Members You The following information can be found: Ethereum R&D Team Zcash Company They They are collaborating on a research project that examines the combination of privacy & programmability in Blockchains. This Publication In the case of simultaneous, in the zcash blogIt co-authored by Ariel Gabizon (Zcash() Christian Reitwiessner (Ethereum).
Ethereum’s Flexible Smart contracts interfaces are able to support many applications that were not yet imagined. The The Privacy option can increase possibilities. ImagineFor A smart contract, for example, can be used to conduct an auction or election over the blockchain. HoweverIndividual votes or bids cannot be disclosed. Another One One possible scenario is targeted disclosure. This would allow users to prove their presence within a city, without having to disclose their exact location. The This This is the key to gaining these capabilities. Ethereum Is Zero-Knowledge Non-Interactive Succinct Arguments (zk–SNARK), the cryptographic engine which underlies all of it Zcash.
One The The company’s vision Zcash, whose codename Alchemy ProjectThe The goal is to facilitate a decentralized exchange between participants. Ethereum Zcash. Connecting These It is possible to use two technologies and one blockchain, one for privacy and one for programmingability. This makes it much easier to develop applications that can use both.
As Part You can find the Zcash/Ethereum Technical collaboration Zcash’s Ariel Gabizon Visited Christian Reitwiessner From The Ethereum hub in Berlin A few weeks ago. The Highlight of the tour: A proof-of-concept implementation by a zk–SNARK verifier written in SolidityPrecompiled Ethereum Contracts For the Ethereum C++ client. This work complements baby zoe , where a zk–SNARK precompiled contract has been written Parity (the Ethereum Rust client). The Updates We also included small cryptographic primitives, such as multiplication and addition, matching elliptic curves, and implementation of the remainder in. Solidity, which allows for greater flexibility and allow for a variety zk–SNARK constructs without the need to use a hardfork. . . Details These They will be made available when they are made available. We Tested We verified the privacy-preserving code. Zcash Transaction On a testnet Ethereum blockchain.
The Verification took 42 milliseconds. This These pre-compiled contracts are easy to add to, and the gas costs for their use can be very affordable.
What What This system can be used to accomplish many things.
The Zcash System Reuseable Ethereum To Protect your tokens with customized tokens Such Tokens already available for voting (see below) or blind auctions, in which participants may bid without knowing the total bids of others.
If You You can use these commands for a proof-of-concept. If Seek For any questions, you can get assistance. https://Gitter.im/ethereum/privacy-tech
git clone https://github.com/scipr-lab/libsnark.git cd libsnarksudo PREFIX=/usr/local Take The following steps are required: NO_PROCPS=1 NO_GTEST=1 NO_DOCS=1 CURVE=ALT_BN128FEATUREFLAGS="-DBINARY_OUTPUT=1 -DMONTGOMERY_OUTPUT=1 -DNO_PT_COMPRESSION=1"lib Installcd ..Git clone --recursive -b snark https://github.com/ethereum/cpp-ethereum.gitcd cpp-ethereum./scripts/install_deps.sh && Cmake . -DEVMJIT=0 -DETHASHCL=0 && Take The following steps are required: ethcd ..Git clone --recursive -b snarks https://github.com/ethereum/solidity.gitcd Solidity./scripts/install_deps.sh && Cmake . && Take The following steps are required: soltestcd .../cpp-ethereum/eth/eth --test -d /tmp/test# And On A second terminal./solidity/test/soltest -t "*/snark" -- --ipcpath /tmp/test/geth.ipc --show-messages
We Also We discussed aspects of zkSNARK’s incorporation into this document. Ethereum BlockchainWe are currently expanding our reach to this area.
Deciding Which Pre-compiled contracts can be used for defining
Remember A SNARK is a quick proof of ownership. Privacy SNARK can have additional features. Ethereum Blockchain Is a client who can confirm this proof.
In All Recent constructions were verified only using operations on elliptic curves. SpecificThe Checker involves multiplication and scalar adding on a group of elliptic curves. It Also, a more invasive operation would be necessary called Bilinear Matching.
as mentioned HereImplementing These operations directly in the EVM are expensive. ThereForePreThese types of operations would benefit from well-written contracts. NowThe The question is now: At What level of generality are these pre-compiled contracts?
