HaRold

In order to avoid a malicious actor from causing the 'honest' others to lose money by, while adhering to the protocol, picking multiple people to offer their transaction to, is...

As per the slides davidp94 linked, BLAKE2s could be used instead of SHA256 to significantly reduce verification time, e.g. 10 rounds of 21518 constraints, versus 64 rounds of 25840 constraints....

Yup, even the response I had from one of the eth dev meetings was basically 'wait for ewasm'... Until then, I guess it's just about tooling, proof of concept, security,...

Getting the proving time down as much as possible is the HUUGE step towards general usability, maybe there some optimisations which can be made? Zcash's 40 second proving time is...

So, the library is going to be a generic on-chain contract to verify proofs, maintain the Merkle tree, perform verification etc. then associated tooling to generate proofs etc.

Hi, I've started work on this on my fork at: https://github.com/HarryR/ethsnarks I've implemented the verifying code in Python using `py_ecc` (proving code will always be in a native library), as...

> tree_depth = 2 Have already done this. > This might be difficult as the proving key is 800mb and could take alot of ram. Just for the proof and...

https://github.com/HarryR/ethsnarks/pull/78 has been tested and merged. FYI every public input costs 40k gas, not 200k. With the new `sha256_many` gadget you can pass-in an arbitrary sized array of bits, so...

The sha256_many gadget is compatible with the SHA256 function as used on Ethereum, in Python and generally everywhere, whereas only the raw compression function gadget is implemented in libsnark. sha256_many...

https://github.com/barryWhiteHat/miximus/pull/13 ? Where the 'zero address' could be Ether. Alternatively you could split the logic into a common backend contract, which can be reused by multiple frontend contracts supporting different...