What Is Zcash? The Privacy Coin Explained

In a satellite wherever our idiosyncratic information, interests and activities are being progressively tracked and documented, it’s small astonishment cryptocurrencies that connection users anonymity proceed to stay fashionable contempt efforts from regulators and exchanges to restrict their accessibility.

In a 2021 Big Brother Brands report, companies similar Uber and Meta (formerly Facebook) were recovered to harvest betwixt 56.41% and 79.49% of their users’ idiosyncratic information, respectively. If the arguable Meta-backed diem integer currency successfully launches to the masses (big IF,) Meta volition inevitably summation entree to its users’ transaction data. This means not lone volition the tech elephantine cognize who you are and what you like, but it volition besides cognize what you bargain and however overmuch you spend.

Zcash is 1 of the starring integer currency blockchains that looks to code this snowballing contented and seeks to instrumentality powerfulness and privateness to its users.

This nonfiction is portion of CoinDesk's Privacy Week series.

Zcash is simply a privacy-focused, blockchain-based payments web that uses zero-knowledge proofs (ZKPs) to shield transactions, making the contents of a transaction backstage adjacent connected a nationalist blockchain. Born retired of the Zerocash protocol, Zcash forked from the Bitcoin blockchain successful 2016. Its autochthonal token, zcash, uses the ticker awesome ZEC.

ZKPs are the merchandise of a cryptographic method that dates backmost to 1980. They let 2 parties to verify accusation with each different without sharing the underlying information related to this information. For example, you tin beryllium that you are implicit 21 years aged without having to uncover your existent day of commencement (or immoderate different extraneous accusation that immoderate forms of identification, similar your driver's license, mightiness contain).

The Electric Coin Company (ECC), which created Zcash, added Zero-Knowledge Succinct Non-Interactive Argument of Knowledge, oregon “zk-SNARKs” to the ZKP toolkit.

This cryptographic advancement fundamentally allows shielded Zcash transactions to beryllium afloat encrypted connected the blockchain portion inactive allowing the transaction to beryllium verified arsenic valid by the network's consensus.

With Zcash, determination are 2 types of addresses:

• Transparent addresses: Transactions with transparent addresses, oregon t-addresses, tin beryllium tracked connected the Zcash blockchain the aforesaid mode Bitcoin’s can.

• Shielded addresses: Shielded addresses, oregon z-addresses, are encrypted, meaning you aren’t capable to spot the information connected the blockchain truthful transactions sent to them aren’t visible, nor are the magnitude of funds z-addresses hold.

If a t-address sends funds to a z-address, observers won’t beryllium capable to archer wherever they went. If a z-address sends a transaction to different z-address the transaction is wholly shielded from prying eyes, offering 1 of the astir backstage and unafraid options connected the market.

Since its fork successful 2016, Zcash has continued to iterate connected the halfway services it offers and grow connected them. Some large improvements implicit the past mates of years see Halo, a “trustless recursive” mentation of ZKPs; the merchandise of an open-source, shielded-first, afloat functional Zcash wallet successful 2020; and the Heartwood Network Upgrade activation, besides successful 2020, which added Shielded Coinbase and FlyClient support.

Not to notation an summation successful organization enactment and the first-ever Zcash halving.

Zcash launched Halo successful 2019, a caller zk-SNARK that addressed 2 criticisms the privateness coin faced: scalability and trusted setups.

Zcash was launched with a trusted setup. A trusted setup creates a concealed number, and a derivative of that fig is utilized by the Zcash protocol. This fig is created successful aggregate parts by aggregate actors. They each indispensable past destruct what’s known arsenic “cryptographic toxic waste” without revealing what it was. A trusted setup would person had to hap astatine each hard fork.

But if nary 1 destroys that discarded done intentional planning, oregon if the concealed fig is figured out, past it would supply a cardinal flaw successful the protocol and adjacent let the individual(s) that discovered it to make Zcash tokens arbitrarily without anyone’s knowledge.

Halo eliminated the request for a trusted setup and the “cryptographic toxic discarded that went with it.

As CoinDesk Chief Content Officer Michael Casey wrote astatine the time of the Halo announcement:

“Halo allows a idiosyncratic to some beryllium that nary 1 progressive successful the archetypal constitution of a large-scale, zero-knowledge impervious strategy has created a concealed backdoor with which to aboriginal amend the codification and that that unafraid authorities has existed implicit the people of ongoing updates and changes to the system. Until present the hazard of fraud astatine setup meant that zero-knowledge proofs often required elaborate, costly procedures astatine the outset to instill assurance successful users.”

A trusted setup made zero-knowledge proofs, which are inactive reasonably nascent, bulky and somewhat impractical for actions different than proving one-off idiosyncratic facts.

“To beryllium sure, one-off trustless solutions known arsenic ‘bulletproofs’ person been astir since 2017, but they deficiency the recursive prime needed to verify the ever-accumulating accusation wrong a large, growing, changing database,” wrote Casey.

Halo improves connected ZKPs and allows them to compress immoderate magnitude of information into a abbreviated impervious that tin beryllium checked quickly, according to Steven Smith, manager of engineering astatine ECC. The removal of a trusted setup is simply a cardinal “step toward our Scalability 2021 initiative,” said Smith successful an email.

Halo 2, announced successful 2020, iterated connected Halo by utilizing PLONK, a caller z-SNARK, alternatively than “Sonic” to verify transactions. PLONK is much businesslike than Sonic, and would amended alteration further scaling of Zcash arsenic good arsenic determination it person to being capable to destruct a trusted setup.

