zecfoundation
/
zcon0-workshop-notes
mirror of https://github.com/ZcashFoundation/zcon0-workshop-notes.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zcon0-workshop-notes/Selective Disclosure workshop

14 lines
2.3 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Selective Disclosure
Regulators requires that information is available to them to protect the economy, but tokens users want as much privacy as possible. Selective disclosure is a good compromise, where the user can selectively choose who has access to the users information. There is also no possibility for the user to lie with the information.
Right now, you are able to have a viewing key for z adresses, but it is an all of nothing proposal. There is an encrypted memo field in tx, selective disclosure needs to be able to not reveal the purpose of the transactions.
There is some interesting use cases, like an accredited investors proof, or supply chain proof, where downstream supplier reveal nothing from their supplier.
Initially, you couldnt prove you have sent a tx if from a z adresse to another z adresse. Now, the clients saves enough information to prove afterwards that a transaction has been done. Its a bit like a receipt. To use it now you need to reveil the time, the amount and the recipient. It can be extremely useful to exchanges and mining pool in case of dispute, they are using t adresses right now for this purpose.
If selective disclosures becomes good enough, t adresses could be entierely removed, and achieve the same thing by using z addresse and optionally attaching the disclosure part to the tx. The goal to be always private, but allow selective disclosure to enable layer 2 protocols. The exact implementation of this is still under discusion, becasue the zcash fundation wants to be sure that user are not going to negatively impact their privacy by accident.
You can make a scheme with zSNARK where you can prove to a single person your funds, but no one else can trust it. The receiver would generate a hash of a random number and send the hash to the prover. The prover then makes a proof of his funds are there OR that the random number was provided. Since only the receiver knows the random number and only they know if they have disclose to anyone else, they are the only ones who can beleive the zero knowledge proof. If they release the number, nobody can believe the proof. The scheme requires that there is a preimage to the hash, otherwise the receiver could build a proof that there is no known preimage, and then everybody can trust the proof.
Reference in New Issue View Git Blame Copy Permalink