## Halo: Recursive Proof Composition without a Trusted Setup

Sean Bowe, an engineer and cryptographer at Electric Coin Company (ECC), has discovered a technique for creating practical, scalable and

## Perspectives on Zcash Origins from Tromer

As we approach Zcashâ€™s second birthday, itâ€™s fitting to look back at the origins of this little experiment. And who

## Improved zk-SNARK Multi-party Computation Protocol

zk-SNARKs â€“ the zero-knowledge proofs at the core of Zcash â€“ require a parameter generation ceremony to take place for

## Ceremony Audit Results

As a science-focused team, ensuring the security of the Zcash protocol and the users of the network is a natural

## Pay-to-sudoku Revisited

Last year, I created a project called pay-to-sudoku which was the world’s first implementation of a zero-knowledge contingent payment (ZKCP).

## Explaining SNARKs Part VII: Pairings of Elliptic Curves

<< Part VI In Part VI, we saw an outline of the Pinocchio zk-SNARK. We were missing two things –

## Explaining SNARKs Part VI: The Pinocchio Protocol

<< Part V In part V we saw how a statement Alice would like to prove to Bob can be

## Explaining SNARKs Part V: From Computations to Polynomials

<< Part IV In the three previous parts, we developed a certain machinery for dealing with polynomials. In this part,

## Explaining SNARKs Part IV: How to make Blind Evaluation of Polynomials Verifiable

<< Part III In this part, we build on Part II and III to develop a protocol for verifiable blind

## Bellman: zk-SNARKs in Rust

Bellman is a Rust-language library for building zk-SNARKs â€” small, cheap-to-verify zero-knowledge proofs of arbitrary computations. The goal of bellman

## Explaining SNARKs Part III: The Knowledge of Coefficient Test and Assumption

<< Part II In Part II, we saw how Alice can blindly evaluate the hiding :math:`E(P(s))` of her polynomial :math:`P`