How Could ZK-Starks make ZCash Truly Private
Many Cryptographers are in search of the Holy Grail of privacy. They are looking for a method of sending crypto currency that is truly private and trust less. This is of course easier said than done.
There are two competing technologies and cryptocurrencies that try to achieve these means. They are Monero and ZCash. Monero makes use of technology called Ring Confidential signatures (Ring CTs). Z-Cash, on the other hand uses something called zk-snarks.
However, there is now a new item on the roadmap to anonymous transactions and that is zk-starks. These are being heralded as a trust less solution to an issue that has long been a problem for truly private blockchains.
Before we can take a look at how zk-starks could theoretically look, we have to get a better understanding of the current technology, zk-snarks.
An Overview of ZK-snarks
Zk-snarks are a culmination of many years research which was first theorised in the 1980s. The full name for zk-snarks is zero knowledge proofs. A simple explanation of how they work is that they try to confirm whether a statement is true or false merely be receiving a simple true or false statement. They were first implemented effectively with the Zcash cryptocurrency.
Although this was indeed an important step for the technology there were some issues that arose as a result of the implementation with ZCash. There was a security audit that was conducted on Zcash which found that there wasn't absolute certainty that the cryptocurrency technology was not compromised in some way.
Although the team at Z cash is continuing to audit their blockchain and monitor the performance, there are many who claim that this can never really bring full certainty in the technology. Yet, if they do manage to assuage fears and prove that Z-Cash is 100% reliable and safe then they are certain to get much more adoption globally. Completely private transactions are a panacea for many cryptophiles.
Not only will it mean that ZCash could be the cryptocurrency that is automatically associated with privacy but it will mean that zk-snarks will be used in many other applications. Already organisations such as R3 and other cryptocurrencies such as Ethereum have started to experiment with the technology.
The Current State of Zk-starks
Despite the promise of zk-stark technology, it still appears to be in its infancy. There is little known about the state of the prospective technology short of a presentation at an Ethereum meetup in January. The team working on the code have so far only release one portion of it called the FSA algorithm.
Someone who is passionately working on improving Zk-snarks is a professor by the name of Eli Ben-Sason. Eli, who teaches at the Technion Institute of Technology in Israel, said he was a big believe in zero knowledge proofs. A seasoned veteran in the field, he has been working on the technology for over 15 years. Despite this, he acknowledges the challenges with developing them.
He admits that hiding information with encryption is relatively simple but proving and maintaining the integrity is indeed the hard part. Organisations should not use the technology for valuable or sensitive information currently.
How They Could Change Zk Proofs
The main hope for zk-starks is that they could overcome the "master key" that is often required on zero knowledge blockchains.
One of the questions that remain unanswered for Zcash are where this master key is. It has been claimed that it was destroyed yet the prospect that it remains and exists somewhere is disconcerting. When a malicious actor has the master key, they could forge payments and destroy any sort of integrity that remained on the Zcash network.
Moreover, in order for the master key to be destroyed properly, a "trusted setup" is required. Yet, setting up this sort of a trusted co-ordination is itself also complicated. There can be no witnesses to the ceremony as this could enable them to recreate the key.
Although the Z-Cash network went to great lengths to make sure that their ceremony in the trusted setup was not compromised, no one can confirm with absolute certainty. Mr Ben-Sasson went on to say
There's going to be a huge incentive for governments and central organizations to try a put their hands on this key that will allow them to write a cheque for any amount … with increased value there is increased incentive to attack.
What sets zk-starks greatly apart is that they do not have to rely on public key cryptography. They merely need a simple algorithm in order to function.
While zk-starks rely on a single algorithm to work, zk-snarks require a whole cluster of them. Hence, the calculation time can be drastically reduced with zk-starks. For example, a zk-snark takes approximately 28 minutes to complete and requires almost 20gb. Zk-starks, by contrast, only require fractions of seconds with a mere 1.2mb of storage required.
Possible Adoption by Monero
While the Monero community and users are currently quite happy with the effectiveness of the Ring CT technology to obfuscate the transactions, there is place for possible adoption of zk-starks.
The Monero team has considered zk-snark transactions on side chains that would drastically improve privacy. Yet, there is still the need for the trusted setup which the development team is still sceptical of. According to Ricardo Spagni, lead developer at Monero
zcash is a complete security farce
However, he would be open to collaboration with the zcash team on zk-starks as he sees them as preferable. Indeed, a combination of the brightest minds in privacy conscious cryptocurrency could greatly refine the nascent technology.
There is also interest from other cryptocurrencies that would be interested in the zk-stark technology. If Ethereum is to roll out zk-snarks as planned in the Metropolis upgrade then they will also have to deal with the trusted setup. They will have to run a security ceremony in order to get rid of the public key which could have similar doubts as those that surround Zcash.
Featured Image via Fotolia
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.