The Railgun project (https://twitter.com/railgun_project) just did a soft launch release of their application, it allows you to make fully shielded transactions on Ethereum. There is still a fair bit of testing to do so be careful. I have used it myself with no issues so far and its really cool… This could be game changer for DeFi. We now have the ability to shield ANY ERC-20 token on layer 1. Unlike competitors such as Tornado Cash that have high gas fees and require the user to deposit in set amounts, Railgun is cheaper and allows users to shield any amount of coin they would like.
They will be integrating with Matcha in the coming months, and have much more planned. Here is their current roadmap:
Yes dYdX is using zk starks but not for privacy…more for scalability/efficiency. I believe everything you do there is public…
“StarkWare zkSTARKS technology is a form of ZK-Rollup technology that significantly increases dYdX’s trade settlement capacity, while still basing its security on the underlying Ethereum blockchain. It combines STARK proofs for data integrity with on-chain data availability to ensure a fully non-custodial protocol. Trades are settled on a Layer 2 system, which publishes Zero-Knowledge Proofs periodically to an Ethereum smart contract in order to prove that state transitions within Layer 2 are valid.”
thanks for explaining! Do you know if the zcash developers have ever discussed use of zk-starks or why they chose zk-snarks over it? I’ve been looking for info on it and came across a small thread or two on starkware when it was initially funded by ECC, but not much info since
The principal problem with zk-STARKs is that their proof sizes are orders of magnitude larger than zk-SNARKs. That is a big problem on a blockchain, where scalability is already a major issue. Imagine if the Zcash mainnet with moderate use suddenly were to blow up to terabytes, and nodes needed large amounts of bandwidth simply to gossip txes and blocks!
L2 rollups on Ethereum amortize the cost of zk-STARKs across numerous transactions. That is, after all, the purpose of a rollup: A single transaction on L1 proves the validation of many transactions on L2.
In Zcash, each and every shielded transaction needs to pay that cost. zk-SNARKs have tiny proofs; and both proving and verifying are very CPU- and memory-efficient with Halo2.
An historical note: In 2013, the original Zerocoin proposal for Bitcoin needed impractically large proofs, albeit (IIRC) not as big as zk-STARKs. It used an earlier generation of RSA-based ZK proof technology—neither SNARKs nor STARKs. Zerocoin for Bitcoin was superceded by the Zerocash altcoin concept, with zk-SNARKs. Zerocash evolved into Zcash.
It goes to show how important proof sizes are in practice: zk-SNARKs were what made zero-knowledge privacy realistic for implementation and widespread usage.
So as for the present, and the immediate future. As technology advances, I do dream of someday seeing more practical usage of a proof system where both soundness and zero-knowledgeness reduce to the security of a hash.