Possible proofs for fungible assets pruning in RGB-20

[dr-orlovsky]

There are some possibilities to make asset pruning verifiable; here I try to summarize them.

Zero-knowledge proofs

The proofs can be made with probabilistic checkable proofs procedure - or, potentially with bulletproofs and these proofs can be included as a binary data state attached to prune seal into pruning state transition.

The issuer during the pruning operation does usual verification process for the pruned assets (confidential amount verification and anchor verification). This process is then encoded as a Simplicity script with inputs used at each of its steps. Next, the issuer computes hash this script with its data and uses it to construct probabilistic checkable proof for 1 to 10% of the proof work (or a bulletproof). This part is serialized and supplied with prune state transition, so any party having these data may verify that the issuer was honest during the pruning process and had not created an asset inflation.

Pruning audit

Another alternative may be that the issuer adds to the pruning transition signatures of independent auditors confirming the correctness of the pruning operation. These auditors verify the complete pruning process with all source data.

The auditors may be

• pre-defined in the issue procedure
• parties selected by the issuer during the pruning
• randomly selected from a set of existing public auditors using some sort of Fiat-Shamir heuristic (like we use some hash of the pruning transition created in such a way that the issuer can not maleate it)

In the latter case we may even use future RGB reputation schema to define the set of auditors in a decentralized fashion