Will the existing proving key remain useful with the changes in Sapling?
somebody just posted this on r/cryptocurrency… if you’re on reddit, plz upvote, for great justice
Up voted on reddit. Posted mandatory “to the moon” comment as well
Yes, the new zk-SNARK scheme, the new curve, and changes in the NP statement being proven, all require require a new proving key.
Fortunately, we now have better multiparty computation schemes for generating the proving key, that will make the ceremony easier to run with more participants (while still only requiring that at least one participant is honest and uncompromised). Also, the new proving key will be smaller. These will be discussed in a future blog post.
So there will be a second ceremony ?
Yes, there will be another multiparty computation. Using the randomness accumulator approach (see Large zk-SNARK MPCs · Issue #2247 · zcash/zcash · GitHub), we hope to have more participants than in the first ceremony. How “ceremonial” it will be depends is up to participating nodes, and I hope that many of them will go through the trouble of strong operational-security measures, and thus bolster the confidence in the final result.
Full-node wallets will require an upgrade to understand the new form of shielded transactions. Lightweight wallets that only deal with transparent transactions, and rely on a servers to parse the blockchain (e.g., all mobile wallets today), may be unaffected; but their servers will need to be upgraded.
Will the existing proving key still be needed to make sense of the existing portion of the blockchain?
@Voluntary: the proving key is never needed to parse and verify past transactions, not even today. To verify past transactions you need just the verification key, which is created along with the proving key, but is much smaller (currently 1.5kB).
To use unspent notes (shielded output from past transactions), you do need a proving key. There are several options are under discussion for how to do this in the transition to Sapling (see Decide how spends from old notes or addresses will work after the Sapling circuit upgrade · Issue #2248 · zcash/zcash · GitHub), and most of them do not require the old proving key.