For many years Zero-Knowledge Proof systems have been considered to be a hope for solving the Blockchain Scalability Problem. Numerous ZK-projects backed by the top tier VC funds promised to compress gigabytes of blockchain data to succinct snapshots and provide the full node security to light-weight clients.   

One large smoked mirror was a Random Orackle Model. It served as a backbone for many ZKP schemes. In particular those schemes that have promised to compress blockchain history into tiny succinct snapshots, build recursive SNARKs, deliver verifiable computation, etc.   

Recent research exposes a fundamental flaw in the argument.

1) How to Prove False Statements: Practical Attacks on Fiat-Shamir
https://eprint.iacr.org/2025/118

2) How to prove false statements? (Part 1)
https://blog.cryptographyengineering.com/2025/02/04/how-to-prove-false-statements-part-1/

Do we observe the start of the foundational crisis in the scaling ZK paradigm? What are your thoughts?

Very well. Good job.

However, it means that the first transaction is not recorded on the blockchain before Bob submits the second transaction. It means the first transaction should stay unconfirmed in the mempool for some time and miners should be restricted from including it into the blockchain. While this transaction is unconfined, Bob is vulnerable to double spend attacks. In this setting, Bob has to trust Alice.

Bitcoin is already criticised for having long transaction confirmation time. In this scheme, first tx get confirmed long time after it was signed by Alice. I saw businesses which try to join multiple transactions into a single one. However, it is inconvenient for their clients.

If network usage is negligible then why do have block size problem?

1) Are you talking about the UTXO model?
2) It will be awesome if you support your claims with proper mathematical calculations.
3) Don't forget about network data propagation delays.
4) Remember that blockchain security relies on full nodes that do all verifications in full against all protocol rules. Full nodes never rely on any spv-like proofs. There is no compromise here on what is better. There are no "options" here to think about.
5) Finally. Could you estimate what is % of transactions go in chains "Alice->Bob->Charlie" within short time intervals compared to stand-alone transactions "Alice to Bob"? If transactions which could be "batched" are very rare, then how can you get any non-marginal efficiency improvement here?

Don't you think this combined transaction will occupy comparable amount of block space? It might have the same amount of computational and network data cost. You still need to propagate and verify the transaction signed by Bob. It's a hidden cost.

I agree. Can we have a tps without corrupting immutability and censorship-resistance in its pure Bitcoin meaning?

Also people might have different perspective on what is "immutability" and "censorship-resistance". Sad but true.

What is your perspective on the Block Propagation Delay problem?

I agree with this concept. We talk about an alt coin. It might be merge-mined with Bitcoin. From your perspective, what fundamental characteristics of Bitcoin shouldn't be changed? What could be sacrificed?

Here is a short list:
1. 21 min supply cap
2. Max block size
3. Average block rate
4. (your version)

Zero-knowledge proof technology in crypto space is used privacy coins or transaction with more difficult traceability.

Unfortunately, information about ZKP broadcasted by influencers in social media is often a bullshit. This information often has a form of "explanation of ZKP for dummies". Your "example" is a typical example of this misinformation. No ZKP can prove that ones name is Frolo.

The best example of ZKP is a common fraud. A fraudster (prover) decepts (prove) a victim (verifier) that his statement is true by providing irrelevant data and exploiting victims confusion.

In ZKP model "true statement" is not the one what is true but one which is accepted as a true by the victim of deception.       

In no way. It's a popular myth. It's a wrong question. The correct question is what is "scalability".


The same environmental advantages as fiat has over Bitcoin. Fiat currency could printed out of thin air with little to no energy consumption. But when you print fiat and buy goods with it, you indirectly stimulate environmental pollution in various ways.


It's a wrong question.


Yes. Any system could be attacked. Check the story of DAO Hack in Ethereum network in 2016 as an example.


They play the same role as parliament in the autocracy. Validators benefit if they keep up with the line determined the ruling party leader and could be slashed if they fall behind.

