Proposals for integrating ZK-Snarks

[ch4ot1c]

Proposals for integrating ZK-Snarks into Electrum ~

1. Full -

Wrap libsnark (c++) in some way so we can use it from the Electrum client code (python). This will allow us to generate and broadcast shielded transactions, both within the Electrum client. https://github.com/pybind/pybind11 http://pybind11.readthedocs.io/en/master/basics.html Boost.Python and this (PyBind11) are my 2 best results from research. Pybind11 looks better.

We are attempting to write high-assurance code so tests will be needed to ensure we do it right - but this binding will let us avoid doing 'translations' from c++ to python - that's high assurance.

In terms of implementation: https://github.com/scipr-lab/libsnark and the even more low-level: https://github.com/scipr-lab/libff need to generally replace: https://github.com/BTCP-community/electrum-zcl/blob/master/lib/bitcoin.py#L739 https://github.com/BTCP-community/electrum-zcl/blob/master/lib/bitcoin.py#L885 and more. Defining which functions to swap is a significant part of the research.

Helpful libsnark tutorial: https://github.com/howardwu/libsnark-tutorial

2. Not fully 'lite' but legitimate -

First, we need to test and verify (on any node) that 1) can we configure zcashd to run with wallet support and 2) confirm z_* send methods and their shielded txn generation steps are both working on it. We should select the latest (linux) release of zcashd, and make a shell script to fetch, build, and install it during Electrum installation. From there, as @csulmone proposed, we can use it as an unplugged-but-specialized generator for all things shielded. (At the end of this dev cycle we will also build zcashd for all platforms ofc)

We can begin one or both of these routes, as development progress is becoming urgent. I have received guidance that option 2 is preferred if it proves significantly faster or easier - I think the first is worth a try though.

[nxsofsys]

There is problem with building libsnark for windows - only cygwin build available, and it may be problematic to use python bindings with python, which built with MS Visual Studio.

I prefer libff at this moment. Instead of python bindings there may cython used.

[ch4ot1c]

Transparent addresses are now sending and receiving funds. Some enhancements need to be made to wallet management, but we are now at a reasonable point to begin working on this item.

[thomasuno]

Is someone working on this @ch4ot1c ? I have a developer that could work on 1. Full but he wants a bounty. Thomas

[ch4ot1c]

@thomasuno we have a team of around 5 working on it. He's welcome to join and there is a bounty, his contributions can entitle him to a split

[ch4ot1c]

Please see the wiki for our followup notes: https://github.com/BTCP-community/electrum-zcl/wiki

[tazeat]

With less than a week until the BTCP fork, will shielded z addresses be supported before the fork?

Without this support, no one can claim their BTCP if it is currently in a shielded wallet as far as I can tell as this is the only officially supported wallet so far for BTCP (and this function is necessary for the "Private" part of the coin name to make any sense). If the feature is not to be implemented, everyone holding ZCL must first move our balances to unshielded addresses before the fork to claim them immediately after fork. Will there be an official announcement one way or the other?

[vitsalis]

We have already created a wrapper for libff using Cython. Perhaps it could be useful.

[sulmone]

There is a full node wallet that supports shielded transactions. Implementing shielding in electrum is difficult in many places.

[ch4ot1c]

Closing; this is under development (method 2).