Hi - thanks for your questions!
Proof size:
For implementing REST-API proofs (e.g. Stripe) we are currently playing with TLS notary (web-proofs) where we expect different data, but we do not have an implementation or data yet.
Prove time - see first link above. On a normal laptop it takes couple of hours for one proof, but we expect a couple of minutes with hardware acceleration. I tested on my lenovo legion 5 gaming laptop, but memory was too little to run the proof on our implementation. Our implementation consumes roughly 35 Million Cycles.
Why risc0: We looked into systems like circom for quite while to add soundness to the data, but risc0 was the first framework which could handle a complex protocol like EBICS where you need to parse XMLs and unzip payload. We already had a system that works with ethereum and substrate, but without ZK. So you needed to trust the backend - more precise, the client which is fetching data from the banking backend. But this is more an integration use case, because it easy to fake the payload (data from baning backend). Risc0/ZK adds “proof-of-computation”, means that you can verify how the data was fetched and finally trust the data. If the bankends would sign their data, we would not need all this (if we ignore privacy).
Abort Transaction:
But once you get the camt53 is issued by the bank the transaction is booked - you can only undo it with a reverse transaction. A daily statement is a legal document and represents “finality” on the banking ledger. Daily statements (camt53) are produced at End-of-day processing, so latency is always next (bank working) day. But I am not sure how this will be with the new “immediate settlement” where a wire-transer takes seconds, and not a day. This new protocoll element is currently rolled out throughout EU, my bank in Switzerland will implement that in August this year, then I will have a closer look. My guess is that the bottleneck of latency will be proof generation time, and not the banking backend any more.
Camt53 on parachain:
You can fake the camt53, because the payload in EBICS (in that case the camt53) is not signed by the bank… so there is no value of doing it that way. Also you would see all other transactions (names, amounts etc), which would be a real bummer for privacy. Personal financal data is the same category as personal medical data, so we need privacy there.
Disputes:
Yes - if we can trust the data then disputes would be a matter of application logic. ZK enables it to process only sound final data which can not be reverted - thats the actual idea. We want to create a “wrapper” which is able to provide exacly this property of soundness. A banking backend (transaction data, balances, buy/sell fiat or other assets) could be used in similar ways as we are bridging blockchain protocols, where we can rely on the finality of data. The CPU time is a issue; but that just how good it can get currently I assume.
Let me know if I have covered your questions.
Cheers, Walter