This article was first published on Zcash
Since the successful Sapling network upgrade, we have already seen an increased adoption of shielded addresses in the Zcash ecosystem. Services like mining pools are beginning to offer shielded address payouts to customers. Further, the number of third-party desktop wallets supporting shielded addresses is also rising. Looking ahead, shielded address light client support will promote even wider adoption. This is just the beginning for Zcash’s mission toward a shielded ecosystem.
The increased adoption of shielded addresses is due to the underlying advancements of Zcash cryptographers. They have developed and implemented significant changes to the zero-knowledge proving mechanism in Sapling. Years of research and cryptographic design work have produced these improvements which build upon existing schemes and invent new ones.
In order to understand the advancements used to reduce proving time and memory costs, we can break down the overall implementation into three components.
Bowe-Hopwood Pedersen Hash
The first of these comes from Zcash cryptographers, Sean Bowe and Daira Hopwood. Their work improved the efficiency of the Pedersen hash function for use in Zcash’s zk-SNARK circuit.
The majority of the zero-knowledge proof operation in shielded transactions consists of generating hashes. Therefore, an improvement here has a significant effect on the time requirements. By replacing the pre-existing SHA-256 hash with the new Bowe-Hopwood Pedersen hash, the time for shielded address payments in Sapling is already reduced by 75%. For details on this, refer to the Zcash protocol specification at section 184.108.40.206 “Pedersen Hash Function.”
The second component we’ll consider is the zk-SNARK implementation, which involves two subcomponents. First is the elliptic curve construction and second is the proving system. The legacy implementation is a Zcash fork of libsnark which uses elliptic curve bn128 and the proving system described in BCTV2015 (“Succinct Non-Interactive Zero Knowledge for ...
To keep reading, please go to the original article at: