🦈 SNARK Bites — Issue No. 51

📰 News

This week, cryptography researchers from Microsoft published a paper detailing a method for generating efficient zk-SNARK proofs without a trusted setup. If you're a normal person, your reaction to that news might be something along the lines of, "That's great! But what does it...mean?". Fair enough! A quick review of what zk-SNARKs are all about is in order, so we can discuss why this latest breakthrough might end up being important. Link.

To greatly oversimplify a complex and deeply technical topic, zk-SNARKs are a mind bending form of bleeding edge cryptography which allow you to prove something about data without actually revealing it. The key insight is that data that is encrypted still has an underlying structure, even if that structure can't be decoded into plaintext without a key. With zk-SNARKs, it's possible to do math on the encrypted data-- because of its internal structure-- while it's still encrypted. To date, the highest profile use of this technology in a cryptocurrency has been Zcash. The network uses zk-SNARKs natively to enable completely private transactions in a trust-free manner. Link.

It turns out, though, that you have to put a small asterisk next to "trust-free". That's because, until now, generating zk-SNARK proofs has always required a trusted setup. Namely, some initial parameters need to derived from what can be thought of as a global private-key. Anyone who possessed that key would be able to generate fraudulent proofs with the parameters derived from them. To work around this issue, Zcash utilized an elaborate setup ceremony, one that involved six participants who each generated, and later destroyed, a portion of that global private key. As long as one of the six was honest, the full key could never be recovered, and Zcash's parameters could be used without fear of fraudulent proofs. With this latest breakthrough from Microsoft's researchers, it may become feasible to generate truly trust-free zero-knowledge proofs, without taking such inordinate measures. Link.

The implications of this may be especially meaningful, because zk-SNARKs may end up being useful in many cryptocurrency networks beyond Zcash. One example is Aztec Protocol, a smart contract implementation of zk-SNARKs for Ethereum that enables developers to create private ERC20 tokens. A version of Aztec Protocol, which relies on an initial trusted setup, is already live on the Ethereum mainnet. Link.

One last potential application of zk-SNARKs that's worth a mention is called zk-Rollups. This is an idea that was proposed recently by Ethereum creator Vitalik Buterin, and has already seen a proof-of-concept implementation. The scheme can be thought of as something like a Layer 1.5 scaling solution. Like other Layer 2 solutions, zk-Rollups relies on a relayer network that sits above the main network to process signed transactions from many users. Relayers are paid a small fee for their service, and subsequently publish proofs to the blockchain for batches of transactions they received. Unlike a traditional Layer 2, such as Plasma, the relayers also publish the transactions themselves, but strip them of their large and costly signature data. Instead, a single zk-SNARK proof is used to demonstrate that all the transactions were signed by the appropriate public keys. The end result isn't a private system, but rather one with greater throughput. A zk-Rollup solution on top of Ethereum could handle a theoretical 500 transactions per second. Link.

I don't have much commentary to add to this week's news, other than to say I find it exciting. Zero-knowlege proofs are a powerful tool in our toolbelt as we're building a more decentralized, privacy centric world. It's exciting to see this technology progressing and being experimented with in varied use cases. Onward!

📊 Statistics

$3.29. The average network fee, in USD, of a Bitcoin transaction at the time of this writing. That's up from $0.27 a month earlier. While some see network fees as nothing but bad news, it's actually a good sign as well, in that it implies demand for BTC transactions is rising. Also, developing a healthy fee market is critical for Bitcoin's security in the long run as the mining reward decreases. More than perhaps any other metric, on chain fee volume demonstrates the utility users see in the network. Link.