zcash-hackworks
/
design-of-sapling-book
mirror of https://github.com/zcash-hackworks/design-of-sapling-book.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Change language

This commit is contained in:
Sean Bowe 2018-06-18 10:42:10 -06:00
parent 6a615aaf0c
commit e5441ab5e5
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
zerocash/README.md
View File

@ -1,10 +1,9 @@
# Zerocash
Zcash's shielded transactions implement a variant of the Zerocash protocol. Although we made some changes to terminology and fixed some security bugs, the construction centers around three basic principles:
Zcash's shielded transactions implement a variant of the Zerocash protocol. Although we made some changes to terminology and fixed some security bugs, the construction still centers around three basic principles:
1. **Notes** consist of some value and an address that is allowed to spend it.
2. Cryptographic commitments to all notes that are created are placed in an **accumulator** -- in our case, a Merkle tree. This tree is maintained by all full nodes on the network.
3. In order to spend a note, you reveal a **nullifier** that is bound to the note. The nullifier doesn't reveal which note you are spending. The list of previously revealed nullifiers is maintained by all nodes, and a transaction that attempts to reveal a nullifier twice is rejected as a double-spending transaction.
These are some of the basic principles underlying many private cryptocurrency protocols, including Cryptonote. However, Zcash's shielded transactions use advanced zero-knowledge proofs called **zk-SNARKs**. These proofs allow us to use a large accumulator rather than ring signatures, which scale poorly to large anonymity sets.
In order to support large accumulators like deep Merkle trees -- thereby maximizing privacy -- Zerocash relies on advanced zero-knowledge proofs called **zk-SNARKs**.