CHIP 2021-07 UTXO Fastsync

bitcoincashautist · June 15, 2025, 11:03am

Yeah, Kaspa already implemented it for their UTXO commitments: CHIP 2021-07 UTXO Fastsync - #75 by bitcoincashautist

BitcoinCashPodcast · June 15, 2025, 11:15am

Peter Rizun was talking about UTXO commitments on Bitcoin Takeover at 1:57:12. Elaborates a little on compact inclusion proofs.

cculianu · June 15, 2025, 2:17pm

Yeah I did a proof of concept using muhash in bchn.

Advantages; much faster

Disadvantage: the data blob for the set itself is not as compact as 33 bytes for ECMH — but rather is 384 bytes. Not huge but not tiny either. So if you wanted to actually embed the set itself into the blockchain (rather than its hash), it’s a bit heavy.

tom · June 23, 2025, 12:23pm

First the obvious;
commitments can work just fine without it being part of the blockchain. LOADS of work to get that done anyway. So the idea to put it in the coinbase is premature by probably several years. I expect that we will never actually need this as software and bandwidth increase fast enough. Though its a cool idea to develop and make ready if I’m wrong.

But the main thing I’d like to point out in regards to the muhash idea is that you can still trivially add a hash in the client (or later in the coinbase) to prove the commitment. All you need to do is move that 384 bytes content to be included in the actual utxo download. Which will be 10GB or so, therefore the extra bytes will not matter.

ABLA · July 17, 2025, 8:02am

I would also add that MuHash provides a root hash as a candidate for committing to the UTXO set in a scalable way. This can be used in UTXO commitments because MuHash by itself doesn’t support Merkle-style proofs or direct filtering, UTXO commitments are still essential for upgrading RPA with ECDH-based one-time addresses (like Silent Payments, BIP352). Without them, wallets would need to scan the full UTXO set to detect incoming payments. A commitment scheme that supports inclusion proofs could allow more efficient filtering, making ECDH-based detection more scalable and usable for light clients.

cculianu · July 17, 2025, 10:44am

Wait – are you saying MuHash is more compatible with a merkle proof scheme somehow? Can you link me to any resources on this?

ABLA · July 17, 2025, 2:11pm

Not at all, thanks to BCA for the correction. I’m saying MuHash can be used as a compact way to commit to the UTXO set. The idea is that if we had an auxiliary structure alongside MuHash (like a Merkle accumulator or an index), light clients could use that for proof-based lookups.

Here’s the Bitcoin Core PR using MuHash for compact UTXO commitment but without proofs:

And here’s Utreexo, a Merkle-like accumulator designed to enable UTXO membership proofs for light clients:

So, MuHash could be one example of a compact UTXO set commitment candidate not that MuHash alone supports Merkle proofs. It efficiently provides a root hash, but to enable filtering or inclusion proofs, you need additional proof structures like Merkle trees or accumulators (e.g., Utreexo) for UTXO Merkle-tree commitments.