Zero knowledge proof ethereum forum
We tested the new code by successfully verifying a real privacy-preserving Zcash transaction on a testnet of the Ethereum blockchain. The verification took only 42 milliseconds, which shows that such precompiled contracts can be added, and the gas costs for using them can be made to be quite affordable. The Zcash system can be reused on Ethereum to create shielded custom tokens. If you want to try compiling the proof of concept, you can use the following commands. In all recent constructions, the verification procedure consisted solely of operations on elliptic curves.
Specifically, the verifier requires scalar multiplication and addition on an elliptic curve group, and would also require a heavier operation called a bilinear pairing. As mentioned here , implementing these operations directly in the EVM is too costly. Thus, we would want to implement pre-compiled contracts that perform these operations.
Now, the question debated is: Roughly, the larger the curve order is, and the larger something called the embedding degree is, and the more secure the SNARK based on this curve is. On the other hand, the larger these quantities are, naturally the more costly the operations on the corresponding curve are. In such a case, a smart contract would be able to perform addition in any elliptic curve group. A complication with this approach is assigning gas cost to the operation.
You must assess, merely from the description of the curve, and with no access to a specific implementation, how expensive a group operation on that curve would be in the worst case. A somewhat less general approach is to allow all curves from a given family. We noticed that when working with the Barreto-Naehrig BN family of curves, one can assess roughly how expensive the pairing operation will be, given the curve parameters, as all such curves support a specific kind of optimal Ate pairing.
We did this by using wrappers of the corresponding functions in the libsnark library, which is also used by Zcash. However, the advantage of explicitly defining elliptic curve operations is enabling using a wide variety of SNARK constructions which, again, all have a verifier working by some combination of the three previously mentioned elliptic curve operations.
As you may have heard, using SNARKs requires a complex setup phase in which the so-called public parameters of the system are constructed. The good news is that someone desiring to issue a token supporting privacy-preserving transactions can simply reuse the public parameters that have already been securely generated by Zcash.
The testnet for Ethereum's next big update has successfully verified an important part of a transaction with the virtual cryptocurrency Zcash, bringing the dream of making the blockchain network more privacy-focused just a tiny bit closer to reality. In blockchain protocols such as Bitcoin, all the nodes have to validate all the transactions and can see what they are. Unlike Bitcoin, Zcash uses cryptographic tech called "zero-knowledge succinct non-interactive arguments of knowledge" zk-SNARKs to let its chain validate transactions that are encrypted, offering additional privacy.
Byzantium is the next major hard fork of Ethereum , which began testing Tuesday. On the same day, a smart contract verified that some sender on the Zcash network sent money to some recipient on the Zcash network, but there is no info about who they are or how much was spent. Given the clear advantages, there have been several proposals to tie Zcash's anonymity protections into Ethereum.
Bas van Kervel, an Ethereum developer based in the Netherlands, told The Register that "verifying zk-SNARKs is a computational heavy task if implemented in pure smart contracts" so the system uses some optimisations behind the scenes.
Elliot Shepherd, VP of technology at identitii, which offers a database built on blockchain tech, told The Reg that the validation test is "absolutely significant in a view of how disparate chains could work together". Chicago-based blockchain consultant Taylor Gerring told The Register: He cautioned that it's not clear if full encryption of all sensitive data on the blockchain would "ever come out of the research phase" because bringing it to life might be a "balancing act" between privacy and scalability.
At an Ethereum core developer meeting earlier this month, devs decided the Byzantium testnet will run for at least three weeks before the mainnet hard forks. Minds Mastering Machines - Call for papers now open. The Register - Independent news and views for the tech community. Part of Situation Publishing. Join our daily or weekly newsletters, subscribe to a specific section or set News alerts.
The Register uses cookies. But I did log in to the portal, Dave. Blame everything on 'computer error' — no one will contradict you If you're a Fedora fanboi, this latest release might break your heart a little Microsoft's latest Windows 10 update downs Chrome, Cortana LLVM contributor hits breakpoint, quits citing inclusivity intolerance. Master Amazon Web Services: Get on top of reliability with our best practices webinar El Reg's Serverless Computing London call for papers shuts tonight Now that Kubernetes has won, DigitalOcean takes a late dip in K8s Software dev and deployment luminaries head to Westminster.
If customers' data should be protected, why hand it over to Zuckerberg? My PC is on fire! Can you back it up really, really fast?
Geek's Guide Pentagon in uproar: Boffins think they've found the evidence Shocking.