Ben Fen, co-founder of Wuzhen·Findora: How does Supersonic stand out in the zero-knowledge proof family?

On the afternoon of November 8, the “2019 World Blockchain Conference·Wuzhen” hosted by Babbitt continued. In the sub-forum “Technology changes the world: the underlying infrastructure of the blockchain”, Ph.D. and Cryptography, Department of Computer Science, Stanford University Expert and Findora CTO Ben Fisch gave a keynote speech on "Transparency in the Financial and Zero-knowledge Proof System: Supersonic – A Supersonic Breakthrough".

Ben Fisch said at the meeting that Bitcoin, Ethereum and Libra have very poor privacy, and that they want to balance privacy and auditability together, and can use a zero-knowledge proof scheme to compare several zero-knowledge proof schemes. Including SNARKs, STARKs, Groth16, Bulletproofs and the Supersonic they use. According to Ben Fisch, Supersonic's proof is very small, fast to verify, and it doesn't require trusted settings, making it suitable for privacy transactions of all kinds of complexity.

The following is the live speech of Ben Fisch, organized by Babbitt.

Bl (3)

My name is Ben Fisch. I am talking about the transparency of the financial and zero-knowledge proof system. I am the co-founder of Findora. We know that finance has always existed. We also see that there are data islands in the financial industry. So when you put money in your account, you don't know where they use your money. You have no way to prove that you have money in the bank. What kind of story will happen.

We also see cases of financial fraud in the past, and these fraudulent financial cases have the problem of data silos.

And we believe that the blockchain will bring more applications to financial institutions in the future.

I can put all the assets in a transparent way and make it visible to all customers.

We don't need any auditors to audit the books in the whole process. We only need to know that the source data is correct, and the blockchain data is not tamperable, then the whole data is available.

For our privacy protection, this also requires compliance, and we need the trust of our customers.

When we talk about the global books, we can first see some applications, such as bitcoin, but the problem with Bitcoin is that it has no privacy.


As shown on the left, we have shown through research that tracking bitcoin transactions is easy to achieve. At the same time, because of the production of Bitcoin, the overall tracking has now become a commercial behavior. That's why Bitcoin is not very suitable for business applications because everyone can see participants in different transactions on the Bitcoin platform.

And cash transactions, it is the most primitive way of trading, its advantages and disadvantages are as follows:

  1. It is very difficult to track, and it is decentralized;
  2. But its disadvantage is that it is very expensive, you need to print it out, and it also requires physical interactions. It is not global and cannot be audited. You must use face-to-face transactions to use them.

At the same time, we have seen that we always have to weigh the issues of privacy and auditability, but with the breakthrough of the new technology of blockchain, we can see that these shortcomings can be greatly limited.

In addition, regarding the protection of privacy, we think that Libra doesn't mean anything, and everyone can see everything. Like Alipay and WeChat, they are private to the public, but there is no privacy for the server.

How to make a good balance between privacy and public audit?

On the one hand, it has good privacy protection on the public account book, but at the same time it can conduct public audits. We can use zero-knowledge proof to make such an arrangement. For example, if we are on Bitcoin, it has no privacy protection, and everyone can see everything. But if we want to protect privacy, we can use the encryption algorithm, which means we don't know the specific amount, but we can still prove it. In this case, we can audit it and establish a good protection between privacy. Here, we can protect privacy by means of zero-knowledge proof.


It can be seen that this is between us and the auditor to prove that its answer is positive. We can see that the auditor does not know how much X is, but he knows that it is positive, and he knows that we definitely know. Here you can also make non-interactive zero knowledge, they only need to pass an answer, we need some public parameters here, you can see that Victor will check π, see if it is right, then pass a Very simple answer, he is sure that X is positive.

Let's take a look at SNARK, which is a very effective and fast proof of zero knowledge. Sometimes it is enough to have a very concise answer. When we are accounting, we count very fast and the data is small.

We see that zero-knowledge proof can help us bring a lot of privacy-protecting features, such as remittances from confidential money and asset management.

When it comes to contracts, we can assess the contract's qualifications to prove the contract's validity. For example, we can prove that the investment fund has the ability to pay, or that the entire account has the value of encryption on the public chain. We can also prove that our assets are on the white list, we can avoid misappropriation, and so on.

Zero knowledge proves the family's contrast, Supersonic stands out

Let us briefly analyze the characteristics of several major zero-knowledge proof schemes. For example, Groth16, it is very small and very fast, but it requires trusted settings. There is also STARKs, which are basically not available on the blockchain because it is too big, but it is faster. There is also Bulletproofs, we can see that its proof is short, and has good privacy protection, but it is slow, so it may not be suitable for particularly complex proofs, but it is especially suitable for moderately complex transactions. We also use a lot of Bulletproofs, for example, to hide the amount when trading, we can use Bulletproofs. But if you want to prove that he has solvency, you can't use Bulletproofs.


It can be said that using Supersonic zero-knowledge proof to prove particularly complex parameters, we can complete in a few milliseconds.

This is Supersonic, which is arguably the first to be very short and does not require a zero-knowledge proof of trusted setup.

For medium and complex transactions, we can use Bulletproofs, and the Supersonic we use now, regardless of whether the transaction is complicated or not, is applicable.