Zcash is a new cryptocurrency, launched in 2016, with the mission of anonymous transactions. Zcash differs from Bitcoin in that transactions can’t be traced on the Zcash network. Instead, Zcash uses an identity masking protocol known as zk-SNARKs, meaning transactions are completely private and anonymous. While the Zcash blockchain includes some exciting new technologies in the world of cryptography, Zcash also has plenty of skeptics. In this article, we’ll look at Zcash’s advantages and drawbacks compared to other cryptocurrencies, and we’ll investigate Zcash’s future potential.
- 1 Who Started Zcash and Why?
- 2 Ensuring User Privacy through Zero Knowledge Proofs
- 3 Zk-SNARKs: Zcash’s Advanced Zero Knowledge Proofs
- 4 Why Lambda Must Be Private
- 5 The Importance of Fungibility for a Currency
- 6 The Zcash Blockchain
- 7 Zcash Funding
- 8 Security Concerns
- 9 Current State of Zcash
Who Started Zcash and Why?
The precursor to Zcash started when Zooko Wilcox began worrying about the privacy of Bitcoin transactions back in 2013. The problem, as Zooko saw it, was that Bitcoin didn’t provide privacy for its transactions. Bitcoin lists all transactions on a public blockchain. While you don’t have to give personally identifiable information in order to open a Bitcoin wallet, all the Bitcoin going to and coming from your wallet can be tracked. Looking at the web of transactions around your wallet, someone could potentially learn a lot about you and who you do business with.
Wilcox’s original idea in 2013 was called zerocoin. It was a place where Bitcoin users could deposit, combine, split, and withdraw Bitcoin into new wallets. This had the effect of obscuring where the transaction history of the coins.
After a while, however, the zerocoin team realized there was a demand for a truly private cryptocurrency. Working with cryptographers in the U.S. and Israel, the zerocoin team developed the zerocash protocol, a system for private transactions. On top of the zerocash protocol, they launched a new cryptocurrency called Zcash.
Ensuring User Privacy through Zero Knowledge Proofs
The zerocash protocol’s core functionality is the ability to conceal the sender and the recipient in a transaction. This is accomplished using something called a “zero knowledge proof,” an advanced piece of cryptography that allows Zcash miners to verify transactions without knowing anything about the transaction’s contents.
Zero knowledge proofs involve showing that a statement is true, without revealing the details of the statement. For instance, imagine Mary and Adam want to conduct a transaction on the network. The miners on the network will need to verify the transaction, so Mary and Adam use a proving key to protect the transaction information. For simplicity, let’s imagine their proving key is the number “17.” Here’s how the zero knowledge transaction would work:
- The miners need to verify the transaction, but they don’t know its contents, so they send Mary a code. For example, “22.”
- Mary adds 22 to her proving key (17), and she gets a total of 39. She sends 39 to Adam.
- Adam subtracts the proving key (17) from 39, and he finds 22. He then sends “22” to the verifier.
The verifier can clearly see that Mary and Adam share a proving key and have both authorized the transaction. However, the verifier doesn’t know the contents of the transaction. Of course, this is a simple example of a zero-knowledge proof meant to illustrate the idea.
Zcash uses much more complex cryptography to power its zero knowledge proofs. Zcash uses “proving keys” to verify a transaction. When Mary wants to post a new transaction, she uses a proving key to prove that she has the private key and necessary funds in a wallet for the transaction. The proving key is a cryptographic hash of the transaction amount, sender’s private wallet key, and recipient’s wallet address. The proving key is public, but it doesn’t give any information about the transaction. The recipient, Adam, simply scans the blockchain for transactions where his address has been included in order to detect incoming transactions.
Let’s look at the Zcash protocol in more detail..
Zk-SNARKs: Zcash’s Advanced Zero Knowledge Proofs
The breakthrough for the zerocash protocol was the creation of zk-SNARKs, a way of verifying a transaction without revealing any of the information inside that transaction. Zk-SNARKs take zero knowledge proofs to the next level, because they’re non-interactive. Using zk-SNARKs in our example above, Mary, Adam, and the verifier wouldn’t need to interact online in order to prove/verify the transaction.
Zk-SNARKs use three algorithms to verify transactions: Generator (G), Prover (P), and Verifier (V).
- The G algorithm generates publicly available keys. It uses a secret parameter called lambda (we’ll come back to lambda later in this article) to create these public keys for the prover and the verifier of the transaction based on private information (w) and a hash of the private information (H)
- The prover executes the P algorithm using the key generated in the G algorithm (above). Using the prover key (pk), a random variable (x), and the private contents of the transaction (w), the prover creates a proof that incorporates the three variables in a way the verifier can check. Proof = P(pk, x, w)
- The verifier now executes the final algorithm, “V.” It uses the proof from P (step 2), random variable “x” (Step 2), and the verifier key from G (step 1). The verifier algorithm checks those three pieces of information. If the prover’s private information (w) is valid, then V(vk, x, prf) would be True. If the prover’s private information (w) is invalid, then V would come back false.
