Halo: Recursive Proof Composition without a Trusted Setup

Sean Bowe, an engineer and cryptographer at Electric Coin Company (ECC), has discovered a technique for creating practical, scalable and […]

Halo: Recursive Proof Composition without a Trusted Setup

Reducing Shielded Proving Time in Sapling

Since the successful Sapling network upgrade, we have already seen an increased adoption of shielded addresses in the Zcash ecosystem. […]

Reducing Shielded Proving Time in Sapling

Perspectives on Zcash Origins from Tromer

As we approach Zcash’s second birthday, it’s fitting to look back at the origins of this little experiment. And who […]

Perspectives on Zcash Origins from Tromer

Improved zk-SNARK Multi-party Computation Protocol

zk-SNARKs – the zero-knowledge proofs at the core of Zcash – require a parameter generation ceremony to take place for […]

Improved zk-SNARK Multi-party Computation Protocol

Ceremony Audit Results

As a science-focused team, ensuring the security of the Zcash protocol and the users of the network is a natural […]

Ceremony Audit Results

Pay-to-sudoku Revisited

Last year, I created a project called pay-to-sudoku which was the world’s first implementation of a zero-knowledge contingent payment (ZKCP). […]

Pay-to-sudoku Revisited

Explaining SNARKs Part VII: Pairings of Elliptic Curves

<< Part VI In Part VI, we saw an outline of the Pinocchio zk-SNARK. We were missing two things – […]

Explaining SNARKs Part VII: Pairings of Elliptic Curves

Explaining SNARKs Part VI: The Pinocchio Protocol

<< Part V In part V we saw how a statement Alice would like to prove to Bob can be […]

Explaining SNARKs Part VI: The Pinocchio Protocol

Explaining SNARKs Part V: From Computations to Polynomials

<< Part IV In the three previous parts, we developed a certain machinery for dealing with polynomials. In this part, […]

Explaining SNARKs Part V: From Computations to Polynomials

Explaining SNARKs Part IV: How to make Blind Evaluation of Polynomials Verifiable

<< Part III In this part, we build on Part II and III to develop a protocol for verifiable blind […]

Explaining SNARKs Part IV: How to make Blind Evaluation of Polynomials Verifiable

Bellman: zk-SNARKs in Rust

Bellman is a Rust-language library for building zk-SNARKs — small, cheap-to-verify zero-knowledge proofs of arbitrary computations. The goal of bellman […]

Bellman: zk-SNARKs in Rust

Explaining SNARKs Part III: The Knowledge of Coefficient Test and Assumption

<< Part II In Part II, we saw how Alice can blindly evaluate the hiding :math:`E(P(s))` of her polynomial :math:`P` […]

Explaining SNARKs Part III: The Knowledge of Coefficient Test and Assumption