228

M. Polychronaki et al.

Fig. 8 Interactive ZKP proof process

Fig. 9 Non-interactive ZKP process

a new block broadcasted is valid to be added onto the chain, while at the same time

it acts as the proof that the node is willing to spend the computational power needed

for the particular hash, thus making him an honest node to the network.

Another use of ZKP in blockchain is one of the Zerocoin protocols used by

the Zerocoin blockchain. The authors in [37] present a solution for solving the

privacy problem of Bitcoin, which has the weakness of back tracing a user’s account

using his/her transactions throughout the network. Zerocoin protocol breaks the links

between transactions in a decentralized way, where users take advantage of an e-cash

system to cryptographically mingle their coins with each other. Every user of Zero-

coin becomes the miner of the Zerocoin coins equal to his/her bitcoin amount to be

spent. Then, the specific amount of Bitcoin is locked, while the Zerocoin coins are

bound with a public non-interactive ZKP, proving that someone knows to whom these

coins came from (but not their name) and that he/she has the key which unlocks the

corresponding Bitcoins. Any user who can validate this particular ZKP can exchange

their Bitcoins with others, which previously were used by another user.

The Zcash blockchain performs transactions using a ZK-SNARKs protocol in

order to hide the sensitive information contained in the transactions’ data. Similarly,

with Zerocoin, Zcash also targets the traceability of accounts in Bitcoin but from

a different perspective. Instead of mingling users’ coins, Zcash shields transactions