Published in


Suterusu-KuCoin AMA Recap

Dear Suterusu Community,

Time: 9th, June, 2020, 17:00–18:00 (UTC+8)

KuCoin hosted an AMA (Ask-Me-Anything) session with Suterusu in the KuCoin Official AMA Telegram Group.


Mr. Huang Lin, CTO of Suterusu

Introduction to Suterusu

The Suterusu project was established in August 2019. It integrates a state-of-the-art trustless ZK-SNARK scheme with nearly constant size proofs, efficient proof generation and verification.

Suterusu also introduces the Suter Virtual Machine (SuterVM) which supports smart contract blockchains such as Ethereum.

The project also carries an ultimate mission to provide liquidity with privacy built-in across different blockchains.

Q&A from KuCoin

Q: What is Suterusu?

A: Suterusu brings ZCash level privacy to any blockchain platform or application. It integrates a state of the art trustless ZK-SNARK scheme with nearly constant size proofs, efficient proof generation and verification. Suterusu also introduces a Suter Virtual Machine (SuterVM) that supports smart contract blockchains such as Ethereum. Suterusu is a future-oriented privacy-protection protocol built on innovative technology.

Q: What is web 3.0 and why we need Suterusu in web 3.0?

A: Web 1.0 was a “read-only” Internet; web 2.0 has evolved into a “read-write” Internet. Billions of users can participate in the Internet economy, but what we have is an unbalanced, monopolistic Internet from the perspective of economic benefit. Internet giants have grabbed the majority of dividends from the digital economy while leaving the individual users as the data producer. Users have become the product.

Dr. Gavin Wood, former CTO of Ethereum, founder of the web 3.0 foundation, pointed out that Web 3.0 is a set of inclusive protocols that provide building blocks for application developers. These building blocks not only replace traditional Web technologies such as HTTP, AJAX, and MySQL, but also provide a new way to create applications.

Web 3.0 involves basic functionalities such as data storage, privacy protection, and identity authentication. All of them need to be implemented as functional modules. These modules place higher demand on the underlying infrastructure, such as openness, decentralization, and security. Compared with protocols focusing on other functionalities, privacy-protection protocols can play a vital role in the construction of data property rights.

Blockchain technology, undoubtedly is a fundamental building block for web3.0. It’s also the main reason why we see various interesting web 3.0 projects coming out of the blockchain sphere. The following figure roughly shows the current state of the construction process.

A: What are the main features of Suterusu?

Q: 1. Suterusu’s original zk-ConSNARK, is more secure without the need of “trusted setup” and more scalable due to its smaller zkp size;

2. In terms of its application, Suterusu can provide privacy protection service for mainstream cryptocurrencies, such as BTC、ETH and is more adaptable to DeFI applications compared to Zcash and Monero;

3. In terms of token economy, the total amount of Suter is constant, halved every two years, and has the lowest inflation rate among mainstream anonymous coins.

A: How many technical advantages for Suterusu compared to Zcash and other privacy computation project?

Q: The first one is of cause zero-knowledge proof without trusted setup.

We have been talking a lot in the previous series regarding trustless setup. The trusted setup step of zero-knowledge proof scheme involves trapdoor information, which is equivalent to the private key in a signature scheme.

We know that once the private key in the signature scheme is stolen, an attacker can use the private key to generate an unlimited number of legitimate signatures.

If we map it to the case of zero-knowledge proof, this kind of trapdoor information being stolen means that an attacker can generate unlimited amounts of legitimate zero-knowledge proofs.

Several popular cryptocurrencies such as zcash or the two-layer protocol aztec for smart contract platforms are based on a zero-knowledge proof scheme that requires a trusted setup. Even running a secure multi-party computing protocol can mitigate the impact of trusted setup, it doesn’t really solve the problem. It still only provides a limited security level.

In addition, the mathematical assumptions on which these zero-knowledge proof Zcash protocol are based on are non-standard and only proposed recently. Their security has not been fully investigated. There are lots of controversies regarding their security in the mathematician society. So even from a purely mathematical perspective, the security of these zero-knowledge proof schemes remain questionable.

The zero-knowledge proof implemented by Suter Mirage 1.0 does not require a trusted setup step. All the parameters involved in the setup step are randomly selected from the corresponding group elements through a transparent process. The implementation of our zero-knowledge proof algorithm is in the public repository, Anyone can verify this by checking our code.