Because verifiers don’t need to know the details of a transaction in order to know it’s true, the Zcash blockchain ledger doesn’t have to include identifiable information.
Why Lambda Must Be Private
The private parameter, lambda, is the keystone of the entire Zcash architecture. If someone knew lambda, that person could generate counterfeit proofs. This would undermine the entire Zcash system, as that person could submit fake transactions or counterfeit Zcash tokens.
The simplest way to take care of that problem was to create a public/private key pair. The public parameters on Zcash are built into the system and everyone can see them. These public parameters are a reflection of the original private key. In order to eliminate the possibility of fake transactions, the creators of Zcash destroyed the original private key after they launched the network.
The creation of Zcash involved a ceremony that compiled the public parameters behind the zk-SNARKs. Six different computers each compiled a part of the final algorithm. After putting the six parts together, the computers were wiped and physically destroyed (with a blowtorch). However, if the original ceremony was not fully destroyed or someone somehow recorded the ceremony, then the security of the entire network is in jeopardy.
The possibility that those computers were not fully destroyed or the original ceremony was somehow recorded is called “toxic waste.” Any byproducts of the original private key are considered part of the “toxic waste product.” The whole Zcash system relies on successfully containing and destroying that toxic waste.
The Importance of Fungibility for a Currency
Because Zcash isn’t linked to identifiable information about its previous owners, Zcash is more like the currencies we use today. You can own Zcash and know it’s valuable without needing to know who owned it before you.
This concept of money having inherent value regardless of its history is called fungibility, and it’s an incredibly important quality for a currency to have. The basic idea behind fungibility is that one person’s currency is just as good as another’s. Before accepting a coin, a store owner shouldn’t need to look up the history of the coin to see if it has been involved in shady transactions. The coin itself holds its value regardless of what it has been used for in the past.
Other cryptocurrencies have a fungibility problem. Certain users and institutions have used Bitcoin’s transaction history to decline some Bitcoin’s or users based on past transactions. Since you can’t look up a coin’s history on Zcash, it doesn’t have this problem. The ZEC token is fungible.
The Zcash Blockchain
The Zcash blockchain is very similar to the Bitcoin blockchain in terms of block creation and token issuance. The total coin supply will be 21 million tokens issued over 131 years, like Bitcoin. However, new blocks are created every 2.5 minutes (as opposed to Bitcoin’s 10 minute block time), and ZCash offers bigger block rewards.
Like Bitcoin, Zcash uses proof-of-work to power its blockchain, so mining is possible. However, Zcash also implements many of the same anti-ASIC provisions as Ethereum to prevent huge mining operations with upgraded computer hardware.
Zcash Funding & ICO
Zcash was established as a private company, not a nonprofit. While the developers insist this is the best way for the currency to develop and grow long-term, some voices in the community are skeptical of the decision to create a privately-held company. In 2016, Zcash raised $2 million in private funding to help with development before launch. Those investors received equity in the private company in exchange. The Zcash genesis block was mined on 28 October 2016, and Zcash has traded on most major cryptocurrency exchanges ever since.
To make money and sustain ongoing development, the company behind Zcash takes 10% of the mining reward for every block that is mined. Many in the community have also criticized that decision, calling it a tax on mining and discouraging miners from joining Zcash. Interestingly, despite being a private company, the leaders behind Zcash have decided to release the code behind Zcash as open source.
While Zcash’s use of zk-SNARKs and other advances in cryptography is cool and cutting edge, some experts wonder if the cutting edge algorithms are secure. Members of Bitcoin’s core development team have called the cryptography behind Zcash “highly experimental.” It’s entirely possible that a weakness exists in the Zcash infrastructure that could go undetected for a long time.
The basic problem is if you can find a way to crack Zcash’s zk-SNARK algorithm, then you can create transactions out of thin air. Since you don’t have to provide sender or receiver information in a zero knowledge proof, you could essentially create new coins and deposit them in your account as long as you figured out a way to fool the verifying nodes on the network.
As we discussed earlier, if someone was able to recreate the private key Lambda from the original ceremony, they could counterfeit Zcash. As such, you have to trust Zcash’s founders and believe that the original team of six computers that held the shards of the original SNARK parameters were destroyed completely. You also have to believe that the original ceremony wasn’t keylogged, screen captured, or videotaped.
Current State of Zcash
Currently, Zcash is nearly a year old, and its price sits around $220 USD per 1 ZEC. You can buy Zcash on most major cryptocurrency exchanges.
Zcash is far from the only privacy-centered coin on the market. The biggest Zcash competitor is Monero, a coin that uses a completely different set of cryptography to guarantee the privacy of transactions. It still remains to be seen which of these currencies will eventually win out as the preferred privacy coin.