The Security The parameters of the curve determine the level of SNARK. RoughlyThe Higher order of the curve means higher embedment. This Based on that curve, the SNARK’s safety rating is determined. On HoweverThe more quantities you have, the more expensive it is to operate on the curve. ThereForeUsing SNARK contract developers can adjust these parameters to fit their efficiency/security goals. This PreContracts with high generality and high-quality compiling are a great way of avoiding tradeoffs. Contract Designers have access to many curves and can choose from them. In In We start with high levels generality. The A description of the curve is required for contract entry. In In Smart contracts can calculate sums for any number of elliptic curves in such cases.
One The Problem with this approach is the assignment the gas cost to operation. You You You will need to assess, based upon the curve description and without any access to any specific implementations, the cost of a group operations on the curve in the worst possible case. Another The best approach is to let all the curves happen within a family. We When Work with the Barreto-Naehrig The Based on the parameters of these curves, you can use (BN) family curves to estimate the cost for a matching operation. Since Since all curves can support the same type optimal, it’s possible to approximate how much money will be needed. Ate matching. . Here Is It is Sketch How This precompile could be used to calculate the gasoline cost.
We Although This discussion taught me a lot and I came to the conclusion that it was good idea. “keep it simple” For We were able to prove the concept and decided to implement contracts specifically for this curve. Zcash Currently used. We Wrappers These were used to signify the functions of the respective functions within the libsnark library that can be used by anyone Zcash.
Note It It is possible to use a wrapper which covers all SNARK verification functions as they are currently used. ZcashAs In the Baby ZoE project mentioned above. HoweverThe It is possible to use a variety of SNARK constructions by explicitly defining elliptic curve operations. TheseAll lookers can be used with a combination of these elliptic curve operations.
Zcash For New anonymous tokens and other applications allow for configuration reuse
As As SNARK, as you may be aware, requires that a user register. Complex Phase of setup These These are the parameters for the public system. The The This is a major problem for circuits that require SNARKs to be safe generated. Simplifying This We haven’t been able to achieve the setup phase, which is an important goal.
The The The good news is that anyone wishing to issue a token supporting privacy protecting transactions can simply reuse the public parameters. Zcash It a safe and secure way to generate it. It It It can be used again as long as the circuitry used in verifying privacy-preserving transactions and not intrinsically tied with a cryptocurrency or blockchain. InsteadOne It is the root of all that is explicit. Merkle Tree It contains all valid currency notes. Contains all the valid currency notes.This You can modify input according to the currency that you choose. AlsoIf It’s easy to create a new anonymous token. You You You can do many things that aren’t like tabs. For For Let’s say, for example, that we would like to have an anonymous vote in which one of the options is chosen over the other. We Each voter can receive an anonymous token custom-made for voting. Since There No “mining”It It is impossible to generate tokens using any other method. Now Each The party sends its currency to one of the addresses that is based upon their vote. The Address The election result is determined by the highest balance.
Other Apps
Below It It is non-token-based and easy to construct. “selective disclosure”. You You You can send an encrypted message (such as one that includes your physical location) at regular intervals. This You can combine signatures from different people to prevent spoofing. If If You have a unique key that you can use for each message. Howeverzk–SNARK allows you to show that you were there without having to disclose exactly where. Inside The zk-SNARK lets you find your location and confirm that it’s within your locality. Due Everyone The zero-knowledge property can be used to verify verification. HoweverNo one can find your exact location.
work ahead
Achieving The These functionalities include the creation of anonymous tokens and verifying Zcash Transaktions The following are the Ethereum Blockchain() will require the implementation other elements. Zcash In Solidity.
For To To implement the first functionality, it is necessary to have a way for tasks to be made available by nodes within our network. Zcash NetworkUpdate and maintain the note commit tree.
For The Second functionality must be implemented Equihash Algorithm for proof-of-work Zcash In Solidity. OtherWiseAlthough Although the transactions can be confirmed to be valid, it is not known if they were actually integrated into our system. Zcash blockchain.
FortunatelySuch An implementation was writtenHoweverTo make it more practical and usable for everyday use, we need to improve its efficiency.
Recognition: Thanks To Sean Bowe Technical Support We AlsoWe are grateful. Sean Vitalik Buterin For Please leave helpful comments Ming Chan For editing.