Lastly, the zero-knowledge proof scheme used in this testnet is based on a standard discrete logarithm assumption, which is also the underlying assumption of various cryptographic schemes that have been widely deployed in practice, so their security ground is very solid.

The second advantage is our zkp code library base for smart contracts.

At present, the implementation of the general zero-knowledge proof library in the market mainly aims to serve the layer-1 privacy coin, such as zk-snark of zcash, ring confidential transaction of monero, etc.

The main difference between the zero-knowledge proof library for the smart contract platform and the zero-knowledge proof library for layer-1 privacy coin is:

Under the layer 1 privacy currency UTXO model, a digital commitment scheme is used to protect the transferred amount to the receiver. If the UTXO account recipient cannot open the digital commitment, it only means that the specific UTXO account cannot be used. Therefore, under the UTXO model, the sender does not need to provide a zero-knowledge proof to prove the legitimacy of the encryption key when sending the secret key corresponding to the encrypted amount to the recipient.

Mainly out of usability concern, the account model used in the smart contract platforms simulates the working mode of a bank account, so all transfer amounts in the account model are eventually aggregated into one user account. Therefore, under this model, even if the random key of the encrypted transfer amount received by an account cannot be opened once, it would imply that all the other received amounts of the same account cannot be used anymore, because the random key after aggregation could not be used to open the corresponding ciphertext.

Therefore, the zero-knowledge proof solution for the smart contract platform needs to provide zero-knowledge proof for the encryption of the account key to mitigate the aforementioned problems. This means that we need to change the corresponding transfer consistency proof and range proof respectively;

We have also made modification accordingly to prevent the replay attack against the smart contract platform since it differs from the mechanism used to prevent the double-spend attacks in privacy coins such as monero.

Our preliminary zero-knowledge proof library provides transfer consistency proof and range proof for the smart contract platforms. The transfer consistency proof means that the sum of the input amounts and that of the output amounts is equal in a transfer contract. The range proof means that the amount involved in a transfer belongs to the correct range, and hence it would ensure that the attacker cannot launch an attack to print Suter coins out of thin air.

The third advantage is that our client implementation supports formal verification.

The testnet client is written in the OCaml language, which has been widely used in smart contract programming. The main reason is that it is a functional programming language, so it is easy to write developer libraries and tools for formal verification. The so-called formal verification refers to abstracting the system code into a mathematical model, and then based upon certain predefined attributes and descriptions, we provide mathematical proof to prove the correctness of the algorithm, and hence verify the security of the system.

Due to OCaml language’s strong type system and memory management features, OCaml language has a unique advantage in supporting formal verification. The technical community of OCaml language is particularly strong, and there exist many tools that can be used to generate OCaml code for formal verification, such as F *, Coq, Why3, etc. The functions currently supported by the testnet client include: creating an account, performing transfers, viewing account information, generating a signature and the corresponding zero-knowledge proof.

For detailed technical solutions, please refer to the Yellow Paper:

Q: What are the application scenarios of Suterusu?

A: Our application scenarios include:


Anonymous transaction: Bitcoin has been recognized as digital gold by traditional financial industry, and the demand of transaction mixer for bitcoin has increased significantly. Suterusu will provide anonymity transaction for BTC, ETH and other main stream crypto assets.

Decentralized payment: Stable coin and legal digital currency is likely to act as an alternative payment to BTC. The People’s Bank of China has proposed a concept of controllable or auditable anonymity in its DC/EP plan. Suterusu will provide similar service for the decentralized payment.

DeFi: Based on SuterVM, Suterusu can realize a much more sophisticated smart contract module. For example, it incorporate different regulatory provisions in different countries. The transparency of these predefined rule is guaranteed while the payment privacy can still be protected.

2、zero knowledge identification

In the password based authentication protocol widely used on the current website, the identity of the user who logs in to the website is immediately revealed to the webmaster. However, if users use zero knowledge identification, they can guarantee their privacy when they log in to the website. zero knowledge identification can also be used in voting, donation and auction.


ZK-snark allows a large amount of information to be compressed into so-called proofs, and these proofs can keep the same size regardless of the number of inputs. Vitalik suggests that zkp technology can bring dozens of times performance improvement to Ethereum framework.

Q: How many partners of Suterusu by now?

