From 0d0885da849a29b0e8f970959a7b76b3cb97670a Mon Sep 17 00:00:00 2001
From: David Florness <david@florness.com>
Date: Sun, 30 May 2021 17:31:52 -0400
Subject: [PATCH] README: update info on zk-SNARKS

---
 README.md | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index e4a2ffd..0001d30 100644
--- a/README.md
+++ b/README.md
@@ -17,16 +17,15 @@ to anyone, but the final, aggregate result of the election can still be
 computed.  In short, every voter helps count the ballots, but no individual
 voter can know anyone's ballot but their own.
 
-STARKs zero-knowledge proofs, as described
-[here](https://vitalik.ca/general/2017/11/09/starks_part_1.html) by Vitalik
-Buterin, are used to ensure (with very high probability) that no individual
-voter has submitted a fraudulent ballot.  (Unfortunately, this zero-knowledge
-proof part of tallyard has not been finished yet.)
+Jens Groth's zk-SNARK, as described [here](https://z.cash/technology/zksnarks/),
+is used to ensure (with very high probability) that a given voter's ballot is
+not fraudulent, while revealing zero information about the ballot itself.
 
 Have a look at the
 [presentation](https://gitlab.com/edwargix/tallyard/-/raw/master/doc/oresec-talk/tallyard.pdf)
 I gave for my former university's cybersecurity club for an overview of the
-aforementioned cryptography.
+aforementioned cryptography.  **Note:** some of the info in the slides is very
+out-of-date.
 
 Because Matrix is an open, federated messaging protocol, it is quite possible
 for individuals to participate completely anonymously since often nothing more
-- 
2.38.4