Binance uses zk-SNARKs for proof of solvency, but it made no difference: https://www.binance.com/en/blog/tech/how-zksnarks-improve-binances-proof-of-reserves-system-6654580406550811626
I like aut-ct, though I believe it has different use cases. In fact, I recently mentioned it in this thread: https://delvingbitcoin.org/t/proving-utxo-set-inclusion-in-zero-knowledge/1142/2
Yes, I did see (at least what's publically written) about Binance. It's not really either clear what you are saying (it didn't make a difference to what, precisely?), nor what the right choice is for each situation. A ZkSNARK nor a bulletproofs or other similar ZKP system won't be needed for the *assets* side of a proof of reserves, *if* you don't care about onchain privacy - which Binance doesn't; they just publish all the onchain addresses. While those systems can help a lot with the trickier proof of liabilities. If you do care about onchain privacy, these systems have tradeoffs; to get a bigger anon set on bitcoin than taproot, you have to address the hashing problem. The original Provisions protocol of Bunz completely sidestepped this problem; with zksnarks you *can* address it but it is quite, quite tough because you have to build multiple non-algebraic hash function circuits. The result is that at the very least, pre-processing takes horrendous amounts of time.
Also, thanks for the link to halseth's post, very interesting!
