What is ZCash exactly? You will probably have heard a great deal about the cryptocurrency and its supposed privacy benefits.
However, when you dug deeper into the technology, you were greeted with a whole host of complicated concepts. This is indeed the case as ZCash does borrow some highly advanced cryptographical theories.
We will try and explain exactly what ZCash is and how the underlying technology is able to make it one of the premier privacy coins.
But before we jump into the wonderful world of zk-SNARKs and shielded transactions, let’s take a step back and look at general privacy on the blockchain.
While Bitcoin is premier cryptocurrency among the community, there are a number of shortcomings that are now only being realise by the broader community. One of the chief drawbacks of Bitcoin is the fact that transactions are not private.
This was in fact a feature and not a flaw.
The Bitcoin blockchain was designed to be public so that any of the nodes on the network could independently verify the true state of the network. This transparent and immutable blockchain was what gave people confidence to use this trust-less setup.
However, as technology has progressed, so has the ability to study and audit these blockchains. Companies and government agencies are now pretty capable of tracing transactions and ultimately identifying owners.
Agree. Zcash’s privacy tech makes it the most interesting Bitcoin alternative. Bitcoin is great, but “if it’s not private, it’s not safe.” https://t.co/HqwQOvSCiz
— Edward Snowden (@Snowden) September 28, 2017
While they may claim that this is in order to track down criminals, many are suspicious of their motives. Cryptocurrency was meant to be about privacy and if a government can track hardened criminals, what makes you think that they cannot track you?
This just shows the ever-pressing need for privacy coins in the current ecosystem. There were a number of these privacy coins that set out to solve this transparency and trust-less conundrum, and one of them was Zcash.
ZCash is actually a fork of Bitcoin that occurred in October of 2016.
Much like Bitcoin, it is a decentralised peer-to-peer electronic cash. It also a hard limit of 21m coins hard-coded into its protocol. However, this is where the similarities end.
ZCash was developed specifically to have anonymous transactions that are private and fungible. It was forked from Bitcoin by Zooko Wilcox who wanted to create a private cryptocurrency. It was originally called ZeroCoin until being renamed.
So how does ZCash get around the dilemma of verifiability vs. privacy?
They are able to this through the use of their revolutionary zk-SNARK protocol. This was developed for the ZCash protocol and they are able to prove that a transaction is valid without publicly exposing the inputs / outputs.
What this technology has enabled is a transaction that is able to completely hide the wallet address of both the sender and the receiver. They also hide the amount that was transacted and the only piece of information that is stored is the timestamp (date and time).
There is one key thing to take not of though. Although ZCash is “private”, it is optionally private. This means that users will have to opt into the privacy transactions. We will cover this in more detail below.
In order to take a deeper look at how the ZCash transaction works, you have to have a basic idea of how a simple Bitcoin transaction works.
If Alice sends Bob 1 BTC, then she will use her private key to sign a transaction sending the 1 BTC. This transaction will be sent to the Bitcoin network and the miners on the network will place it within their blocks.
Once the block has been propagated, then the transaction can be confirmed. This means that the Blockchain is updated and it is stored immutably in time.
How does the ZCash private transaction differ from this?
Well, in this case, Bob will have to give Alice his private z-addr (as opposed to his transparent t-addr). If both of the parties to this transaction use their z-addr then all of the transaction details would be private.
Essentially, what is occurring is that the Zcash protocol is shielding the inputs and outputs of the transaction and hence making sure that no information is made public to the blockchain.
In order to verify that someone does indeed have the authority (private keys) to spend an amount of ZCash, the protocol makes use of the zk-SNARKs. These allow for the transaction metadata to be encrypted and the zk-SNARKS are used to verify that nobody is cheating or stealing.
zk-SNARKs are based on a complicated cryptographic principle called “Zero Knowledge Proofs”. These proofs are essentially used in order to verify that someone has a secret without revealing said secret.
We won’t go into too much detail here but we have previously covered Zero knowledge proofs and zk-SNARKs if you would like more information.
As mentioned, Zcash was founded by Zooko Wilcox. Zooko has an extensive background is cryptography, decentralised systems and other tech-based start-ups. For example, he has worked on Digicash, Mojo Nation and BLAKE2 among others.
The rest of the team is comprised of numerous engineers and advisors. They are professors and faculty members from prestigious universities such as UC Berkeley, MIT, and John Hopkins university.
Although ZCash is an open source project, the team works for a registered company the drives the development. This is the ZeroCoin Electronic Company or ZECC.
Despite the strong team behind ZCash, there is also some star power in the way of their advisors. Some of the biggest backers of the ZCash project are individuals such as Barry Silbert, Erik Voorhees and Roger Ver.
ZCash is a proof-of-work blockchain. This means that they are mined much like Bitcoin by using raw processing power. Miners will use hashing functions to solve complicated mathematical problems and hence earn the block reward.
While Bitcoin uses the SHA256 hashing function, ZCash has chosen to use the Equihash function. Both of the coins have a total mineable supply of over 21m coins. However, it is much easier to mine ZCash these days than it is to mine Bitcoin.
