 My colleagues at a skipper lab the zero cash team and myself would like to take this opportunity to tell you about the brave new world of ZK snark applications So ZK snarks are in a particularly efficient form of zero knowledge proofs They are sync non-interactive arguments of knowledge between a prover and the verifier and necessarily there's also a generator setting up a common reference string and There has been a wealth of fascinating literature on this Starting with the seminal works on zero knowledge and especially productive over the past decade in terms of theory implementations compilers from high-level representations and specific applications and I'd like to tell you about two real world deployments that are particularly exciting for us The first is lip snark a C plus plus library for ZK snark that we've been developing for the past four years Leap snark contains the state of the art in preprocessing snark implementation starting with those based on quadratic span and arithmetic programs and their subsequent improvements as well as the generalization to proof carrying data It also contains very efficient tailored implementations for finite field elliptic curves and pairings. It's open-sourced It's Out there to download from github and you welcome to do so and use it as about 50 other academic and commercial users have already We've been fortunate to have several developers join us recently and They contributed some very nice things to the library including a new build system That may the notary improvements that make development and integration easier improvements to the Provement prove a performance algorithm using low-level techniques as well as using high-level techniques implementing the latest and greatest ZK snark schemes resulting in reduced proof sizes and Prover complexity as well as very far complexity all of these are available on our github repo one particular application of Leaves snark is zero cash your cash is a protocol that we've developed for Privacy preserving cryptocurrencies and inspired by Bitcoin like public ledgers But unlike in Bitcoin where every transaction is posted for anyone to view and analyze In zero cash the blockchain contains just a bunch of pseudo random values ciphertext and zero knowledge proofs of the case snarks Now the underlying idea of Is your cash is to use your knowledge proof so whenever a transaction happens? they sender knows what justifies that transaction and Provides as your knowledge proof for it that anyone can obvi can verify the validity of that this transaction is legit Has a correct origin isn't double-spending and so forth Anyone else can merely verify correctness, but the recipient can more over verify that they are the intended Recipients and take ownership of those funds Now this started as a paper in Auckland 14 and ever since then we've been working on taking this into a real-world cryptocurrency and that indeed happened last October after Several years of work and I dedicated engineering team and a company that was established to fund those engineers The new cryptocurrency was launched. This is the roadmap a few days after launch as of today We have an ever-growing blockchain About five million dollars are transacted Using snarks every day and this is just a lower bound because some of these are protected by zero knowledge We don't know they're there some of these are done by off-chain exchanges And speaking of which there is a very large ecosystem containing this dozens of such off-chain Exchanges in containing hardware and software wallets Hundreds of forks and github as by various developers extending and improving and of course many many thousands of users so taking this theory and Theoretical definitions and proofs into a real system that people will trust their savings to has been a very interesting journey with many Fascinating challenges. I'd like to share one of these with you and that is the issue of that trust a generation that is necessary in the underlying Z-case snarks Why would anyone trust me or a commercial company or anyone else to generate that CRS and therefore? We replaced that by a multi-party computation that was tailored specifically for this setting for efficiency and that took place before the currency was launched and It involved a suitable cryptography as well as very interesting and extreme operational security measures like a Six geographically distributed parties ranging from hotel rooms monitored by journalist and video crews To someone driving in the badlands of British Columbia with a lot of tin foil We had dedicated compute nodes very carefully purchased and Prepared and after the computation was done very dramatically distracted To erase all remnants of information And we have a publicly auditable trail that anyone can download and verify And also many improvements coming up including improved the case not constructions Better snark friendly primitive for hash functions for example A very exciting improvement is augmenting the blockchain protocol to support payment to snark verification Addresses so you can pray to someone's criterion in zero knowledge without anyone knowing even what the criterion is except for you and the recipient And we're going to redo the MPC protocol to add this extra functionality and to improve it along the way So if you are going to use the case not to need your own secure MPC for parameter generation talk to us another interesting thing is We've established the Zcash foundation and non-profit to support the technology and its users and one of the Programs is a grant program that will support among other things academic research on such proof systems If you think it's suitable again talk to us There are many other Emerging applications in the blockchain and commercial realm Including the next version of a theorem that's adding the case not support several other companies in blockchains JP Morgan and its quorum system are adding support for snarks as well as a company called caddage for prove it that is Working on identity attestation and business logical application provenance in the tracking guy using snarks To summarize VK snarks really are practical and There's a rapidly growing community of developers and users and enthusiasts that are going around explaining this technology to each other and looking for Applications, this is a great example of the theory to practice transition It motivates new theory questions as some of those theory papers show And it also is open up the question of what's next what are the next applications to build If you're going to do that you may find some of the links that I mentioned Summarizing this webpage. Thank you