Or, keep it simple. Prove in zero knowledge that you know the preimage to the hash, and “somehow” use that to spend the coins. A proper approach here would need to be designed carefully, and subjected to a rigorous security analysis. —End of edit.]
Well I don't think that would work. But if you think so then maybe you can explain more about how you can just spend bitcoin by proving you know the pre-image of the hash. Using words like "somehow" doesn't help your case at all.
The reason not to use trap addresses is that they trap unspendable coins in the UTXO set.
For that reason, and only that reason, the one and only correct way to burn coins is to use OP_RETURN.
I tend to agree but the thing is nodes don't have to store OP_RETURN transactions. Those are provably unspendable so if you want to have something that is stored by every node forever then you have to store it in the utxo set.
It is not merely theoretical. Zcash has been deployed in production for almost six years, running a financial network where you prove in zero knowledge that you ran a program that validates your own transaction. Consensus nodes then verify your proof, without knowing any information about the transaction’s inputs and outputs.
i'm still skeptical that you can do anything to make bitcoin be quantum resistant using zk snarks. and make it be efficient and make it so that i never need to share my public key all i ever need to do is share my address. if that was the case then why wouldn't bitcoin be doing that right now?
I have believed for years that zero-knowledge proofs will take over the world. When time permits, I will open the new thread that I’ve been intending for days about zero-knowledge proofs, and the application thereof in Bitcoin. It will be self-moderated to cut noise.
i doubt such a thread is going to accomplish any meaningful objectives because you seem to have a disdain for people you deem to not know as much about the topic as you do.
Worries about the security of an address with human-language semantics that take the whole Hash160 are logically equivalent to newbie questions about “what if someone accidentally generates the same private keys as I do?”
you don't even know if the bitcoineater hash corresponds to a public key or not. there may not even exist a public key that hashes to it.