zk-SNARKs - Halo

Hello, with the recent unveiling of Halo, ZEC’s zk-SNARKs have some nice improvements, namely no more need for trusted setup. I think this is huge, and I hope whatever protocol upgrade introduces zk-SNARKs to Tezos will have this improvement included!

Nomadic if you’re here, what are your thoughts here? Others’ thoughts?


Hey tzenvoy,

We are aware of the recent unveiling of Halo. You probably won’t see it in the first zk-SNARK implementation in the next proposal, however we are looking into Halo and PLONK for the future.


I’ve been looking through the proof of concept code for Halo. It’s very promising, but far from production ready now.

For reference, Zcash has a network upgrade planned for December 11th of this year that doesn’t include any improvements to the zkp scheme used in Sapling. After that we should see their timeline for the next upgrade. There are benefits to tracking them, evidenced by the counterfeiting vulnerability they patched last year.

It’s also worth noting that Halo isn’t a theoretical performance improvement over the scheme used in Sapling when it comes to shielded transactions. It’s designed for efficient recursive proofs such as those necessary for scaling, as explored in Coda and Rollup. So as exciting as it is to be able to drop the trusted setup, perhaps best to think of Halo as useful for different applications.


Thanks for the response all, this all makes sense :slight_smile: