$1.00 1.08%
XTZ · 15w

Marc Beunardeau (Tezos Developer) giving insight of zk-SNARKS for Tezos

I am one of the developper working on the integration of some privacy features based on ZKP at Tezos.

Yes there are many trade off in ZKP. I can try to sum up some them and explain our choices.

The first is interactive vs non interactive (ie. the prover and verifier exchange several messages).

In a blockchain context since people can go on and offline, non interactive is much easier to handle, thus we are not looking at any interactive schemes (altough they could theoretically be implemented, every round of communicaiton being in a different block).

Second tradeoff is what is called trusted setup (ie. dishonest generation of the initial parameters could result in the possibility for the dishonest generators to produce false proofs) vs not trusted setup.

However, making a big multi party ceremony offers really good resilience since you can allow a big number of participant (whoever wants to join actually) and if they don't ALL decide to be dishonnest TOGETHER, everything is fine. See for example the Zcash ceremony : https://z.cash/fr/blog/completion-of-the-sapling-mpc/

The other trades offs are verifier complexity, prover complexity and size of the proofs.

For a blockchain context we want to minimize the verifier complexity and size of the proofs, since this is what will be on chain and therefore executed/stored by the whole network (and payed for in gas and tez).

For more see : https://eprint.iacr.org/2019/550.pdf (Page 4 figure 1 contains an interesting summary of the different trade offs.) The one used in Zcash and that we will use in tezos belongs to the first line denoted [GGPR] based (reference [57]).

Now to answer the questions :

Can tezos benefit from having multiple schemas available (some being geared to more security others geared to better performance) ? Yes it can, and most probably will in the future. However this is not an issue of performances vs security, but will probably be...
Continue on tezos.stackexchange.com
Recent news
XTZ +1.08% · twitter.com · 8h

Arthur Breitman on PoW and PoS

An important difference between PoW and PoS is that, in the former, transaction fees accrue to the hashpower of the network, with no corresponding reduction in inflation, whereas in the latter it acru...