Author: Lin Guanhong/The Ghost at my Fingertips

The Denver nuggets: juejin. Cn/user / 178526…



Tencent cloud column:…

Worm hole block chain column:…


  • Before the order
  • Zero knowledge proof
  • The relationship between zero-knowledge proof and ZK-Snark
  • What does ZCash achieve with zK-Snark

PS: My technical book: “Blockchain Ethereum DApp Development Combat” has been published and can be online shopping

Before the order

Zk-snark stands for “zero-knowledge Succinct non-interactive Argument ofKnowledge”. In Chinese, zk-snark is “zero-knowledge Succinct non-interactive Argument ofKnowledge”.

Zk-snark is a demonstration that the theory of “zero-knowledge proof” has been applied in blockchain.

Before ever learn zk – SNARK, no resistance was able to speak a little understand articles are quite rare, I itself is also a man who often write technical articles, writing the most easily fall in the condition of the people is halfway through, the cropped up some words in the article, only oneself know how it is being calculated, but there was no clear. To the reader, they feel confused and unintelligible.

The knowledge section of ZK-SNARK is divided into several parts. Each part, to be honest, relies on the application of mathematical knowledge, which is quite difficult for non-mathematical readers to understand. I’ll break them down into five articles to cover each of them thoroughly. The opening chapter, canto I, is the general term canto.

Zero knowledge proof

Since ZK-SNARK is based on zero-knowledge proof theory, we need to understand zero-knowledge proof first. Zero-knowledge proof was proposed by S.Goldwasser, S.Micali and C. Rucoff in the early 1980s. But it was blockchain’s ZK-SNark that really took off.

Zero-knowledge proof refers to the ability of the prover to convince the verifier that an assertion is true without providing any useful information to the verifier.

There are two roles, prover and verifier, and one point: useful information.

  • certifierProve that you know the answer to a question
  • The verifierVerify that the prover’s answer is correct

Here are two examples to illustrate the zero-knowledge proof.

Example 1The owner of the wallet

A, as the prover, picks up A wallet, and B, as the prover, wants to prove to A that the wallet belongs to him, that is, to prove that the wallet belongs to B. To satisfy the proof of zero knowledge, the following proof requirements should be met:

  1. A can not let B see the wallet, let alone let him see what is in the wallet.
  2. B must provide enough accurate information to prove that the wallet is his or her own.

B At this time:

  1. The color, size and brand of the wallet.
  2. What was in the wallet? Like how much? What documents? What is the certificate information?

After B answers, A verifies that B is the owner of the wallet if B is correct. This means of information verification is zero knowledge proof. B proves that the wallet is its own without directly providing the wallet to A, and it cannot provide the wallet because the wallet is in the hands of the verifier A. A physical wallet represents useful information.

Example 2Ali Baba and the 40 Thieves

This is a very common example of a zero-knowledge proof on the Internet. Ali Baba is A name, hereinafter abbreviated as A, A is the prover, the great thief is the verifier.

“A” knows the spell to open the cave where the treasure is hidden. The robber caught him and made him say the spell. If “A” spoke the spell, he would be killed because he had no use for it. If A does not speak, the robber will not believe that he really has the spell and will kill him. If you raise your right hand, I will cast A spell to open the stone gate. If YOU raise your left hand, I will cast A spell to close the stone gate. If I cannot do it or escape, you will shoot me with your bows and arrows.”

That way, “A” will be far enough away from the thief to say the spell and open the stone door, and the thief won’t hear what the spell is, “A.” What the thief saw was true, and the gate was indeed opened, proving that “A” had the spell. This process A does not directly reveal the bandit spell, which is useful information.

There is also the case of Sudoku. Interested readers can do their own browser search. This kind of proof is somewhat similar to indirect proof in mathematics.

The relationship between zero-knowledge proof and ZK-Snark

Zero knowledge proof, I believe through the above two examples, you can understand. If you still don’t understand, I think you can come back and read my article later. I don’t recommend reading any more now.

If you can do a zero-knowledge proof directly in life, using words and actions, it’s easy to do. Just like the wallet example, we get together, we talk, we get it done.

However, from the point of view of the computer, how to convert the problem into the form of a program, so that the computer to help us complete the zero-knowledge proof? This requires us to transform the actual zero-knowledge proof problems into mathematical description forms, so that we can use computer programs to express.

Zk-snark is a theory that aims to transform the practical zero-knowledge proof problem into a computer program problem. The full term “zero knowledge Succinct non-interactive ARgument of knowledge” can be divided into the following points to understand:

  • Zero knowledge means not giving away any useful information.
  • Succinct refers to the fact that the computer program is validated in a way that does not involve large amounts of data transfer and ensures the simplicity of the validation algorithm.
  • Non-interactive: There is no interaction.interactionIt’s an abstract noun, and I’m going to explain it here. For example, an interactive program is one where you give it a command and it gives you a corresponding message, whereas a non-interactive program is one where you give it a command and it executes if it’s correct and it doesn’t execute if it’s wrong, and it doesn’t give you an error message. sozk-SNARKThere is no interaction between thecertifierAfter submitting proof, errorThe verifierIs not going to reveal what the misinformation is.
  • Arguments B.zk-SNARKThere is a dispute of being attacked, and that dispute is only and only if the prover owns itEnough computing powerBy forgingevidenceTo fool the verifier, it exists.Enough computing power, it is enough to break the encryption of the public key, so it can be said that the probability is extremely low.

At present, ZCash, the public chain of blockchain, applies the theory of ZK-SNARK.

ZCashusezk-SNARKWhat was achieved

At present, some famous blockchain public chains, such as BTC and ETH transactions, after successful transactions, we go to the blockchain browser or call the corresponding RPC interface to check the corresponding transaction records. Can be seen to include but not limited to the following data:

  • Address of the transaction sender
  • Transaction receiver address
  • Transaction value

Although said, alone a display the address of a string of Numbers and letters, for example: 0 xd224ca0c819e8e97ba0136b3b95ceff503b79f53 also played a very good effect on anonymous, because as an observer, we don’t know who is the one with the address, is male or female.

The pursuit of absolute extreme, then can the above data also hidden, to achieve the effect of all data anonymous? The ZCash public chain, which uses the zK-Snark principle, does just that.

ZCash has an anonymous trading system that supports several types of transactions, one of which is the ability to hide the addresses and transaction values of both parties. This is complete hiding, as opposed to the fact that the data is still stored in ZCash’s node database and not shown outwardly. It’s that the nodes don’t even know what the transaction is. It can be said that in some applications with high requirements for privacy, the data hiding brought by zero knowledge proof is very high.

ZCash uses ZK-snark for transactions between hidden addresses. In the second article, I’ll focus on ZCash trading between hidden addresses.

Chapter two: detailed explanation: zero knowledge proof of ZCash complete anonymous transaction process