Hey, in the last few days Sapling has sparked some controversy in the community as why its not used when integration is done…
I have another question: Actually one community member said sapling is already years out of date.
Whats the new way? →
Groth16 (Sapling) was the zcash approach where you needed to pre-setup per circuit. There is now a much more scalable solution called Plonk and also has the big advantage you can use the same set-up for each new circuit. Groth16 is 2016 tech.
You can see it in use here: https://zk.money/asset/ETH
So why was not plonk considered?
Hello, we don’t think Sapling is out of date. It is still a very good protocol, especially from the point of view of privacy guarantees.
There are today a few use cases in finance for which it works very well, namely contracts that deal with only one fungible token.
The downside of Sapling, which was known when we decided to integrate it, is that it does only one thing very well, which is cash. This is no surprive given that is was designed by the ECC for ZCash. For example dealing with delegation, governance or any other smart contract logic that needs user data to work is not supported.
It is true that the proving system it’s based on (Groth16) makes it hard to tweak the protocol and update it, even though it is very efficient.
We are currently working on a new Plonk based proving system in order to build a ZK-Rollup. Thanks to its universal setup, this new system will also make it much easier to deploy new protocols based on zero-knowledge proofs. For example we could use Plonk to build an extension of Sapling that supports multiple tokens in the same shielded pool.
6 Likes
Thank you @NomadicLabs for the detailed explanation. I appreciate the effort you put in.
1 Like
Yes thank you for your time and explaining it!
1 Like
