Editing Zero-knowledge proof (section)

=== Blockchains ===
Zero-knowledge proofs were applied in the [[Zerocoin protocol|Zerocoin]] and Zerocash protocols, which culminated in the birth of [[Zcoin]]<ref name="Hellwig 2020"/> (later rebranded as [[Firo (cryptocurrency)|Firo]] in 2020)<ref>{{cite web |last1=Hurst |first1=Samantha |title=Zcoin Announces Rebranding to New Name & Ticker "Firo" |date=28 October 2020 |url=https://www.crowdfundinsider.com/2020/10/168504-zcoin-announces-rebranding-to-new-name-ticker-firo/ |publisher=Crowdfund Insider |access-date=4 November 2020 |archive-url=https://web.archive.org/web/20201101141745/https://www.crowdfundinsider.com/2020/10/168504-zcoin-announces-rebranding-to-new-name-ticker-firo/ |archive-date=1 November 2020}}</ref> and [[Zcash]] cryptocurrencies in 2016. Zerocoin has a built-in mixing model that does not trust any peers or centralised mixing providers to ensure anonymity.<ref name="Hellwig 2020"/> Users can transact in a base currency and can cycle the currency into and out of Zerocoins.<ref>{{cite book|last1=Bonneau|first1=J|last2=Miller|first2=A|last3=Clark|first3=J|last4=Narayanan|first4=A|title=2015 IEEE Symposium on Security and Privacy|chapter=SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies|date=2015|chapter-url=https://ieeexplore.ieee.org/document/7163021|location=San Jose, California|pages=104–121|doi=10.1109/SP.2015.14|isbn=978-1-4673-6949-7|s2cid=549362}}</ref> The Zerocash protocol uses a similar model (a variant known as a [[non-interactive zero-knowledge proof]])<ref>{{cite web|last1=Ben-Sasson|first1=Eli|last2=Chiesa|first2=Alessandro|last3=Garman|first3=Christina|last4=Green|first4=Matthew|last5=Miers|first5=Ian|last6=Tromer|first6=Eran|last7=Virza|first7=Madars|title=Zerocash: Decentralized Anonymous Payments from Bitcoin|url=http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf|publisher=IEEE|access-date=26 January 2016|date=18 May 2014}}</ref> except that it can obscure the transaction amount, while Zerocoin cannot. Given significant restrictions of transaction data on the Zerocash network, Zerocash is less prone to privacy timing attacks when compared to Zerocoin. However, this additional layer of privacy can cause potentially undetected hyperinflation of Zerocash supply because fraudulent coins cannot be tracked.<ref name="Hellwig 2020">{{cite book |last1=Hellwig |first1=Daniel |last2=Karlic |first2=Goran |last3=Huchzermeier |first3=Arnd |title=Build Your Own Blockchain |series=Management for Professionals |date=3 May 2020 |publisher=SpringerLink |isbn=9783030401429 |page=112 |chapter-url=https://link.springer.com/chapter/10.1007/978-3-030-40142-9_5 |access-date=3 December 2020 |chapter=Privacy and Anonymity|doi=10.1007/978-3-030-40142-9_5 |s2cid=219058406 }}</ref><ref>{{Cite news|url=https://www.technologyreview.com/s/609448/a-mind-bending-cryptographic-trick-promises-to-take-blockchains-mainstream|title=A mind-bending cryptographic trick promises to take blockchains mainstream|last=Orcutt|first=Mike|work=MIT Technology Review|access-date=2017-12-18|language=en}}</ref>

In 2018, Bulletproofs were introduced. Bulletproofs are an improvement from non-interactive zero-knowledge proofs where a trusted setup is not needed.<ref name="Bulletproofs">{{cite book |last1=Bünz |first1=B |last2=Bootle |first2=D |last3=Boneh |first3=A |title=2018 IEEE Symposium on Security and Privacy (SP) |chapter=Bulletproofs: Short Proofs for Confidential Transactions and More |date=2018 |pages=315–334 |doi=10.1109/SP.2018.00020 |location=San Francisco, California|isbn=978-1-5386-4353-2 |s2cid=3337741 |doi-access=free }}</ref> It was later implemented into the [[Mimblewimble]] protocol (which the Grin and Beam cryptocurrencies are based upon) and [[Monero (cryptocurrency)|Monero cryptocurrency]].<ref>{{cite web |last1=Odendaal |first1=Hansie |last2=Sharrock |first2=Cayle |last3=Heerden |first3=SW |title=Bulletproofs and Mimblewimble |url=https://tlu.tarilabs.com/cryptography/bulletproofs-and-mimblewimble/MainReport.html#current-and-past-efforts |publisher=Tari Labs University |access-date=3 December 2020 |archive-url=https://web.archive.org/web/20200929160834/https://tlu.tarilabs.com/cryptography/bulletproofs-and-mimblewimble/MainReport.html |archive-date=29 September 2020}}</ref> In 2019, Firo implemented the Sigma protocol, which is an improvement on the Zerocoin protocol without trusted setup.<ref>{{cite news |last1=Andrew |first1=Munro |title=Zcoin cryptocurrency introduces zero knowledge proofs with no trusted set-up |url=https://www.finder.com.au/zcoin-cryptocurrency-introduces-zero-knowledge-proofs-with-no-trusted-setup |access-date=30 July 2019 |publisher=Finder Australia |date=30 July 2019 |archive-url=https://web.archive.org/web/20190730210721/https://www.finder.com.au/zcoin-cryptocurrency-introduces-zero-knowledge-proofs-with-no-trusted-setup |archive-date=30 July 2019}}</ref><ref name=":1">{{cite book |last1=Groth |first1=J |last2=Kohlweiss |first2=M |title=Advances in Cryptology - EUROCRYPT 2015 |chapter=One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin |series=Lecture Notes in Computer Science |date=14 April 2015 |volume=9057 |pages=253–280 |doi=10.1007/978-3-662-46803-6_9 |publisher=EUROCRYPT 2015 |location=Berlin, Heidelberg|hdl=20.500.11820/f6ec5d8f-cfda-4f56-9bd0-d9222b8d9a43 |isbn=978-3-662-46802-9 |s2cid=16708805 |chapter-url=https://www.research.ed.ac.uk/en/publications/f6ec5d8f-cfda-4f56-9bd0-d9222b8d9a43 |hdl-access=free }}</ref> In the same year, Firo introduced the Lelantus protocol, an improvement on the Sigma protocol, where the former hides the origin and amount of a transaction.<ref>{{cite journal |last1=Aram |first1=Jivanyan |title=Lelantus: Towards Confidentiality and Anonymity of Blockchain Transactions from Standard Assumptions |journal=Cryptology ePrint Archive |date=7 April 2019 |issue=Report 373 |url=https://eprint.iacr.org/2019/373 |access-date=14 April 2019}}</ref>