Towards Cryptographic Privacy and Trust in Financal Transactions … Meet Halo, zkSnarks and Trusted…

Towards Cryptographic Privacy and Trust in Financial Transactions … Meet Halo, zkSnarks and Trusted Setups

I am not an economics professor and have no Bitcoins, so I will not give a long pitch on why the world’s economies should or should not move to cryptocurrency. But, I love the science and maths-related to cryptocurrencies, and in the way that the area has broken down massive barriers in creating a trustworthy, secure and auditable financial infrastructure. One of the major challenges, though, is to move away from the pseudo-anonymous trading of Bitcoin and Ethereum towards something that would be anonymous at the ledger level — Layer 1 in a new finance stack. We could then build overlays on top of this to ensure that we could still trace and audit things. Financial organisations could thus use the Layer 1 ledger and then build auditable systems on top of this. We must not forget the problems of the past, and the way that the auditing of our financial infrastructure almost caused our banking infrastructure to crumble. We thus need improved methods of digitally verifying the transactions undertaken at any point in time, and at any point in the past.

Zcash

At the forefront of this strive towards an anonymous ledger for cryptocurrency has been Zcash (ZEC)— created and developed by the Electric Coin Co. (ECC). For this, we must turn to Zero-knowledge Proofs (ZKP), in order to prove that Bob has enough cryptocurrency to pay Alice at that specific time, without revealing his actual balance, and all his transactions from the past. If it could be created in this way we would then have a perfect finance foundation layer, and where we can mathematically prove things, without revealing the underlying transaction data. This method would assure that Bob cannot double-spend and that he has enough cryptocurrency to pay for his spending. Within Zcash, each block is created within 75 seconds and checked and committed by miners.

Zcash has generally focused on privacy-preserving transactions as a core USP. It is currently the 69th most valued cryptocurrency and with a market capitalisation of around $2 billion:

Monero — the other major anonymous cryptocurrency — sits with a current capitalisation of around $4 billion.

Over the past few years, Zcash has focused on solving the challenge of creating anonymisation within transactions. It was launched in Oct 2016 and founded by Zooko Wilcox-O’Hearn (who was previously involved within the Digicash project and is also a co-inventor of the BLAKE3 hash function). He worked on the initial Zcash protocol with academic researchers from John Hopkins University, MIT, Tel Aviv University, and Technion.

The first releases — in 2018 — of Zcash were named the Sprout series and included Overwinter and Sapling. The next upgrade came at the end of 2019 with Blossom, and reduce the time to create a block from around 150 seconds to 75 seconds. Heartwood and Canopy followed in 2020, and where the miner’s reward was cut in half from 6.25 ZEC to 3.125 ZEC. The reduction to 75 seconds is a significant improvement over Bitcoin, and which create a new block every 10 minutes or so.

We can view the ledger here:

The miners use a Proof-of-work approach must produce a SHA-3 hash in order to receive a reward. In the blocks above we can see that there are between 538 and 2,795 transactions in each block. Within each block we have transactions, and which related to wallet addresses. These can begin with a ‘t’ for a transparent address, and ‘z’ with a private address. In the following we see an, as yet, unconfirmed transaction, and which uses a transparent address:

With a t-address wallet we can see all of the details of the transactions and the balance [here]:

Overall, though, we then have four types of transactions:

• t-to-t (Public). This is a public transaction and where the balance and the amount are visible — as we would see in a Bitcoin transaction.
• t-to-z (Shielding). This shields the recipient but exposes the sender’s t-address.
• z-to-t. (Deshielding). This transfers the funds from a shielded transaction to a recipient.
• z-to-z (Private). Both the recipient and the sender details are kept private, along with the balance and amount.

The block mining rewards are split 80:20 with 80% given to the successful miner, and 20% given to the “founders reward”. This founders reward is now distributed to Major Grants Fund (8%), ECC (7%), and the Zcash Foundation (5%). With Bitcoin, the reward is half every four years, with a current reward of 3.125 ZEC.

zkSnarks and Halo 2

There have been attempts at creating shielded transactions, such as Mimblewimble in Bitcoin. This involves the usage of Pedersen commitments to prove that Bob has enough cryptocurrency to pay Alice. Here is an overview of the method:

Zcash has gone through several iterations for the methods that they use for shielding the transaction and now focus on the zk-Snark method. zkSnarks were first proposed in [2] and then in a practical implementation [3]. The area has been recently advanced with the creation of range-proofs with the Bulletproof method [4] and zkStarks [5]. A weakness of zkSnarks has always been the trusted setup of the zero-knowledge proof. To address this, Zcash has produced the Halo 2 zero-knowledge proving system (with a reserved name of ZIP 224). Within the Halo project, Zcash has created a way that allows miners to upgrade themselves without the need for a trusted setup [1]:

If you are interested in the details of zk-Snarks, you can try here:

Crypto curves: BLS12–381 and Pallas

Along with way, Zcash has broken through many barriers including the creation of an elliptic curve which is efficient in creating pairing-based cryptography (as used in zkSharks). This curve is named BLS12–381 [1] and is now used within many zero-knowledge applications:

https://asecuritysite.com/golang/bls12

Within their Halo 2 project, and they have even created a new set of elliptic curves. This includes the Pallas curve which is included in the Coinbase Kryptology library:

https://asecuritysite.com/kryptology/pallas

A key focus for this curve is that it is efficient in recursive proof systems.

Conclusions

The focus for Zcash at the present is creating a foundation layer for financial transactions — Layer 1 — and at this layer all the transactions are anonymous. If successful, other financial infrastructures could build on this, and then add then own linkages to their systems. This would — in fact — build a new financial model that would integrate privacy at its core, and, more importantly, build complete trust. If Zcash can show the aggregated proofs can be achieved at scale, it will certainly prove a new model for the future.

In terms of innovation in the area, the field is just ready for new innovators to come along and build on Zcash, and develop new applications which would allow for instant auditing for our financial infrastructures. The downside, of course, is that there are bad people using privacy-preserving methods for their own gain.

References

[1] Bowe, S., Grigg, J., & Hopwood, D. (2019). Recursive proof composition without a trusted setup. Cryptol. ePrint Arch., Tech. Rep, 1021, 2019.

[2] Bitansky, N., Canetti, R., Chiesa, A., & Tromer, E. (2012, January). From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In Proceedings of the 3rd Innovations in Theoretical Computer Science Conference (pp. 326–349).

[3] Gennaro, R., Gentry, C., Parno, B., et al.: Quadratic span programs and succinct nizks without pcps. In: Proceedings of Advances in Cryptology — EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, 26–30 May 2013, pp. 626–645 (2013)

[4] Bünz, B., Bootle, J., Boneh, D., et al.: Bulletproofs: short proofs for confidential transactions and more. In: Proceedings of 2018 IEEE Symposium on Security and Privacy, SP 2018, San Francisco, California, USA, 21–23 May 2018, pp. 315–334 (2018).

[5] Ben-Sasson, E., Bentov, I., Horesh, Y., et al.: Scalable, transparent, and post-quantum secure computational integrity. IACR Cryptol. ePrint Archi. 2018, 46 (2018)

[6] Bowe, S. (2017). BLS12–381: New zk-SNARK elliptic curve construction. Zcash Company blog, URL: https://z. cash/blog/new-snark-curve.