A: Sure, Suterusu’s technical capacity have attracted strong interests from other public blockchains and DeFi projects:

We have partnered with public blockchain projects such as NEO, IOST, and Theta. Suterusu will build Layer-2 privacy protection protocol for these projects, and we have also worked with lead economist from Dfinity on research topics regarding on-chain governance;

In terms of DeFi, Suterusu will build strategic cooperation with STPT and SWFT to work together regarding on-chain assets management, i.e., interchain payments.

We have also been involved in research collaboration and discussion with researchers from the largest decentralized application project, Basic Attention Token (BAT), which has the largest user base in the world, with more than 10 million monthly active users; DOS Network is also conducting research on privacy protection on the data chain with Suterusu;

In terms of Staking mining pools, Kucoin, Hotbit, MXC, Lbank, and Rockx have set up corresponding Suter Staking activities. With the efforts of various companies, the overall pledge rate of Suter reached about 80%.

Q: How about the token economy of Suterusu?

A: The total amount of Suter Token is capped, and the output is halved every two years. Among them, the team and the foundation will account for 4.8% and 3.2% respectively, private equity accounts for 16%, and 76% of the Suter token is produced through Staking mining.SUTER token has the lowest inflation rate among main stream anonymity coins.

As of May 30, 2020, Suter Token has released a total of 1.27 B, the number of participating staking positions is 1.11 B, and the Staking participation rate has reached 87.4%. From October 2019 to April 2020, the actual annualized return rate of Suter Staking exceeds 50%.

In addition, Suterusu also launched the SuterDAO community autonomy module. Among them is community autonomy proposal №1. The participation rate of the Staking automatic reinvestment plan reaches 93%, which means that more than 90% of users choose to automatically recover and reinvest the SuterToken obtained by daily mining. This data is enough to show a high degree of recognition and consensus on the project vision.

Q: How to run a validate node of Suterusu and vote to them?

A: Deposit 5 million SUTER tokens and become a validate node candidate;

Validate node has a PoS pool business model and will share the staking rewards according to the “mining power” which is calculated by “mortgage token + voting token” of the validate node;

Voting users can be charged 10–20% commission to make up for the operation cost of the node.

Already have 26 validate nodes including MXC, Lbank and RockX;

Feb. 2020, Alphabit、BlockGroup and Betterbit reinvest through the second market and Curve Capital and BlockX directly invest Suterusu in the same way.

Q: What’s the development progress of Suterusu?

A: The development of zk-ConSNARK crypto library was completed in March 2020. We have finished the development of test net hiding “the payment address and transfer amount” and have also developed Suter mainchain based on a fork of Substrate library.

We plan to launch Suter Chain 1.0 at the end of 2020, and expect to launch at least 2–3 applications on Suter Chain at the same time.

Q: Why is Suterusu the strongest black horse on the anonymous track in 2020?

A: A principal difference between Web 3.0 and the traditional Internet model is that user privacy is taken into consideration at the beginning of system design, which means that some cutting-edge cryptographic tools will become the cornerstone of the entire system at the beginning of system design. If Bitcoin is the front wave of the traditional Internet model, then the anonymous digital currency is the powerful back wave of Web 3.0 seeking the best balance of user privacy and policy transparency. With our original ZK-conSNARK technology and our laser focus on providing the best possible privacy-protection for both the mainstream cryptocurrencies and defi products, and the lowest inflation rate in the mainstream anonymous coins, Suterusu stands on the top of this wave.

Q: Why harmony need privacy features?

A: Harmony’s goal is to create a fair and decentralized economic infrastructure for the world.

How to make users free and fair? We believe that the first priority is to put user privacy in the first place, including the privacy of user identity and behavior.

We see too many real cases where users are not getting a fair shake because of all the labels attached to them. One is ONE, in the blockchain world, the identity of a user should not be directly related to skin color, region, etc. Everyone is a fair individual.

In real life, especially in the moment of big data, AI network, people have lost their privacy to control.

all are surviving under a magnifying glass of technology , we can only hope that those who have mastered the advanced technology , big chaebol, group etc, don’t be evil, don’t invade us via our privacy.

But is it possible? It was no doubt hoped that the tiger would let go of the elk and give him a way out.

Give up the illusion, that the only thing a tiger can do is spit out the bones of an elk and start looking for its next prey.

Only by truly protecting users’ privacy, can we achieve real fairness and freedom.

This is why harmony need privacy features.

Q: So why harmony choose Suteruse as partner?

