Something interesting about zether
We only look at "confidential" transactions. Confidential transactions hide the amount being transferred but not the identities of the parties involved in the transaction. Zether also allows for "anonymous" transactions (via the use of ring signatures) in which the indentities of the parties involved in the transaction are "hidden."
| Efficiency | |
|---|---|
| Communication complexity | Logarithmic; |
| Reference string size | Linear (needed by Verifier); |
| Setup time | |
| Time to generate transactions | Linear (in bit length of range); |
| Time to verify transactions | Linear (in bit length of range); |
| Transaction size | Logarithmic (in the witness size); concretely, 1472 bytes when optimized to work with Ethereum |
| Computational resources needed | Minimal (from Bulletproofs: Intel i7-6820HQ, single thread, <100MB memory) |
| Potential for scalability | Via aggregating proofs and batch verification |
| Security | |
|---|---|
| Based on cryptography | Yes—discrete logs |
| Based on hardware | No! |
| ZKP | Bulletproofs and Sigma protcols (Sigma-Bullets) |
| Security proofs/analysis | Yes—rigorous! |
| Non-standard assumptions | Potentially random oracle |
| Post-quantum | No |
| Trusted setup | No! |
| Flexibility | |
|---|---|
| Universal reference string | Yes! |
| Support of arbitrary computation | No—additive relations only |
| Support of stateful computation | Yes! |
| Suggested applications | Sealed-bid auctions, stake voting |
| Trust Level | |
|---|---|
| Trusted setup | No! |
| Any other process req. trust | No! |