The Electric Coin Company (ECC) says it discovered a new way to scale blockchains with “recursive proof composition,” a test to verify the entirety of a blockchain in a function. For ECC and zcash, the new project, Halo, can have the key to large-scale privacy.
A privacy coin based on zero knowledge tests, known as zk-SNARK, the current underlying zcash protocol is based on “trusted setups” These mathematical parameters were used twice in the brief history of zcash: after its launch in 2016 and the first major protocol change, Retoño, in 2018.
Zcash masks transitions through zk-SNARK, but creating initial parameters remains a problem. By not destroying the mathematical basis of a transaction, the reliable configuration, the holder can produce counterfeit zcash.
In addition, the elaborate ‘ceremonies‘ to which the Zcash community undergoes to create reliable configurations are costly and a weak point for the entire system. The dependence on reliable configurations with zk-SNARK was well known even before the zcash debut in 2016. While other research failed to close the gap, recurrent tests make reliable configurations a thing of the past, says the ECC.
Speaking to CoinDesk, ECC engineer and Halo inventor Sean Bowe said that the recursive test composition is the result of years of work by him and others, and months of personal frustration. In fact, he almost gave up three times separately.
Bowe began working for ECC after his interest in zk-SNARKs was noticed by the CEO and co-founder of Zcash, Zooko Wilcox, in 2015. After helping launch Zcash and his first significant protocol change with Sapling, Bowe moved on to Full time research with the company.
Before Halo, Bowe worked on a different variant of zk-SNARK, Sonic, which only required a reliable configuration.
For most cypherpunks, that’s too much.
“People who also started thinking since 2008, should be able to have tests that can verify other tests, what we call recursive test composition. This happened in 2014, ”Bowe told CoinDesk.
Proofs, proofs and more proofs
In essence, Bowe and company discovered a new method to prove the validity of masked transactions by compressing computational data to a minimum. As the ECC document says, “tests that are able to verify other instances of themselves.”
Blockchain transactions such as bitcoin and zcash are based on elliptical curves with points on the curve that serve as the basis for public and private keys. Public management can think of the curve: we know what the elliptic curve looks like in general. What we don’t know is where are the private addresses that reside in the curve.
The function of zk-SNARK is to communicate about private addresses and transactions, if there is an address and where it exists on the curve, anonymously.
The secp256k1 elliptic curve, used for bitcoin and ethereum via Hackernoon
Bowe’s work is similar to bulletproof, another zk-SNARK that does not require a reliable configuration. “What you should think about when you think about Halo is like recursive bulletproof,” said Bowe.
From a technical point of view, bulletproof tests are based on the “internal product argument”, which transmits certain information about the curves to each other. Unfortunately, the argument is very expensive and time-consuming compared to your typical zk-SNARK verification.
By testing multiple zk-SNARK with one, a task that was believed impossible until Bowe’s research, computational energy is reduced at a fraction of the cost.
“People have been thinking about bulletproof as well as bulletproof. The problem of the bulletproof verifier is extremely expensive due to the internal argument of the product, ”said Bowe. “I don’t use bullet tests exactly, I use a previous idea on which bullet tests are based.”
In fact, Bowe said that recursive tests mean that he can test the entire bitcoin blockchain in less space than a bitcoin blockhead takes: 80 bytes of data.
The future of zcash
Writing on Twitter, Wilcox said his company is currently studying the implementation of Halo as a Layer 1 solution in zcash.
Layer 1 solutions are implementations in the code base that constitute a blockchain. Most scale solutions, such as Bitcoin Lightning Network, are layer 2 solutions created on the state of a blockchain. The interest of the ECC in converting Halo into a Layer 1 solution speaks of the originality of the discovery, since it will reside alongside the code copied from the Bitcoin creator, Satoshi Nakamoto.
ECC is exploring the use of Halo for Zcash both to eliminate reliable configuration and to scale Zcash in Layer 1 using a nested test composition.
– zooko (@zooko) September 10, 2019
From the first days of the privacy currencies, scaling has been a controversial issue: with so much data needed to mask transactions, how can a global network grow?
Bowe and the ECC claim that recurring evidence solves this dilemma: with just one test needed to verify a complete blockchain, data concerns could be a thing of the past:
“Privacy and scalability are two different concepts, but they come together nicely here. About 5 years ago, academics were working on recursive snarks, a proof that could verify itself or another proof [and even] verify multiple proofs. So, what [recursive proof composition] means is you only need one proof to verify an entire blockchain.”
Undoubtedly, this is not second-year algebra: Bowe told CoinDesk that the test alone took about nine months to join several pieces.
A new node form
Another implication of recursive tests is the amount of data stored in the blockchain. As the entire ledger can be verified in one function, the incorporation of new nodes will be easier than ever, Bowe said.
“You’re going to see blockchains that have much higher capacity because you don’t have to communicate the entire history in one. The state chain still needs to be seen. But if you want to entire the network you don’t need to download the entire blockchain.”
While state chains must still be monitored for basic transaction verification, synchronizing the entire history of a blockchain (more than 400 GB and 200 GB for ethereum and bitcoin respectively) becomes redundancy.
For zcash, Halo means easier hard forks. Without reliable configurations, says ECC Research, “evidence of state changes only needs to refer to the last test, allowing ancient history to be discarded forever.”
When asked where his discovery is located with other advances, Bowe talked about its practicality:
“Where does this stand in the grand scheme of things in cryptocurrency? It’s a cryptographic tool to compress computation… and scale protocols.”
Rubix cube image via Shutterstock