Learn Zcash

What are zk-SNARKs?

The acronym zk-SNARK stands for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge and refers to a proof construction where one can prove possession of certain information, e.g., a secret key, without revealing that information, and without any interaction between the prover and verifier.

Zcash was the first widespread application of zk-SNARKs, a novel form of zero-knowledge cryptography. The strong privacy guarantee of Zcash is derived from the fact that shielded transactions in Zcash can be fully encrypted on the blockchain, yet still be verified as valid under the network’s consensus rules by using zk-SNARK proofs.

 

Note: With Network Upgrade 5 (NU5) in May 2022, Zcash introduced the Orchard shielded payment protocol, which utilizes the Halo 2 zero-knowledge proving system. Halo is a new zk-SNARK that’s finally capable of solving two outstanding issues in Zcash: removing the trusted setup while hitting performance targets and supporting a scalable architecture for private digital payments. 

 

“Zero-knowledge” proofs allow one party (the prover) to prove to another (the verifier) that a statement is true, without revealing any information beyond the validity of the statement itself. For example, given the hash of a random number, the prover could convince the verifier that there indeed exists a number with this hash value, without revealing what it is.

In a zero-knowledge “Proof of Knowledge” the prover can convince the verifier not only that the number exists, but that they in fact know such a number – again, without revealing any information about the number.

“Succinct” zero-knowledge proofs can be verified within a few milliseconds, with a proof length of only a few hundred bytes even for statements about programs that are very large. In the first zero-knowledge protocols, the prover and verifier had to communicate back and forth for multiple rounds, but in “non-interactive” constructions, the proof consists of a single message sent from prover to verifier. Prior to Halo, the most efficient known way to produce zero-knowledge proofs that are non-interactive and short enough to publish to a block chain was to have an initial setup phase that generates a common reference string shared between prover and verifier. We refer to this common reference string as the public parameters of the system.

If someone had access to the secret randomness used to generate these parameters, they would be able to create false proofs that would look valid to the verifier. For Zcash, this would mean the malicious party could create counterfeit coins. To prevent this from ever happening, Zcash generated the public parameters through two elaborate, multi-party ceremonies for Sprout and Sapling.

 

Share this answer:

Related

Just like Bitcoin, Zcash has a fixed supply of 21 million coins. Their inflation schedules are the same, too.
We recommend using an exchange that supports shielded withdrawals to fund your ZEC wallet. …
In this tutorial we show you how to acquire Zcash (ZEC) and store your funds privately in the Orchard …
Yes. Zcash’s max supply is 21M, so you can be confident your holdings will not get inflated …
Shielded Zcash transactions are encrypted, and users’ addresses, their transaction amount …
Halo is a cryptographic breakthrough discovered by Electric Coin Co.’s Sean Bowe. The Halo …
A unified address is generated from multiple Zcash address types, and with other features, like …