In fact, up until very recently ZCash was still mineable with your regular GPUs. It was only when Bitmain began developing the Antminer Z9 that mining ZEC competitively began impossible.
Unlike a number of other cryptocurrency projects, ZCash did not carry out an ICO. Instead they opted for a different incentive mechanism for the founders. This is through what is termed the “Founder’s reward”.
This founders reward is 10% of all mining rewards for 4 years since inception. It is split according to the breakdown given above. This will be given to the founders, investors and advisors over a 4 year period in incremental steps.
If one were to calculate this, it equates to a total of 2.1m ZEC being given to the founders over a period of 10 years. This “tax on mining” is not without contention though and is a reason for a number of forks have occurred on the ZCash chain.
Once the 4-year period has passed in 2020, the coins will be mined much like any other PoW coin with the miners getting all of the rewards. The block reward on the ZCash blockchain will halve every 4 year. As more coins are mined and we approach the supply cap, difficulty will increase.
As you can see in the above graph, the founders will be awarded the 2.1m coins and the supply will grow logistically. Based on these projections, we are expected to reach the 21m ZEC cap in 2032.
While ZCash is supposed to be entirely private, there are ways for people to verify exactly how much money has been sent to the private addresses. This is through the use of the view keys and the memos.
If someone has their hands on your “View Key” then they can un-shield your shielded transactions. When looking at your transaction data through the view key, not only can they tell how much was spent but they can also see who the recipients were of it.
There is also something called the “memo field”.
This memo field will contain information that is available only to the recipient of the transaction. This memo field can carry financial data that could be sent to other financial institutions should they be required to by law.
The ZCash creators hoped that this could increase adoption for ZCash among government regulated bodies. However, it can be a double-edged sword for those who are concerned about their transaction metadata being anywhere.
Just when you thought that terms related to ZCash could not get that much weirder, they introduced the notion of “Toxic waste” and a “ceremony”.
While these are indeed quite interesting terms for a cryptocurrency to incorporate, they are pivotal concepts to the creation of the ZCash protocol. This is because of the part they play in preventing the counterfeiting of ZEC.
Counterfeiting was a major concern that many people had in initial release of ZCash. This is because of the need of the SNARK public parameters for the creation and verifications of the zero-knowledge proofs.
Essentially, in order to get these SNARK public parameters, you need the public and private key pairs. Once this has been done, the creators will destroy the private key and retain the public counterpart.
However, what happens if someone does not destroy that private key?
Well, with this private key, the holder can essentially create completely fake and counterfeit ZEC. Moreover, no one can even spot that they are counterfeit. This would ordinarily not be a problem with a public blockchain such as Bitcoin etc. However, with ZCash, no one can actually confirm that it is not happening.
So clearly this is a problem for the ZCash ecosystem and with this we get the concept of the “toxic waste”. As described by Wilcox :
We call the private key “the toxic waste”, and our protocol is designed to ensure that the toxic waste never comes into existence at all
So in order to prevent this toxic waste from ever coming into existence, the team at ZCash need to make sure that they keep all of the components of the private key separate and destroyed separately. They need to make absolutely certain that the various different private key pieces do not combine to form the toxic waste.
So how do they get around this?
They create numerous different pieces of the public key with a private / public key combination in isolated environments. These are called the “shards” and the objective is to combine these public key shards to create the SNARK public parameter without ever allowing the private key shards to combine.
This is where the “ZCash ceremony” comes in.
This was essentially an event that was held with the express purpose of destroying all of the private key shards individually in different parts of the world. The purpose of this was to eliminate any chances that the private keys could ever combine and create that “toxic waste”.
The logic is that if all but one of the pieces of private key shards combined, you still would not have the actual private key to compromise the system. This was supposed to add numerous layers of comfort to those in the ZCash community.
The Ceremony was actually quite well documented and there was a great deal of press that was created around it. We have previously gone in depth into the ZCash ceremony should you want more information on the event.
While ZCash is no doubt one of the most advanced privacy coins on the market, it does have its fair share of skeptics. There are a few things that people inside and outside of the community take issue with.
One of the most pressing is the “optional” privacy of the transactions.
Essentially, this creates an unfortunate situation where the use of a transparent address by one person can compromise the supposed privacy of another. This is because the private transactions to the z-addr could be viewed suspiciously by outsiders.
Moreover, there is a possibility of conducting what is called “traffic analysis”. For example, if you send 4.89 ZEC into a shielded address and then immediately send 4.89 ZEC out to a non-shielded address, someone can link the latter transaction to the former. This is shown below.
In fact, the optional privacy conundrum was a problem that other privacy coins had faced. Monero (XMR), a chief rival to ZCash, decided to make all of their transactions mandatory with privacy.
“Nothing can help you”
Bullshit. Making shielded txs mandatory – as Monero did – makes that traffic analysis impossible.
Don’t believe me? Just look at a Monero block explorer. No values to be seen at all. https://t.co/O0gtZLe62b
— Peter Todd (@peterktodd) December 5, 2017
Hence, if someone sends transactions with Monero, they are automatically enabled as private. The benefit of this is that it ensures that the sloppiness of one user does not impact on the privacy of another.
