[ewillbefull]

Zcash's zk-SNARKs are totally private even if that ceremony failed and even if the cryptographic assumptions underlying zk-SNARKs fall apart.

I find the comparison with Bitcoin perfect. The same people trusting PoW cartels to keep their system operational are complaining that zk-SNARKs require a parameter setup for proof soundness? That doesn't really make sense to me.

[SomeStupidPoint]

> zk-SNARKs are totally private even if ... the cryptographic assumptions underlying zk-SNARKs fall apart

On the face of it, that sounds very wrong. Could you elaborate on what you were saying?

[ewillbefull]

Zero-knowledge proofs for a given statement, by definition, reveal nothing about its witness. zk-SNARKs (used by Zcash) are statistically zero-knowledge; there are no cryptographic assumptions involved.

[EGreg]

As a slight aside, I always wondered if zero-knowledge proofs really reveal "slight" knowledge.

That is, if I ask 1 billion questions about a resource, and get true, verifiable answers, can't I find out something about it? For example, some projection onto a linear subspace or something.