Zeromatic protocol based on improved zero-knowledge proof system Bulletproof and Σ protocol with modifications. It's not “another mixer with zero-knowledge proof” and Trusted setup, like 99% smart-contracts based privacy projects. It’s not a mixer at all. It’s completely independent account-based private payment system with No trusted setup.
ZMATIC (zmatic.io) is wrapped MATIC (”proto-token” of polygon network) with unique features which allows you to become invisible for other users. You can wrap and unwrap MATIC <-> ZMATIC directly in ZMATIC contract (deposit/withdraw) or from our dApp. The unique feature of ZMATIC — its invisible from block explorers, trackers and analysis tools by default. There is no way to list all the token holders addresses from the contract because the mapping type is not enumerable. Users can wrap MATIC to ZMATIC and use “Hidden send” to become invisible. Block explorer will only show a blank. If you want to get plain MATIC back you can “unwrap” ZMATIC in any time 1:1. It’s impossible to figure out that the address 0x… has the balance of 1000 tokens for example other than inspecting all the transactions since that ZMATIC contract was created (not only the transactions to that contract but the transactions to all contracts). And for most users this privacy level is enough. I can buy my cap of tea =:)
Zpayments is next privacy level with strong cryptographic fundamentals. It's a private payment system, in which an Zeromatic Polygon smart contract maintains encrypted account balances. Users generate zaccounts (ElGamal ciphertexts, which encrypts the account’s balance under own public key). Each zaccount consists of public key address (starts from “zer0…”) and private key. Using private key user can restore account and balance anytime. Having credited funds to a zaccount, its owner can privately send these funds to other zaccounts, confidentially (transferred amounts are private) and anonymously (identities of transactors are private). Only the owner of each account’s secret key may spend its funds, and overdraws are impossible. To send funds, a user selects a ring containing himself and the recipient, and encrypts, under the ring’s respective keys, the amounts by which he intends to alter each account’s balance. The Zeromatic smart contract applies these adjustments homomorphically. Sender finally publishes a zero-knowledge proof which asserts that he knows his own secret key, that he owns enough to cover his deduction, that he deducted funds only from himself, and credited them only to receiver (and by the same amount he debited, no less); he of course also demonstrates that he did not alter those balances other than his own and receiver’s. These adjustment ciphertexts — opaque to any outside observer — conceal who sent funds to whom, and how much was sent.
In transfer transaction at zPayments dApp, user can enable Relay service to circumvent the “gas linkability” issue. In this case user don’t pay for Gas (but pay fee in shielded ZMATIC tokens). Transaction will be signed by miner from fresh wallet. In additional user can set decoys (additional participants), along with a random number. Proof generation and verification time being O(N*logN), and proof size O(N), where N is the size of the anonymity set.
We now compare Zeromatic to others. Zcash and Monero depend on the number of input and output UTXOs consumed and produced. It depend on the quantity of funds spent, whereas Zeromatic dont. And our transactions become smaller than Monero as soon the latter consumes 7 UTXOs or more. Our proving time is faster than Zcash’s so long as at least 2 Sapling notes are spent. It's also important that the security of "Trusted setup" is broken if the setup is subverted. Thats why we using mod. Bulletproof with Σ protocol, this mean Zpayments has no trusted setup.