>“Morgen, why is your phone playing the audio from our Google Hangout?” asked Wilcox, bemused, curious, and slightly alarmed.
So if the phone compromised the air-gapped machine on the other side of the room (which the article concludes is unlikely) the attacker has 1/6 of the key.
Do you have any evidence, even circumstantial, that the other 5 stations were compromised? Or do you have some other reason to believe the entirety of Zcash is "likely compromised"?
Is prudence not prudent in matters such as these?
You can read the release notes here btw that point to the EIP and Github issues for "Precomipled contracts for modular exponetiation; elliptic curve addition, scalar multiplication and pairing" here: https://blog.ethereum.org/2017/09/14/geth-1-7-megara/
AFAIK there were only 4 precompiled contracts (ECDSARECOVER, SHA256, RIPEMD, and IDENTITY) so this is sort of a big deal, but I think the right way to go (being able to natively support zkSNARKs, or RingCT/RuffCT directly on ETH would be incredibly powerful.
The practical implications for this particular change is being able to run private tokens directly on Ethereum (vs globally visible transactions), although AFAIK the initial zkSNARKs implementation is not currently compatible w/ ERC20 tokens ATM.
Most applications of the pairing curve operations are probably going to be signatures and the like, not SNARKs for this reason.
A bit longer...
Normally when you send a payment with crypto currencies you leave a trace in the blockchain. i.e. other people can see which address is sending how much to where. This information is required so that the transaction can be validated by all nodes.
The zk-SNARK technology allows you to send a payment without revealing the who sent how much to where.
I like ZCash but I think Z-transactions (anonymous) should be the default as there has been advances in the performance and memory requirements 
 - https://twitter.com/zooko/status/863202798883577856
[lol j/k] - https://twitter.com/zooko/status/863543600663101440
 - https://twitter.com/ebfull/status/907997752709091329
Similarly, would it make sense to have to mine the ledger or transactions? Similar to gas, depending on how secure you want you could adjust the complexity/duration to mine. Perhaps involved parties could mine at a great discount given their transaction to seed the mining where a 3rd party could take months or more.
These thoughts have been bouncing around in my head for a while. Thought I’d pass along for whatever they’re worth.
Does this just mean that Byzantium does not contain the ability to somehow convert Ether into Zcash? That would seem to be the feature that would enable existing ethereum balances to become anonymized.
with Byzantium, it's now possible to create a zcash-like token on top of ethereum (it would however be wholly separate from zcash). since it lives inside of ethereum, it would be easy to exchange for ether. however, its value would float separately. it might look something like this: https://github.com/zcash-hackworks/babyzoe.
Byzantium also makes it possible to create an ethereum contract into which you can deposit ether (locking it up), transact around privately with others, and then later withdraw back out into ether.
'What can we do with a SNARKs-enabled Ethereum? Certain contract variables can be effectively made private. Instead of storing the secret information on-chain, it can be stored with users, who prove they’re behaving by the rules of the contract using SNARKs. Each of these uses require their own trusted setup, but once a circuit exists, it can be easily cloned.
Imagine an ERC20-like token that doesn’t publish individual holders’ balances, while still maintaining a public and predictable token supply, or a lending platform that keeps the terms of a loan private.'
This sentence has no meaning. It was clearly written by a marketing department with no idea what they are talking about.