### Halo: Recursive Proof Composition without a Trusted Setup

Halo: Recursive Proof Composition without a Trusted Setup

### Reducing Shielded Proving Time in Sapling

Reducing Shielded Proving Time in Sapling

### Perspectives on Zcash Origins from Tromer

As we approach Zcash’s second birthday, it’s fitting to look back at the origins of this little experiment. And who […]

Perspectives on Zcash Origins from Tromer

### Improved zk-SNARK Multi-party Computation Protocol

zk-SNARKs – the zero-knowledge proofs at the core of Zcash – require a parameter generation ceremony to take place for […]

Improved zk-SNARK Multi-party Computation Protocol

### Ceremony Audit Results

As a science-focused team, ensuring the security of the Zcash protocol and the users of the network is a natural […]

Ceremony Audit Results

### Pay-to-sudoku Revisited

Last year, I created a project called pay-to-sudoku which was the world’s first implementation of a zero-knowledge contingent payment (ZKCP). […]

Pay-to-sudoku Revisited

### Explaining SNARKs Part VII: Pairings of Elliptic Curves

<< Part VI In Part VI, we saw an outline of the Pinocchio zk-SNARK. We were missing two things – […]

Explaining SNARKs Part VII: Pairings of Elliptic Curves

### Explaining SNARKs Part VI: The Pinocchio Protocol

<< Part V In part V we saw how a statement Alice would like to prove to Bob can be […]

Explaining SNARKs Part VI: The Pinocchio Protocol

### Explaining SNARKs Part V: From Computations to Polynomials

<< Part IV In the three previous parts, we developed a certain machinery for dealing with polynomials. In this part, […]

Explaining SNARKs Part V: From Computations to Polynomials

### Explaining SNARKs Part IV: How to make Blind Evaluation of Polynomials Verifiable

<< Part III In this part, we build on Part II and III to develop a protocol for verifiable blind […]

Explaining SNARKs Part IV: How to make Blind Evaluation of Polynomials Verifiable

### Bellman: zk-SNARKs in Rust

Bellman is a Rust-language library for building zk-SNARKs — small, cheap-to-verify zero-knowledge proofs of arbitrary computations. The goal of bellman […]

Bellman: zk-SNARKs in Rust

### Explaining SNARKs Part III: The Knowledge of Coefficient Test and Assumption

<< Part II In Part II, we saw how Alice can blindly evaluate the hiding :math:E(P(s)) of her polynomial :math:P […]

Explaining SNARKs Part III: The Knowledge of Coefficient Test and Assumption