail who precisely would benefit from preventing men from alleviating sexual frustration by jerking off to the boobs and vaginas of naked women on the internet. Hint: faggots are just waiting for a ban on regular porn to transpire, because they seek to be the sole sexual outlet for miserable men who don’t get laid. I think the post was hilarious and conveyed the idea eloquently and forcefully, but I understand why Jim wouldn’t want that on his blog. Obviously gay and tranny stuff should be banned.

          As for interracial and cuckold stuff, I don’t know if a full ban is necessary – participation in obviously degenerate and unnatural activities (such as filming a nigger fucking your wife) should be deemed low status, and disqualify participants from the priesthood and state positions.

          • jim says:

            > I think the post was hilarious and conveyed the idea eloquently and forcefully,

            Indeed it did. But obviously, unsuitable for this blog, being evidence by example for banning gay porn.

            Yep, just looking at it, one is instantly in favour of banning it. Viscerally digusting. But I don’t want my audience to be instantly in favor of banning this blog.

          • Kunning Drueger says:

            How funny are we talking here? Was it wildly hilarious with disgusting terminology, or was it moderately titillating while drowning in scatological largesse and the sodomite tendency toward incalculable extremity?

            • jim says:

              He was playing a homosexual who is utterly unaware of how completely disgusting he is. Which would be amusingly absurd, if not for the completely disgusting part.

  14. The Count of Montecristo says:

    So does the new uber private and scalable blockchain implementing this make Bitcoin obsolete long term? Also, since everything rolls up into one public index for all the private data, what is the consensus algorithm of that final piece? PoS, PoW or something else? Is that a completely orthogonal issue, or am I missing the implications of what is stated here.

    • jim says:

      Recursive snarks allow sharding. For bitcoin to transition to this, has to introduce shards based on recursive snarks, while the main chain continues as it always has. People then slowly move to the shards. It is doable. To do it, they just have to add validation by recursive snark to their existing contract validation script. They don’t have to turn the existing chain into something completely different. Just add a little door whereby bitcoins can move to recursive snarks and then be moved around on the shards, without ever more data going on the mainchain.

      Proof of consensus is another issue which deserves another post. And it is going to be similarly technical. It is a big issue.

      Proof of work has got to go. Recursive snarks allow all sorts of other proof mechanisms. Filecoin is biggest example, but their proof can only be passed by full sized computers dedicated to their blockchain.

      What you really want to know is how many real users are relying on one transient fork, rather than another, and you get Nakomoto consensus by everyone switching to the biggest transient fork. So, what is a real user? We don’t want an army of shills and sybils, the Hedera problem, but neither do we want a handful of miners with giant data centers and their own power stations, which is the Bitcoin problem (which Monero has substantially fixed, but I doubt that the fix would survive becoming as big as Bitcoin, not that Monero can become as big as bitcoin because of scaling problems.

      So, proof of presence (a real user is synced with the blockchain and his machine responds to requests for data) which is more or less the Filecoin proof of spacetime mechanism), or proof of shareholding. (A real user owns a lot of the primary token of the blockchain, and is represented by a peer that has proof of presence.)

      Going to promote this into a post titled Nakomoto consensus. If you thought this post was rough going, you will likely think that post will be also.

  15. Chad Boomer says:

    Monero was a bust, so I dumped it. Met with a few associates last night at a place called El Hefe on the East side. We cooked up a bitcoin scheme of our own. Gonna call it AlphaCoin! Used the Monero score to seed our initial investment. I was wearing a pair of Tony Lama ostrich steel toes, Roper full length black leather blazer, and $2K wool Stetson. Lost track of how many tequila shots I had after 13. Willie Nelson was playing and we were invited backstage to smoke some dank herb. Kunning Drugger showed up so we made him shine our boots while we bent his chick over. Later Willie let me smash one of his guitars on stage. Woke of the next morning feeling fresh as fuck and did 30 minutes on the stairmaster.

    • Fred Green says:

      Hi all. I hate blacks and women as much as the next person, but I think we should cool it off with any mentions of voter fraud, since this undermines the democratic values which made our nation so great in the first place. I also think we should focus our grievances into the polling station. Think of this stuff like a pendulum, it will eventually swing back around and we will have our turn. This is what is great about democracy. Peace out. 1488, brothers. Don’t forget to follow Fred & Chloe Green podcast on YouTube, rising stars of the alt-right.

      • jim says:

        Allowing this through, but on the internet is difficult to tell sarcasm from genuine insanity.

        • FrankNorman says:

          Given that he shows up out of the blue and starts going on about voter fraud in the middle of a conversation that had literally nothing to do with that, I’d guess either a troll or a shillbot.

