-
sethsimmons
Where in the Monero protocol are ZKPs used? It’s the range proofs, correct?
-
Inge-
That is my understanding
-
sethsimmons
Thanks, I was like 95% sure but couldn’t find a source
-
sethsimmons
Someone’s throwing the “ZKPs ARE THE FUTURE” at me and I wanted to remind them that Monero used ZKPs already and the term is vague and doesn’t refer to any whole privacy protocol 😜
-
Inge-
Yeah since what, april 2017 or something like that
-
needmoney90
Yeah bulletproofs are a zkp
-
Inge-
sarang is regularly frustrated by peoples understanding of zkp's
-
needmoney90
Colloquially though, zkp doesn't refer to our usage
-
Inge-
still, monero protocol uses zero-knowledge proofs to prove that you are spending the correct number of coins - without revealing the number of coins to anyone else.
-
» Inge- looks over his shoulder, on the lookout for MRL researchers out to correct him
-
kenshamir[m]
<sethsimmons "Where in the Monero protocol are"> This was also my understanding; that monero uses a zero knowledge range proof. Maybe the guys you were speaking with were referring to Zero Knowledge argument systems like zk-snarks ? You could probably fit most of your transaction checking logic inside of a zk-snark
-
hyc
you could, but it would be larger and slower
-
kenshamir[m]
It wouldn't be possible with Monero currently as IIRC, it uses bulletproofs rangeproofs which is only capable of proving a number is within a certain range without revealing that number
-
hyc
and of course, using zk-snark would require a trusted setup
-
kenshamir[m]
<hyc "you could, but it would be large"> Hmm, I think it depends on your definition of zk-snark. Some have efficient verification procedures and constant or small proofs sizes relative the statement being proven
-
kenshamir[m]
Yeah most require a trusted setup, I think Spartan was the first zk-snark which did not require a trusted setup
-
hyc
if any such were suitable for the use case of "hide sender, receiver, and txn amount" then I imagine zcashwould have already used it.
-
hyc
as it is, they are still larger/slower, so pretty sure it's just not worth considering
-
kenshamir[m]
Yep, they are implementing it right now, we are currently waiting to see what the speed benefits are
-
kenshamir[m]
They gave rough numbers in a live stream on youtube, but I think most are holding out for concrete numbers
-
hyc
yeah, would be foolish to base expectations on a dev prototype
-
kenshamir[m]
-
kenshamir[m]
yeah exactly, hopefully by Q1 we will have better numbers