Home Coins Zcash (ZEC) Explaining Halo 2 - Electric Coin Company

Explaining Halo 2 – Electric Coin Company


Last year, our team announced a collection of discoveries and research milestones as part of our Scalability 2021 mission for Zcash. Our primary result was Halo, a new zk-SNARK that was finally capable of solving two outstanding issues in Zcash: removing the trusted setup while hitting performance targets and supporting a scalable architecture for private digital payments.

Our announcement came as a flurry of other discoveries were also published. By incorporating some of those ideas into Halo, we are able to achieve even more impressive performance gains. The next iteration of our work, which we call Halo 2, is a high-performance zk-SNARK implementation — written in Rust — which eliminates the need for a trusted setup while setting the stage for scalability in Zcash. Our goal is to build a robust and secure implementation that the Zcash community can feel confident adopting in the protocol.

Polynomial IOPs and the Inner Product Argument

Last year, I co-authored a paper titled Sonic, where we introduced a new zk-SNARK protocol with some attractive new features. One of our accomplishments was to build our protocol based on two separable components: a “polynomial commitment scheme” and what is now known as a “Polynomial IOP,” which uses a polynomial commitment scheme to create zero-knowledge proofs for arbitrary computations.

There are a few polynomial commitment schemes described in the literature. The most efficient of them requires a trusted setup and was the focus of Sonic. However, a folklore technique for building a polynomial commitment scheme based on the inner product argument — famously used in Bulletproofs — did not require a trusted setup and had relatively small proof sizes, at the cost of poor verification performance.

In our Halo paper, we fully described this polynomial commitment scheme and realized that a special kind of aggregation technique existed in it that had not been spotted before. The technique allows a large number of independently created proofs to be verified nearly as quickly as verifying a single proof. This alone would offer a better alternative to our existing zk-SNARKs used in Zcash, depending on the use case.

Scalability and Recursion

Recursive proof composition allows a single proof to attest to the correctness of practically unlimited other proofs, effectively allowing a large amount of computation (and information) to be compressed. This is an essential component for scalable Zcash, not least because it allows us to horizontally scale the network while still allowing pockets of participants to trust the integrity of the remainder of the network.

Prior to Halo, achieving recursive proof composition required large computational expense and a trusted setup. One of our main discoveries was a technique we called “nested amortization,” which built on the aggregation technique mentioned above. This technique allowed us to achieve recursive composition using the polynomial commitment scheme based on inner product argument, massively improving on performance and avoiding the trusted setup.

Later, a team of scientists proposed a generalization of our approach called an “accumulation scheme” and proved its security. This new formalization exposes how our nested amortization technique actually works; by adding proofs to an object called an “accumulator,” where the proofs reason about the previous state of the accumulator, we can check that all previous proofs were correct (by induction) simply by checking the current state of the accumulator.

Efficient Polynomial IOPs

Halo described a concrete manifestation of recursive proof composition by stripping out the Polynomial IOP that was described in the Sonic paper and replacing the polynomial commitment scheme with one based on the inner product argument. Our discoveries allowed us to achieve recursive proof composition without a trusted setup, but it wasn’t as fast as we would have liked.

In parallel, many other teams were discovering new Polynomial IOPs that were more efficient than Sonic, such as Marlin. The most efficient of these new protocols is PLONK, which grants enormous flexibility in designing efficient implementations based on application-specific needs, essential for making a more efficient version of Halo.

Explaining Halo 2 Electric Coin Company
See full size image

Halo 2 for Zcash

Our goal for Halo 2 is to build something that is up to the community’s standards for inclusion in the Zcash protocol. We will not only incorporate new ideas that have emerged in the last year, but also aggressive optimizations and new tricks that our team discovers along the way, some of which we’re currently working hard to document and publish for the broader community.



Source link

- Advertisement -
Mr Bitcointe
Mr Bitcointehttps://www.bitcointe.com/
“Fact You Need To Know About Cryptocurrency - The first Bitcoin purchase was for pizza.” ― Mohsin Jameel
473FansLike
76FollowersFollow
4,567FollowersFollow
5,261FollowersFollow
1,577FollowersFollow
2,230SubscribersSubscribe
USD - United States Dollar
EUR
1.17
GBP
1.29
CHF
1.09
NOK
0.11
JPY
0.01
CAD
0.75
AUD
0.71

Most Popular

Malaysian billionaire steps down to pursue ‘horse currency’ offering

The founder of Malaysian investment giant Country Heights Holdings is stepping down from his position to focus on issuing a cryptocurrency.According to a...

‘DeFo’ staking enabled for Waves’ Neutrino stablecoins

U.S.-based cryptocurrency exchange Waves.Exchange, which supports the price-stable multi-asset Neutrino protocol, is introducing a way for crypto traders to earn passive income through stablecoin...

Uniswap Captures $2 Billion Locked, Dex Volume Outpaces Second-Largest Centralized Exchange

The decentralized exchange (dex) built on Ethereum, Uniswap has accumulated a whopping $2 billion in total value locked (TVL) this week. Tuesday’s...

‘No coiner’ TikTok star launches finance podcast with Bitcoin bull Pomp

A 21-year-old social media star famous for his TikTok videos is entering the crypto space, guided by Bitcoin bull Anthony ‘Pomp’ Pompliano.Bryce Hall has...
bitcoin
Bitcoin (BTC) $ 10,774.50
ethereum
Ethereum (ETH) $ 356.60
ripple
XRP (XRP) $ 0.241264
tether
Tether (USDT) $ 0.999725
bitcoin-cash
Bitcoin Cash (BCH) $ 228.75
bitcoin-cash-sv
Bitcoin SV (BSV) $ 172.14
litecoin
Litecoin (LTC) $ 45.59
eos
EOS (EOS) $ 2.58
binancecoin
Binance Coin (BNB) $ 28.58
okb
OKB (OKB) $ 6.10
tezos
Tezos (XTZ) $ 2.19
leo-token
LEO Token (LEO) $ 1.26
cardano
Cardano (ADA) $ 0.098994
monero
Monero (XMR) $ 98.86
stellar
Stellar (XLM) $ 0.073123
chainlink
Chainlink (LINK) $ 9.93
huobi-token
Huobi Token (HT) $ 4.60
tron
TRON (TRX) $ 0.026028
usd-coin
USD Coin (USDC) $ 0.998898
dash
Dash (DASH) $ 67.90
neo
NEO (NEO) $ 19.85
iota
IOTA (MIOTA) $ 0.270431
nem
NEM (XEM) $ 0.118187
zcash
Zcash (ZEC) $ 60.45
maker
Maker (MKR) $ 517.81
paxos-standard
Paxos Standard (PAX) $ 0.999688
ethereum-classic
Ethereum Classic (ETC) $ 5.40
vechain
VeChain (VET) $ 0.012884
true-usd
TrueUSD (TUSD) $ 0.999044
ftx-token
FTX Token (FTT) $ 3.64
kucoin-shares
KuCoin Shares (KCS) $ 0.880006
waves
Waves (WAVES) $ 2.45