PoW consensus algorithm is a backbone of a decentralised blockchain network. It's robust and unstoppable.

PoS reward distribution mechanism is a backbone of an unregistered security market. It's often used to conceal a central authority and distribute profits to shareholders in a public company.

I wish next hype to be around decentralisation.

I think "the problem with AWS" is infinitesimally small compared to other centralization issues of ETH. If the network is truly decentralized, it should tolerate events when 50% of nodes go offline. Why do we even discuss this "problem"? Maybe we see a symptom of bigger problems with ETH.

I believe people will respect those rules. Those, who are tired of dull shitcoin advertising, will appreciate that.

I propose you to describe your ideal altcoin. Please, focus on the product and technology. Follow these rules:

1) Don't mention cryptocurrencies, project names, brands, etc.

2) Don't mention potential revenue, high returns, limited supply, deflationary economics, staking revenues, benefits to early adopters, airdrops or any other form of benefits associated with tokenomics.

3) Don't mention people behind the project and their qualities.

4) Don't mention wide adoption, exposure in media, good perception of the product, faithful community, listings on exchanges, and etc.

5) Wishful thinking is not prohibited but try to be realistic.

Could you, please, define what is "blockchain sharding" based on those good resources? Could you answer the question of the topic starter:

Yes. Notice, your argument highlights the fact that blockchain network != database
All these points are relevant to blockchain networks. Databases don't necessarily have those steps and bottlenecks. Although blockchain network has a database under the hood, it's not everything. Some people oversimplify a blockchain network to a database which could be optimised by sharding. This viewpoint is inaccurate.

If some step of the process gets optimised, it doesn't mean the whole process gets optimised, especially, if optimisation of the one part goes ar the cost of other components. 

Such papers often confuse people. Before diving into this topic, you should understand that the database is not a blockchain network. "Database sharding" has nothing to do with "blockchain sharding". Think about this and don't get confused by plausible reasoning of prominent blockchain gurus.


No, it doesn't work that way.


No, it doesn't work that way. Let's put aside decentralized blockchain networks and consider original "database sharding". Database sharding is not always an improvement. It's a trade-off that is helpful only in certain cases in certain circumstances. When you split data into "shards", split processes into threads and distribute everything between separate hardware devices you might get some benefit from parallelism. However, you often get an overhead created by managing concurrent threads and associated delays. Sometimes this overhead is so huge that gains from parallelisation can't outperform it.

Therefore, database sharding is often a trade-off. It might be acceptable and it might be unacceptable. Database sharding is not a magic stick which solves all problems of databases. Neither it's not a magic stick in the context of decentralised blockchain networks. On top of that, as I said, the concept "database sharding in blockchain context" is not clear and straightforward.


What you call "data sharding" has been already implemented in Bitcoin from the day one. In Bitcoin, transactions within one block often could be processed in parallel by a node.

1) Full ASIC-resistance is a myth.

2) The belief that ASIC-resistance might improve decentralisation is another myth.

3) Alternative utility for mining equipment reduces the cost of the 51% attack. So it simplifies 51% attacks.

Is ASIC-resistance necessary? It depends on what is your goal.

Let me try.

1) Is LayerZero compatible with decentralized blockchain networks such as Bitcoin? What are prerequisites for compatibility of LayerZero with existing or future blockchain networks?

2) > LayerZero is a communication protocol

Who is supposed to use this protocol? Could you list all groups of participants based on their role? What data they should poses in order to be able to play their role in the network?

3) > Its core function is to ensure "valid delivery." This means the receiving chain correctly matches and verifies transactions from the sender chain, eliminating the need for middlemen.

What it means to "verify the transaction"? What verification steps can LayerZero support and what steps it can't support?

4) > The protocol implements generic messaging that provides trustless valid delivery of arbitrary data.

What means "trustless valid delivery of arbitrary data"?