While the ZCash ceremony was no doubt an impressive endeavor to secure the ecosystem, there is still a large number of people who express doubts about it.
This is mainly based on the notion that it is a “trusted setup”. You would have to trust that not only was there no compromise prior to the pieces being broken into the shards but also that there was no collusion between the parties prior to the ceremony.
This seems like a lot of trust that one would have to place in the hands of other people. Some people view it as an incentive-based mechanism and are willing to trust it. Yet, if you have hundreds of thousands of dollars in ZEC then you may be less trusting.
While this is not really a security concern, it has been a concern by many in the community especially the miners. The notion that a group of investors could have the claims to 2.1m ZEC is unpalatable to some.
These ZEC ware paid from mining returns so essentially, they are paying these founders for their initial investment. There are also concerns that the control by this group of founders of 10% of nearly all the supply is too centralised.
Indeed, the founder’s fund was one of the main reasons that ZCash code was forked away from the main chain by a project called Zclassic.
As most successful cryptocurrencies will experience, there will inevitably be developers who will want to fork the code and start working on a separate coin. This is what happened with ZCash and ZClassic.
The main developer behind ZClassic, Rhett Creighton, decided to remove 22 lines of code from the ZCash codebase and launch a new forked coin. This happened on the 23 May 2017. According to the ZClassic whitepaper:
The mission of Zclassic is to stay as similar to Zcash from a technology perspective, but to never take any pre-mine, founder’s reward or any other kind of fee that goes to a small group of individuals with special permissions whether elected, appointed, or otherwise.
So it is clear that this was done because he disapproved of the founder’s fund and any other sort of centralisation and pre-mine that had occurred.
He also took issue with the slow mining start that was applied to the ZCash blockchain in the first 30 days of the project. He claimed was an intentional throttling of ZEC supply in order to create scarcity. This was also removed from the ZClassic code.
While ZClassic was perhaps one of the better known ZCash forks from the original chain, there were other projects which subsequently forked from ZClassic. This would therefore of made them a fork of a ZCash fork.
For example, you had ZenCash (ZEN) which forked from ZClassic on the 23rd of May 2017. They wanted to use the ZCash code but also wanted to release a coin that did not include the founder’s fund.
Then, you also have the controversial Bitcoin Private (BTCP). This was “fork-merge” between ZClassic and Bitcoin that took place on the 28th of February of 2018. The stated aims of the project were to make a private version of Bitcoin.
It is important to note though that any of the forks of ZCash still rely on the complete trust in the trusted setup that created the ZCash blockchain. Hence, if you are skeptical of this then these forks could also provide you with the same concerns.
ZCash is in the top 50 cryptocurrencies by Market Capitalisation. At prices at the time of this post, it is currently sitting at number 21 in terms of Coinmarketcap rankings.
ZCash is quite a liquid cryptocoin and is listed on a number of exchanges. For example, you can buy it at HitBTC, Huobi and the Binance Exchange. These are, however, crypto only exchanges which means that you will have to buy Bitcoin with your Fiat on some other exchange.
If you were feeling a bit more adventurous and wanted to try and trade ZCash futures then you could trade on the BitMEX exchange. They have standard ZEC futures as well as the perpetual kind.
Once you have got your ZCash and are looking for a place to store it, then there are a number of ZEC wallets that you can use. We have a complete list of the best ZCash wallets in a separate piece.
While ZCash itself is a really interesting project, it the underlying technology of zk-SNARKs that has a lot of people in the cryptocurrency community quite excited.
For example, Etheruem is trying to integrate zk-SNARKs into their own protocol as part of their Metropolis upgrade. They are also considering entering into an alliance with ZCash which will include a mutual exchange of value.
This partnership creates the possibility of developers being able to code privacy enabled smart contracts and decentralised applications (dApps). For example, if Ethereum is to add a zk-SNARK pre-compiler on its chain then these dApps can be built on the Ethereum blockchain.
There is also work that is being done on improvements to the zk-SNARK technology itself. One such initiative is the creation of what is called “zk-STARKs”. This technology is still in the initial stages of research but many in the ecosystem are quite enthusiastic about it.
This is because zk-STARK technology could overcome the reliance on the master public key that is used in the zk-SNARKs set up. As we have mentioned, this is one of the bones of contention with the trusted setup.
It will indeed be quite interesting to see how the development of zk-STARK technology progresses. It is also being keenly watched by other projects including Ethereum.
There is no doubt that ZCash is one of the most advanced cryptocurrencies on the market. It’s use of the latest cryptographic principles and technology makes it quite a contender for the privacy coin market.
While there are some concerns about particular aspects of the technology, the ZCash team is aware of them and actively working on improvements. One must not forget that the technology is so new that there will inevitably be doubts from one corner or the other.
However, one thing that is clear is that public blockchains with transparent transactions are no longer as private as one thinks. In the age of increasing surveillance and sophisticated cyber threats, privacy coins are likely to gather that much more adoption.
Whether they choose Monero, ZCash or any privacy coin, the end result is an advancement for financial privacy.
Featured Image via Fotolia