The main intention of zero-knowledge proofs and its variant, zk-SNARK, is to make transactions private. In a plain transaction such as in Bitcoin, a transaction value is claimed with unspent outputs (UTXOs). Each UTXO is described by the public address of the owner and the value. Let's consider that Alice has 1 bitcoin, which is represented by UTXO₁:

UTXO1 = (PK1) 

PK₁ is the public key of Alice. A random number is also stored along with each UTXO, which is later used by Alice to maintain privacy:

UTXO1 = (PK1, r1) 

Let's now store the UTXOs in hashes for better privacy:

H1 = HASH (UTXO1) 

These hash values are stored on each node, even after they have been spent. So, to distinguish between spent and UTXOs, a separate ...