by Evan Sixtin
Zcash developers have made a significant breakthrough in the mathematical development of the proving systems for the shielded addresses that fuel Zcash by introducing a new variation of elliptic curve cryptography which is more efficient and speeds up the hashing process tremendously. This new development will be included with other substantial improvements to Zcash in the Sapling upgrade, and if successful, could be the foundation for a new era of cryptography and may lead to the advancement of all cryptocurrency technologies.
Elliptical curve cryptography (ECC), is seen as the next generation of cryptography and is rapidly taking the place of older public key cryptography methods such as RSA. Zcash’s new secret weapon, named “Jubjub” (possibly after the fictional bird in Lewis Carroll’s poem, “The Hunting of the Snark”) is an embedded elliptical curve built over Zcash’s brand new BLS12-381 curve. The design was made possible by some special mathematical techniques which utilize a twisted Edward’s curve. “In mathematics, the Edwards curves are a family of elliptic curves studied by Harold Edwards in 2007.”
“Currently, Zcash relies on the SHA256 compression function as a collision resistant hash function (for the accumulator), for a MAC scheme to prevent malleability, for PRFs, and for commitment schemes. SHA256 consists mostly of boolean operations, so it is not efficient to evaluate inside of a zk-SNARK circuit, which is an arithmetic circuit over a large prime field. Each invocation of SHA256 currently adds tens of thousands of multiplication gates, making it the primary cost during proving.”
By rethinking the mathematical process by which a collision-resistant hash (CRH) is proved with elliptic curve cryptography (ECC) inside a zk-SNARKs circuit, the Zcash team has been able to markedly reduce the time needed to generate encryption.
“Now that we have fast ECC in the circuit, we can use Pedersen commitments for our notes rather than SHA256. We can also change our addresses to be fully asymmetric, making them smaller and more flexible.”
It is estimated that the BLS12-381 curve with Jubjub embedded over it will achieve an 80 percent reduction of proving time, and a 98 percent reduction in memory usage. This will “lower the cost” of ECC processes, making them much more efficient without any sacrifice to security, and allow Zcash shielded addresses to be used on mobile platforms.
Zcash launched on October 28, 2016, with a focus on stabilization and incremental improvement. So far, the Zcash network has experienced zero downtime, and no security breaches. Zcash lists their main priorities as; 1) Security & reliability and 2) Iterative improvement. As the network evolves and is upgraded from version Sprout to version Sapling, several innovations such as payment disclosure, payment off-loading, cross-chain atomic transactions, and user-issued tokens will be added, possibly including Blind Off-chain Lightweight Transactions (BOLT), the privacy-focused “cousin” of the Lightning network.
These significant performance improvements to zk-SNARKs were made by Sean Bowe, Matthew Green, and Ian Miers. The improvements are being published as open source, free of patents, and for the broader crypto community.