Zerocash: Decentralized Anonymous Payments from Bitcoin

DOCUMENT UNAVIALABLE: This browser does not support PDFs. Please download the PDF to view it.

by Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza | May 18, 2014


In this paper, the authors describe their concerns about the inherent lack of privacy stemming from Bitcoin's design. Their work (which later led to the creattion of Zcash) provides background on the zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs) cryptographic primative. They go on to describe decentralized anonymous payment (DAP) schemes and their construction. They then discuss concrete instantiation in Zerocash and the integration of Zerocash into existing ledger-based currencies. The paper then describes some experiments conducted with their prototype implementation and suggest some possible optimizations.



In this paper, we construct a full-fledged ledger-based digital currency with strong privacy guarantees. Our results leverage recent advances in zero-knowledge Succinct Non-interactive ARguments of Knowledge (zk-SNARKs). We formulate and construct decentralized anonymous payment schemes (DAP schemes). A DAP scheme lets users pay each other directly and privately: the corresponding transaction hides the payment’s origin, destination, and amount. We provide formal definitions and proofs of the construction’s security. We then build Zerocash, a practical instantiation of our DAP scheme construction. In Zerocash, transactions are less than 1 kB and take under 6 ms to verify — orders of magnitude more efficient than the less-anonymous Zerocoin and competitive with plain Bitcoin.


Date Published Title Page Count
2018-03-19 Zcash Protocol Specification Download 62