Groth16 verifier with OP_MUL and OP_CAT enabled

[msinkec]

In 2022, the sCrypt team demonstrated a fully functional Groth16 verifier implemented in Bitcoin Script, which has OP_MUL and OP_CAT enabled, in addition to supporting arithmetic operations on larger integers.

https://xiaohuiliu.medium.com/zk-snarks-on-bitcoin-239d96d182bd

For this, they implemented elliptic curve operations for BN-256 along with pairings. They utilized their high-level sCrypt programming language, which compiles down to native Bitcoin Script.

The size of the script is slightly more than 1MB, which would still be too large for practical use on the BTC mainnet in its current form. However, it might still be worth mentioning.