[iskander]

I think the initial impractical prototypes for the core techniques were in the literature for a while but there's really no comparison between eg interactive ZK protocols and the succinct non-interactive proofs used by the cryptocurrency folks. The latter are computationally general (you don't have to roll a new one for each program) and many orders of magnitude more efficient.

I think it's important to give the cryptocurrency industry credit for the few corners in which it makes real (theory/tooling) contributions even if they're motivated by nonsense

[danbruc]

I did not want to say that they invented or improved nothing, just that a lot of the building blocks already existed. I just looked this up, non-interactive zero-knowledge proof also seem to have a history back to the late 80s, but if cryptocurrencies gave us some improvements and new ideas that made them more practical, fine, I am not going to complain about that.

[iskander]

Like, huge tangible improvements.

You can do general purpose programming in all kinds of DSLs and Rust libraries that compiles down to big-but-practical arithmetic circuits and then generate proofs that y=f(x) without revealing x for arbitrary f. That really wasn't possible until a few years ago and emerged almost exclusively within the sphere of cryptocurrency-adjacent research. You can also use the succinctness of SNARKs to batch these proofs and shrink the verifier costs to almost nothing

It's a cool model for asymmetric computing, with low capacity verifiers collecting results from high capacity provers. It'll probably find uses outside deranged gambling...