Yes, STARK proofs are post quantum secure, as they don't require much more than polynomials and hash functions, and they don't have trust assumptions like SNARKs, which is why they are called scalable Transparent arguments of knowledge.<br /><br />STARKs are not too difficult to vaguely understand, and in fact they aren't too different from FlyClient, both start from an interactive proof, then use Fiat-Shamir heuristic too convert it into a non-interactive proof, the major difference is that FlyClient does that over a specific function (sum of Work), whereas STARK needs to prove arbitrary functions, usually a CPU instruction set.<br /><br />Finally, there will most likely not be any future soft forks, not even string concatenation in Script, so we are lucky this one doesn't need consensus change. <br /><br /><div class="gmail_quote"><div dir="auto" class="gmail_attr">On Saturday, 2 May 2026 at 23:07:22 UTC+3 Zac Mitton wrote:<br/></div><blockquote class="gmail_quote" style="margin: 0 0 0 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">It makes sense that a STARK proof can do similar, however the 2 benefits to this would be that (1) This doesnt require (any) more strict assumptions which I&#39;m assuming STARKS do, and (2) just the sheer simplicity of its design. Sorry to bring up a touchy topic but is the STARK version quantum safe, for instance? The flyclient version requires no new cryptographic assumptions beyond the &quot;honest mining majority&quot; used currently.<div><br></div><div>Admittedly my dumb brain understands it better. I assume it would get grouped into some larger softfork rollout...<br><br></div><div class="gmail_quote"><div dir="auto" class="gmail_attr">On Friday, May 1, 2026 at 5:03:47 AM UTC-4 Nuh.dev wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">FlyClient is very useful compared to SPV client, especially for blockchains with much more headers per day than Bitcoin. But fortunately, this is one of the few soft forks that we don&#39;t actually need, because we can substitute with a STARK proof as you can see here; <a href="https://github.com/starkware-bitcoin/raito" rel="nofollow" target="_blank" data-saferedirecturl="https://www.google.com/url?hl=en-GB&amp;q=https://github.com/starkware-bitcoin/raito&amp;source=gmail&amp;ust=1777842640649000&amp;usg=AOvVaw3E1ZCe5stHx9LSx6ZDed0G">https://github.com/starkware-bitcoin/raito</a> ... so any energy for gathering consensus for a soft fork, before Bitcoin ossifies forever, is better spent elsewhere.<br><br><div class="gmail_quote"><div dir="auto" class="gmail_attr">On Thursday, 30 April 2026 at 21:55:05 UTC+3 Super Testnet wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Seems pretty cool. It looks like it has similar trust assumptions as a standard light client: the light client trusts the merkle root once it is buried under several blocks of proof of work, believing that an attacker is unlikely to do all that work just to fool a light client (especially when they could have been actually mining bitcoin with all that hashrate). A nice property is that, to get started, a fly client does not have to download a variable number of block headers (namely, all of them, however many there are), only a constant number of block headers, and it&#39;s a pretty small total number. That property seems to make fly clients more efficient than standard light clients.<br><br><div class="gmail_quote"><div dir="auto" class="gmail_attr">On Wednesday, April 29, 2026 at 5:03:36 PM UTC-4 Zac Mitton wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi, Ive been looking into FlyClient first described <a href="https://www.youtube.com/watch?v=BPNs9EVxWrA&amp;t=8386s" rel="nofollow" target="_blank" data-saferedirecturl="https://www.google.com/url?hl=en-GB&amp;q=https://www.youtube.com/watch?v%3DBPNs9EVxWrA%26t%3D8386s&amp;source=gmail&amp;ust=1777842640649000&amp;usg=AOvVaw3DBtdfRWCtRTxbAXH2Ipam">here</a>. I don&#39;t see any BIPs, or previous discussion in this forum about it either.<div><br></div><div>On bitcoin It could allow a light-client to verify the entire work of the heaviest chain with a single ~100KB proof.<br><div><br></div><div>It can theoretically be done as a soft-fork by injecting a single hash into the coinbase tx (similar to how segwit is committed to). </div><div><br></div><div>What do you guy&#39;s think?</div></div></blockquote></div></blockquote></div></blockquote></div></blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoindev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href="https://groups.google.com/d/msgid/bitcoindev/85d0e4fb-26d5-44be-8c1b-461607b2fc28n%40googlegroups.com?utm_medium=email&utm_source=footer">https://groups.google.com/d/msgid/bitcoindev/85d0e4fb-26d5-44be-8c1b-461607b2fc28n%40googlegroups.com</a>.<br />