An Update on Integrating Zcash on Ethereum (ZoE)

Integrating Zcash on Ethereum: A Breakthrough in Programmability and Privacy

The Ethereum and Zcash teams have been working together to integrate the programmability of Ethereum with the privacy features of Zcash. This collaboration has led to a proof of concept implementation of a zk-SNARK verifier written in Solidity, which enables the verification of privacy-preserving Zcash transactions on the Ethereum blockchain.

The Power of Programmability and Privacy

Ethereum's flexible smart contract interface enables a wide range of applications, from voting systems to auction platforms. However, these applications often require a level of privacy that is not currently available on the Ethereum blockchain. This is where Zcash comes in, with its focus on privacy and security. By integrating Zcash on Ethereum, we can create a platform that offers both programmability and privacy.

The Zcash/Ethereum Technical Collaboration

The Zcash/Ethereum technical collaboration has been a key part of this integration process. Ariel Gabizon from Zcash visited Christian Reitwiessner from the Ethereum hub at Berlin to discuss the integration of zk-SNARKs into the Ethereum blockchain. This visit led to the development of a proof of concept implementation of a zk-SNARK verifier written in Solidity.

The Proof of Concept Implementation

The proof of concept implementation of the zk-SNARK verifier written in Solidity is a significant breakthrough in the integration of Zcash on Ethereum. This implementation enables the verification of privacy-preserving Zcash transactions on the Ethereum blockchain, which is a major step towards creating a platform that offers both programmability and privacy.

The Verification Process

The verification process of the zk-SNARK verifier written in Solidity involves several steps. First, the verifier checks that the inputs to the zk-SNARK are valid. Then, the verifier checks that the zk-SNARK is correctly formatted and that it contains the necessary information to verify the transaction. Finally, the verifier checks that the zk-SNARK is correctly signed and that it is valid.

The Gas Costs

The gas costs of using the zk-SNARK verifier written in Solidity are relatively low. The verification process takes only 42 milliseconds, which is a significant improvement over the previous implementation. This makes the use of zk-SNARKs on the Ethereum blockchain more practical and efficient.

Deciding What Precompiled Contracts to Define

One of the key challenges in integrating Zcash on Ethereum is deciding what precompiled contracts to define. Precompiled contracts are contracts that are compiled and executed on the Ethereum blockchain, but they are not stored on the blockchain. Instead, they are stored on a separate server and are accessed through a network connection.

The Security Level of the SNARK

The security level of the SNARK corresponds to the parameters of the curve. Roughly, the larger the curve order is, and the larger something called the embedding degree is, and the more secure the SNARK based on this curve is. On the other hand, the larger these quantities are, naturally the more costly the operations on the corresponding curve are.

Assigning Gas Cost to the Operation

Assigning gas cost to the operation is a complex task. You must assess, merely from the description of the curve, and with no access to a specific implementation, how expensive a group operation on that curve would be in the worst case.

Implementing Contracts for Specific Curves

We learned a lot from this debate, but ultimately, decided to "keep it simple" for this proof of concept: we chose to implement contracts for the specific curve currently used by Zcash. We did this by using wrappers of the corresponding functions in the libsnark library, which is also used by Zcash.

Reusing the Zcash Setup for New Anonymous Tokens and Other Applications

The good news is that someone desiring to issue a token supporting privacy-preserving transactions can simply reuse the public parameters that have already been securely generated by Zcash. It can be reused because the circuit used to verify privacy-preserving transactions is not inherently tied to one currency or blockchain.

Other Applications

A non-token-based system that is fairly simple to build and allows for “selective disclosure” follows. You can, for example, post an encrypted message in regular intervals, containing your physical location to the blockchain (perhaps with other people’s signatures to prevent spoofing). If you use a different key for each message, you can reveal your location only at a certain time by publishing the key.

The Work Ahead

Achieving the mentioned functionalities - creating anonymous tokens and verifying Zcash transactions on the Ethereum blockchain, will require implementing other elements used by Zcash in Solidity. For the first functionality, we must have an implementation of tasks performed by nodes on the Zcash network such as updating the note commitment tree.

Conclusion

The integration of Zcash on Ethereum is a significant breakthrough in programmability and privacy. The proof of concept implementation of the zk-SNARK verifier written in Solidity is a major step towards creating a platform that offers both programmability and privacy. The verification process is efficient and the gas costs are relatively low. The work ahead will require implementing other elements used by Zcash in Solidity, but the potential benefits are significant.

Source: https://blog.ethereum.org/en/2017/01/19/update-integrating-zcash-ethereum