# 8.2 Supporting Projects ZK-SNARKs \[1] (concise non-interactive knowledge argument), the proof size is fixed (about 200 bytes), and the verification is extremely fast (milliseconds). Rely on CRS (requires trusted settings, such as Zcash's "ritual"), ZK-STARKs (transparent non-interactive knowledge demonstration): no trusted settings are required, but the proof size is large (tens of KB). Application scenario: Private transactions (Zcash Tornado Cash), off-chain calculation verification (StarkNet’s L2 expansion). Non-interactive authentication, Schnorr signature: Convert the interactive Schnorr protocol to non-interactive through Fiat-Shamir transformation. Bitcoin Taproot upgrade uses this technology. BLS signatures support signature aggregation and are used for validator voting in Ethereum 2.0. The non-interactive commitment scheme Pedersen commitment, combined with Fiat-Shamir, can construct non-interactive range proofs (such as Bulletproofs). Application: Confidential Transaction (Monero). Zcash \[2] is a smart contract programming language and compilation framework based on zero-knowledge proof (ZKP), designed to make it easier for developers to build privacy-preserving smart contracts on blockchains such as Ethereum. It allows specific data within a contract to remain private while still being publicly verifiable as to its correct execution. Automatic zero-knowledge proof generation, the Zcash compiler will automatically convert operations involving private data into zero-knowledge proofs (ZK-SNARKs). For example, prove balance\[Alice] >= 100 without exposing the exact value of balance\[Alice]. ZettaStar \[3] combines zero-knowledge proof (ZKP) and distributed computing protocols to solve the verifiability problem of AI model training and reasoning. Its core goal is to enable users to trust AI computing services provided by third parties (such as cloud computing service providers or federated learning nodes) without relying on centralized auditing. AI calculation integrity proof, use ZK-SNARKs/STARKs to generate proof of the calculation process, ensuring that: the training process has not been tampered with (such as data poisoning attacks), and the inference results are authentic and credible (such as the model has not been replaced privately). Applicable to: federated learning (multi-party collaborative training, protecting data privacy), cloud computing outsourcing (verifying whether the cloud service provider performs calculations as agreed). Zkey v0.2 \[4] The next-generation smart contract privacy programming framework is a major upgrade of the Zkay protocol. It focuses on improving the integration efficiency, developer experience and cross-chain compatibility of Zero-Knowledge Proof (ZKP), making privacy smart contracts easier to develop and deploy. The more efficient ZKP backend supports the new proof system, PLONK (replacing some Groth16 use cases), reducing the need for trusted settings and increasing the speed of proof generation. Halo2 (experimental support) supports recursive proofs and is suitable for complex contract logic. Optimize circuit compilation, automatically identify parallelizable calculations in smart contracts, and reduce ZKP generation time (increased by 30%+). Enhanced syntax and tool chain, private data type expansion, new explicit type declarations such as private(uint256), private(bool), etc., to reduce developer confusion. Supports private arrays and private mapping private(uint256\[]), private(mapping)). In debugging mode, the local simulation environment can output ZKP intermediate states to facilitate troubleshooting privacy calculation errors. Cross-chain deployment capability Multi-chain compiler, in addition to Ethereum, supports EVM-compatible chains of Binance Smart Chain (BSC), Polygon and Arbitrum. Future plans include expansion to zkSync Era and StarkNet (ZK-Rollup based on Cairo). Standardized Privacy Interface, ERC-721Z (Experimental) extends ERC-721 to support privacy properties of NFTs (such as hiding owners or metadata). Zether \[5] is a privacy payment protocol based on zero-knowledge proof. It is a completely anonymous encrypted payment protocol. It was originally proposed by the Stanford University team (Bünz et al., 2019) and aims to provide programmable private transaction functions for smart contract platforms such as Ethereum. It combines zero-knowledge proofs (ZKP) and an account model to support hiding transaction amounts, senders, and receivers while maintaining verifiability. Complete anonymity, hiding both parties to the transaction: Using Stealth Addresses technology, external observers cannot correlate transactions. Amounts are hidden, and balances are encrypted but valid through Pedersen commitments and range proofs (Bulletproofs). Hide transaction types and support private transfers and private smart contract calls (such as private DeFi). Programmable privacy Compatible with smart contracts, conditional payments (such as "transfer when ETH > $2000") can be executed in a private environment. Supports multi-party privacy interactions: scenarios such as privacy auctions and privacy voting. No The interactive proof uses the Sigma protocol + Fiat-Shamir transformation, which eliminates the need for multiple rounds of interaction for proof generation and verification, making it suitable for blockchain environments. Zexe \[6], a privacy computing and decentralized execution framework based on zero-knowledge proof, is a privacy-first blockchain execution model proposed by the Aleo team (formerly the core developer of Zcash), focusing on programmable privacy and off-chain computing. It combines zero-knowledge proofs (ZKP) and distributed systems to allow users to perform arbitrary computations and generate verifiable proofs without leaking data. Off-chain calculations + on-chain verification calculations are performed locally (user device or dedicated node), and only ZK proofs are submitted to the blockchain. Lightweight verification on the chain, click to verify the proof, no need to re-execute the calculation (similar to ZK-Rollup). Complete privacy protection hides input data, such as transaction amount, participant identity, and smart contract status. Selective disclosure allows users to disclose certain information to specific parties (such as regulatory agencies). Programmable privacy smart contract that supports custom privacy logic (such as "prove age > 18 years old but do not reveal specific age"). Suitable for DeFi, identity authentication, confidential voting and other scenarios. Hawk \[7] programmable privacy smart contract framework is a privacy-preserving smart contract system proposed by UC Berkeley researchers (Kosba et al.), which aims to allow developers to build decentralized applications that not only maintain data privacy, but also publicly verify the correctness of calculations. It combines zero-knowledge proofs (ZKP) and cryptographic commitment schemes so that contract logic can run on encrypted data without exposing the original information. Privacy-preserving smart contracts, Encrypted input data: Inputs to the contract (such as transaction amount, user identity) remain hidden. Publicly verified calculations: Ensure correct execution of contract logic through zero-knowledge proofs (ZKP) without the need to decrypt data. Programmability and flexibility Support general computing (Turing-complete), not just simple payments (like Zcash). Developers can define custom privacy policies (such as "Only allow regulatory authorities to decrypt specific transactions").