## Perspectives on Zcash Origins from Tromer

As we approach Zcash’s second birthday, it’s fitting to look back at the origins of this little experiment. And who […]

## Improved zk-SNARK Multi-party Computation Protocol

zk-SNARKs – the zero-knowledge proofs at the core of Zcash – require a parameter generation ceremony to take place for […]

## Ceremony Audit Results

As a science-focused team, ensuring the security of the Zcash protocol and the users of the network is a natural […]

## Pay-to-sudoku Revisited

Last year, I created a project called pay-to-sudoku which was the world’s first implementation of a zero-knowledge contingent payment (ZKCP). […]

## Explaining SNARKs Part VII: Pairings of Elliptic Curves

<< Part VI In Part VI, we saw an outline of the Pinocchio zk-SNARK. We were missing two things – […]

## Explaining SNARKs Part VI: The Pinocchio Protocol

<< Part V In part V we saw how a statement Alice would like to prove to Bob can be […]

## Explaining SNARKs Part V: From Computations to Polynomials

<< Part IV In the three previous parts, we developed a certain machinery for dealing with polynomials. In this part, […]

## Explaining SNARKs Part IV: How to make Blind Evaluation of Polynomials Verifiable

<< Part III In this part, we build on Part II and III to develop a protocol for verifiable blind […]

## Bellman: zk-SNARKs in Rust

Bellman is a Rust-language library for building zk-SNARKs — small, cheap-to-verify zero-knowledge proofs of arbitrary computations. The goal of bellman […]

## Explaining SNARKs Part III: The Knowledge of Coefficient Test and Assumption

<< Part II In Part II, we saw how Alice can blindly evaluate the hiding :math:E(P(s)) of her polynomial :math:P […]

## Explaining SNARKs Part II: Blind Evaluation of Polynomials

<< Part I In this post, we recall the notion of a polynomial, and explain the notion of “blind evaluation” […]

## BLS12-381: New zk-SNARK Elliptic Curve Construction

Our team is continually working to improve the security, performance and usability of our privacy-preserving shielded transactions. As we mentioned […]

## Explaining SNARKs Part I: Homomorphic Hidings

Constructions of zk-SNARKs involve a careful combination of several ingredients; fully understanding how these ingredients all work together can take […]

## History of Hash Function Attacks

The SHA-1 hash function, which has long been considered insecure, is now officially broken as of yesterday. Given the renewed […]

## Zcash Audit Results

As a security-focused team, made up of world-class talent, we prioritize the security of Zcash users. True security comes from […]