          • C4ssidy says:

            Come on. Fred and Chloe. Impersonating a shill. even if perhaps a little inappropriate considering Jim’s claim that they have started flooding

      • Chad Boomer says:

        Voter integrity is a minor problem. We need to build a society free of anti-semitism and racism, find housing for the homeless, cure world hunger and global warming, teach others to be more empathetic and less on capitalism, fight for women’s rights and find a solution to apartheid. Did I mention I’m a complete psychopath and I like to dissect girls. Address the problems with pornography and family unity, promote higher education for the poor, and equity in employment for the disenfranchised.

        • jim says:

          Marginally better. Needs work on funny.

        • The Cominator says:

          Is this channeling the American Psycho character…

          I’ve so far refused to watch the movie because I ah read through part of the book at too young an age, most fucked up thing I’ve ever read and it wasn’t close.

    • Wulfgar Thundercock III says:

      This is the best they can send? Man, must be more cases of Feinstein-McConnell Syndrome going around than we thought.

  16. A2 says:

    Quite a bit to chew on! I read only about half of it this time around.

    Immediate reactions:

    – Somewhat funny that plain trees get adorned with the old joke of being upside down while zk-snarks and zk-starks don’t even merit writing out the acronyms.

    – I didn’t at all like mixing sql concepts (from a series of database standards) with computer science data structures.

    – Structs should probably be explained with some canonical sorting order and/or canonical way to flatten.

    – Is there some way for bad or large actors to reintroduce huge vertexes in a small vertex DAG?

    – Also a lot of background/requirements/etc missing but you did warn about that.

    • jim says:

      > – I didn’t at all like mixing sql concepts (from a series of database standards) with computer science data structures.

      I have been analyzing a variety of ways to implement this architecture, and they all turn out to be closely related from the point of view of sql What is a table in one algorithm is a view in the other algorithm.

      > – Is there some way for bad or large actors to reintroduce huge vertexes in a small vertex DAG?

      Anyone can introduce a vertex as big as he likes, but he is the one that has to produce the proof for it. The stuff on broadcast channel is all defined to be quite small vertices – the typical merkle tree vertex is two hashes and a small bitfield, which is a part of the primary key. I don’t propose merkle patricia trees because I think you are going to be able to program the blockchain in sql, but because that architecture gives us a logarithmically large path of small vertices to prove the data to justify an unspent transaction output.

      There are no end of ways one can structure the merkle dag, but if one is going to structure it to allow people to prove the validity of an unspent transaction output in a logarithmically large number of small merkle vertices, the relationship between the structures is the relationship between equivalent database schema.

      > – Also a lot of background/requirements/etc missing but you did warn about that.

      I tried to list all the requirements that are needed, but I am not going to explain even briefly and cryptically, did I miss a few?

      • A2 says:

        I have been analyzing a variety of ways to implement this architecture, and they all turn out to be closely related from the point of view of sql What is a table in one algorithm is a view in the other algorithm.

        I’m assuming you could rephrase these as simply mappings with certain specified properties? Then again, it might be your usage just triggers my CS autism.

        I tried to list all the requirements that are needed, but I am not going to explain even briefly and cryptically, did I miss a few?

        I’m not really knowledgable in the subject, so some of the stuff comes a bit out of the blue. Probably more obvious to the more experienced reader, so never mind.

        Merkle DAGs: OK, so if I understand it correctly, the cost (proof) of a vertex is paid (only?) by the issuer and you show there is a way to keep the vertex sizes small while the number of vertices is also logarithmic, reducing the cost of the proofs substantially (even asymptotically?).

        • jim says:

          The problem is proving the public reliable broadcast channel. Everything else is private, and the peers submit proofs that their private data is the result of valid transactions whose hash has been registered on the public reliable broadcast channel. Which grows only logarithmically, but is still pretty big, and we want proofs that are logarithmic in the size of public broadcast channel.

      • dave says:

        Yes the usage of SQL Indexes as a method for relating the hashes is interesting, and felt a bit like a throwback. But the lightbulb clicked on when Jim said that at the core a SQL Table/Row/Index is just a struct. At the memory/storage level databases are just an opinionated struct with a normalized way to query them (SQL). Nice.

  17. Sorry Jim, but your crypto currency needs to be fungible enough for Democrats to send a bunch of it to Ukraine, have it laundered and sent back to Democrat campaign funds, and then when Sam Democrat-Democrat gets caught doing it, have the Democrat AG “decide” not to prosecute.

    • jim says:

      Sam Bankman Fried’s scam did not involve any actual bitcoin. He did not understand bitcoin, his customers understood it less, and people who are out of their depth when attempting to do stuff are easily scammed. It involved talking a lot about bitcoin very fast to ignorant people.

      No one got scammed by investing in actual bitcoin. They got scammed by putting their money into government regulated financial accounts.

Leave a Reply