Monero Considers Implementing zk-STARKs
Monero is one of the most privacy-centric cryptocurrency currently being used, and its developers are continually researching ways to make the cryptocurrency even more private and secure. Originally launched in April 2014 as BitMonero, the project quickly shortened the name simply to Monero, which means Coin in Esperanto. Monero is based on the CryptoNote protocol and uses ring signatures for increased privacy. In January 2017, the developers of Monero implemented confidential transactions, which was developed by Bitcoin Core developer Gregory Maxwell. With Ring CT (Confidential Transactions) enabled, the amount of Monero being exchanged in transactions was finally able to be hidden.
Another privacy-centric cryptocurrency known as Zcash utilizes zero knowledge proofs to verify transactions without compromising privacy. Zcash evolved from the Zerocoin Project. It was first released on October 28, 2016. The Zcash system uses zero knowledge Succinct Non-interactive ARgument of Knowledge, or zk-SNARKs. However, it should be noted that there are two types of Zcash addresses, there are transparent addresses, which are not private and are similar to bitcoin transactions, and there are shielded addresses, known as z addresses, which also use zk-SNARks. Unfortunately, a trusted setup is required in order for Zcash’s zk-SNARKs. With zk-SNARKs, the creators of Zcash had to generate a master private key. Users of Zcash must trust that the developers of Zcash are not lying when they say that they have destroyed the key.
The zk-SNARKs protocol was developed from the cryptographic concept of zero knowledge proofs which were first described by cryptography researchers in the 1980s. Now a new variation of zk-SNARKs may solve the trusted setup problem, as well as making the technology cheaper, faster, more secure, and more scalable. The new technology known as zk-STARKs would allow cryptocurrencies to implement the concept of zero knowledge proofs without needing a trusted setup. The new zk-STARKs technology was first discussed during a presentation at a Silicon Valley Ethereum meetup in January this year. The presentation was given by Zcash developer and a professor at Technion – Israel Institute of Technology, Eli Ben Sasson. For a while Ethereum had considered implementing zero knowledge proofs into their cryptocurrency. “Hiding information is very easy using encryption. The hard part is proving and maintaining integrity under the veil of encryption,” Eli Ben Sasson said during his presentation on zk-STARKs at the Ethereum meetup in Silicon Valley.
Zcash held an elaborate ceremony with participants in six locations around the world to generate and destroy its master private key that was needed to start the Zcash blockchain. “There’s going to be a huge incentive for governments and central organizations to try a put their hands on this key that will allow them to write a cheque for any amount … with increased value there is increased incentive to attack,” Eli Ben Sasson said during his presentation. With zk-STARKs, there would be no such master private key. The zk-STARKs protocol does not rely on public key cryptography, but instead utilizes a hashing algorithm such as SHA2. Using less complicated cryptographic assumptions, zk-STARKs can increase security and efficiency.
While Monero’s lead developer, Riccardo Spagni, has criticized Zcash in the past, calling it a “complete security farce,” this new system of implementing zero knowledge proofs may avoid some of the serious issues that Zcash’s current zk-SNARKs system has. Spagni told CoinDesk that Monero will integrate zk-STARKs “if and when it’s usable.” Monero and Ethereum would benefit from waiting for the new zk-STARKs technology to mature, thus avoiding the trusted setup problems created by zk-SNARKs. Monero’s current privacy features seem to have been demonstrated when the United States government busted Alexandre Cazes, and court documents revealed that the government could not determine the number of Monero coins Cazes held in his wallet. However, prosecutors did list the number of Zcash coins in his wallet. Adding zero knowledge proofs would only make Monero even more private and secure.