Fly Client Proposal

[Zac Mitton]

Hi, Ive been looking into FlyClient first described here. I don't see any BIPs, or previous discussion in this forum about it either.

On bitcoin It could allow a light-client to verify the entire work of the heaviest chain with a single ~100KB proof.

It can theoretically be done as a soft-fork by injecting a single hash into the coinbase tx (similar to how segwit is committed to). 

What do you guy's think?

[Super Testnet]

Seems pretty cool. It looks like it has similar trust assumptions as a standard light client: the light client trusts the merkle root once it is buried under several blocks of proof of work, believing that an attacker is unlikely to do all that work just to fool a light client (especially when they could have been actually mining bitcoin with all that hashrate). A nice property is that, to get started, a fly client does not have to download a variable number of block headers (namely, all of them, however many there are), only a constant number of block headers, and it's a pretty small total number. That property seems to make fly clients more efficient than standard light clients.

[Nuh.dev]

FlyClient is very useful compared to SPV client, especially for blockchains with much more headers per day than Bitcoin. But fortunately, this is one of the few soft forks that we don't actually need, because we can substitute with a STARK proof as you can see here; https://github.com/starkware-bitcoin/raito ... so any energy for gathering consensus for a soft fork, before Bitcoin ossifies forever, is better spent elsewhere.

[Zac Mitton]

It makes sense that a STARK proof can do similar, however the 2 benefits to this would be that (1) This doesnt require (any) more strict assumptions which I'm assuming STARKS do, and (2) just the sheer simplicity of its design. Sorry to bring up a touchy topic but is the STARK version quantum safe, for instance? The flyclient version requires no new cryptographic assumptions beyond the "honest mining majority" used currently.

Admittedly my dumb brain understands it better. I assume it would get grouped into some larger softfork rollout...

[Nuh.dev]

Yes, STARK proofs are post quantum secure, as they don't require much more than polynomials and hash functions, and they don't have trust assumptions like SNARKs, which is why they are called scalable Transparent arguments of knowledge.

STARKs are not too difficult to vaguely understand, and in fact they aren't too different from FlyClient, both start from an interactive proof, then use Fiat-Shamir heuristic too convert it into a non-interactive proof, the major difference is that FlyClient does that over a specific function (sum of Work), whereas STARK needs to prove arbitrary functions, usually a CPU instruction set.

Finally, there will most likely not be any future soft forks, not even string concatenation in Script, so we are lucky this one doesn't need consensus change. 

[Tom Harding]

In the linked presentation by Benedict Bünz, it's worth listening to the first audience question/answer.  Questioner is spot on that an SPV client polling the network to gain probabilistic confidence of unspentness could easily subsume the task of gaining input inclusion proofs from the network, with no forking change necessary.

[Tom Harding]

Zac, 

That's probably because the question, and my post, are off-topic.  They are not about FlyClient, which is not interesting to me because bitcoin's header chain is tiny.

Instead they touch on two techniques which would improve on most historical implementations of SPV clients by adding protocol support for them.

Sorry for the distraction.

Tom

On 5/3/26 12:26, Zac Mitton wrote:

Tom I can’t seem to grok the question or your explanation of it. Could you spell it out for us in detail?

Thanks, Zac

[Zac Mitton]

Ok, Let's keep this thread about Flyclient on Bitcoin. The challenges related to actually getting a soft-fork into bitcoin are best discussed elsewhere.

If anyone has information related to progress on this, or implementation ideas please help by posting here or DMing me. I will try to aggregate.