A: We find Suteruse’s achievements in privacy protection and zero-knowledge proof, which Harmony needs.

Suterusu integration will add ZCash-level privacy to Harmony Protocol.

It integrates a state of the art trustless ZK-SNARK scheme with nearly constant size proofs, and efficient proof generation and verification.

Suterusu provides privacy protection for several major blockchains and dapps, such as BTC and ETH already. By establishing a privacy-preserving layer-2 protocol on top of Harmony blockchain, Suterusu will bring anonymous payment, confidential transactions to the Harmony network.

Through the corporation, a thoroughly transparent layer-2 privacy-preserving of Harmony will definitely facilitate Defi and other decentralized applications more smoothly.

We believe this kind of partnership will expand our ecosystem and enable better occupancy for confidential assets.

The future of privacy is already here but unevenly distributed.

Q: How is Harmony going and what’s the next step?

A: Harmony is a fast and secure blockchain for decentralized applications. Our production mainnet supports 4 shards of 1000 nodes, producing blocks in 8 seconds with finality.

Our Effective Proof-of-Stake (EPoS) reduces centralization while supporting stake delegation, reward compounding and double-sign slashing.

We have just launched our Staking mainnet, which enables true decentralization of sharding technology. All holders of ONE can vote by staking to determine the Validator of different shard. The expected return are now around 40%.

Ethereum’s short-term pains are scalability and security, which Harmony has solved with sharding and proof-of-stake.

The longterm value of open platforms is decentralization, which Harmony has committed to with thousands of nodes and open development.

Our next step is crossdi, open deverlopment, and auditable privacy.

you can find our plan at and

Harmony focuses on bridging high-growth economies in countries such as China and India, hence CrossFi for cross-border finance. Harmony remains an infrastructure layer; our local partners serve customers with country-specific products and compliance.


Q: Is there any difference between Harmony Solidity++ and Ethereum’s Solidity?

A: We will add more privacy features in Harmony Solidity++.

Q: What is meant by ZK-ConSNARK CryptoGraphic Algorithm, used by Suterusu project ? Can you explain in details about ZK-ConSNARK & how it works ?

A: The maximum throughput of a blockchain protocol is mainly determined by the maximum block size and average transaction size, which is further determined by the size of SNARK when it comes to a privacy-preserving blockchain protocol.

There are mainly two types of ZK-SNARK schemes used in the cryptocurrency space:

There are mainly two types of ZK-SNARK schemes:

– Zcash has a constant SNARK size but requires a trusted setup step, the compromise of which will allow the attacker to print infinite amounts of Zcash out of thin air without the possibility of being detected [12, 4].

– Setup-free cryptocurrency such as Monero, Grin, and Beam do not scale well due to their asymptotically larger SNARK size. Their proof size remains logarithmic even after adopting the very elegant Bulletproof technique [7].

We can literally “eat the cake and have it”. We see two routes moving forward to design ZK-ConSNARK schemes:

– The first possible direction is by combining probabilistically verifiable proofs with the recently-proposed efficient subvector commitment [8, 5] scheme over groups of unknown order. However, the prover, in this case, might have to perform redundant computation to guarantee the soundness of ZK-SNARK. On the other hand, when the statement of ZK-SNARK is as specific as a confidential transaction with range proof, this extra computational overhead might be acceptable. On the other hand, we are also working on a tailored design of confidential transaction by drawing inspiration from similar schemes based on the RSA group.

– We can also base our ZK-ConSNARK scheme on the recently-proposed Spartan scheme [11]. The Spartan is a succinct variant of the sum-check protocol, which is run with a low-degree polynomial encoding a circuit satisfiability instance. Their proof size is k×n^{−c}, where n is the size of the arithmetic circuit and k is a small constant.

It is possible to achieve almost constant SNARK size using the Spartan framework since our confidential payment scheme has a pretty simple statement for the underlying SNARK scheme and c can be chosen to be sufficiently large.

Since the core technical functionality of our system is an anonymous payment mechanism for smart contract platforms, applying the existing ZK-ConSNARK to our system is non-trivial. The interested user can check our yellow paper [Lin19] to find out how this can be done.

[Lin19] Dr. Lin. Suterusu Yellowpaper 1.0.

Q: Why your name SUTER??

A: Suterusu is Japanese for Stealth.

Q: Does $SUTER Have any plan launch their own mainnet?

A: We plan to launch Suter Chain 1.0 at the end of 2020.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store