Zk-snarks on account model?

Ethereum Metropolis integrated zk-snakrs. Does it mean Ethereum toghther with Zcash implemented zk-snark on account model? Is there any technicality paper?

No, there’s no integration of zk-SNARKs with the base protocol at all in Ethereum at the moment. In fact the Byzantium hard fork only implemented basic support for the pairing operation that can be used to implement zk-SNARK verification – if you’re a cryptographer and understand the PGHR13 protocol (or Groth16 if you want to experiment).

Don’t try to implement zk-SNARK-based protocols using what is currently in Ethereum if you’re not an experienced cryptographer. You’ll get it wrong. Actually, there’s significant risk of getting it wrong even if you are an experienced cryptographer – pay particular attention to verifying that proof elements are in the correct subgroup and are correctly decompressed. I don’t even know whether Byzantium has the primitives needed to do that at feasible gas cost.


Note that the work with J P Morgan, which is on their Ethereum-based Quorum system, does implement shielded transfers in an account-based model (as a proof-of-concept; this code is not production ready). Documentation and source links for that are here: https://z.cash/quorum

Thanks a lot for your interpretation.
So, in fact, as of now, shielded transfer in account model is still a concept and has not been practised on any blockchain.

1 Like

Well, the implementation on Quorum works; I’ve seen it demoed. It’s just not been practiced on any public blockchain.

Can that same technology used for JPM be duplicated and then resold to other financial institutions, or is that prevented due to it being JPM’s exclusive system?

One of the conditions of the JPMorgan cooperation is that the code is open source: ZSL · ConsenSys/quorum Wiki · GitHub