At its heart, PLONK is an lawsuit of a impervious that tin verify itself, “allowing immoderate magnitude of computational effort and information to nutrient a abbreviated impervious that tin beryllium checked quickly,” according to the Halo 2 blog post.

In December 2019, Zcash started the improvement of its ECC Reference wallet, a airy lawsuit notation wallet that fto shielded transactions successful Sapling (an upgrade that enabled important ratio improvements for shielded transactions) enactment connected mobile devices. This notation wallet was a blueprint ECC hoped others would instrumentality up and physique upon, portion providing further feedback.

Then, successful June, ECC released an open-source, shielded-first, afloat functional Zcash wallet that showcases its bundle improvement kit (a postulation of bundle improvement tools successful 1 installable package) for objection and testing.

One extremity was “making definite astatine slightest 40% of the satellite could work and recognize the ECC notation wallet,” said Smith. With the assistance of the community, the app was translated from English into 5 languages: Simplified Chinese, Russian, Spanish, Italian and Korean.

“Additionally, and owed successful ample portion to the enactment connected our SDKs, Unstoppable became the archetypal multi-currency wallet to alteration shielded Zcash enactment connected iOS and Android,” said Smith.

In July 2020 ECC launched the Heartwood Network Upgrade activation, which added Shielded Coinbase and FlyClient support. Shielded Coinbase allowed Zcash users to person wholly shielded ZEC from its creation, expanding privateness further. It besides gave miners the enactment to get mining rewards issued instantly into a z-address. Luxor and Poolin, 2 mining pools that correspond astir 40% of Zcash mining hash power, person implemented shielded Coinbase.

FlyClient provides a much businesslike method for “light-client block-header verification” oregon verifying the blocks connected a blockchain, and could summation the inferior and marketplace for Zcash. FlyClient enables airy lawsuit use-cases and a people of cross-chain interoperability efforts similar tZEC, an Ethereum-compatible ZEC token.

Zcash underwent its archetypal halving astatine the process extremity of 2020, triggering a chopped successful miners’ artifact rewards from 6.25 ZEC to 3.125 ZEC, and launched the network’s 5th upgrade, Canopy, which did distant with the arguable “Founders Fund,” which immoderate members of the Zcash assemblage felt gave excessively overmuch ZEC tokens backmost to the founders.

Instead, 8% of mining rewards volition present beryllium allocated to the Major Grants Fund, managed by the Major Grants Review Committee (MGRC), which volition beryllium made up of a community-nominated five-member committee. The money volition substance improvement and adoption efforts, abstracted from the enactment being done by the ECC and Zcash Foundation.

ECC announced the adjacent suite of upgrades to Zcash – Halo Arc.

Halo Arc includes updates to Zcashd (Zcash’s statement node), an ECC wallet prototype and the ECC wallet bundle improvement kits (SDKs). The wallet volition alteration shielded-by-default transactions, thing that is simply optional for Zcash close now.

After a fig of delays, Halo Arc is acceptable to motorboat connected April 18, 2022, successful coordination with the activation of Zcash’s Network Upgrade 5 (NU5). NU5 volition beryllium the archetypal mainnet activation of the Halo proving system, furthering the improvement of zero-knowledge-proof cryptography.

The protocol upgrade volition besides present unified addresses, a diagnostic that creates a azygous Zcash code that is compatible crossed each Zcash worth pools, including shielded and transparent ones truthful that users nary longer person to juggle aggregate code types. At present, protocol upgrades astatine times required caller code formats.

Zcash has a fewer challenges to overcome.

“Like with each cryptocurrencies, determination could beryllium vulnerabilities oregon issues that we’re unaware of,” said Josh Swihart, VP of Growth astatine ECC. “Though the likelihood of an exploit is probabilistically nil, for some, Zcash’s trusted setup is simply a risk.”

The anticipation is simply a larger implementation of Halo 2 successful 2022 volition beryllium capable to bash distant with trusted setups and destruct the “toxic waste” that is simply a byproduct of them.

“Zcash volition besides request amended scalability if it is to beryllium utilized for planetary payments by billions of people,” said Swihart.

Finally, determination is the delisting of privateness coins specified arsenic Zcash from immoderate exchanges that could proceed to beryllium an issue. Core privateness features built into protocols similar Zcash and Monero person caused interest among regulators and policymakers owed to their quality to conceal illicit activity. Cryptocurrency exchanges Shapeshift and BitMEX are among those that person delisted ZEC (as good arsenic XMR and DASH), allegedly owed to regulatory pressure. At the aforesaid clip though, successful September 2020, cryptocurrency speech Gemini was the archetypal speech to allow users to retreat Zcash with its anonymizing feature.

“Since the merchandise successful September, 11.8% of Zcash withdrawals connected Gemini were sent to shielded addresses,” read Electric Coin Company’s 2020 recap of Zcash.

“In presumption of what we haven’t progressed connected arsenic accelerated arsenic we would person liked, we had hoped to person made much advancement connected shielded hardware wallet support,” said Smith.

Zcash’s Halo and Halo 2 developments connection the champion accidental for the privateness coin to code immoderate of its astir salient criticisms. But the imaginable for privateness coins to beryllium delisted by exchanges doesn’t look to beryllium decreasing and looks to beryllium an ongoing wood to navigate. But erstwhile it comes to privateness coins, and erstwhile contenders similar Dash who person each but abandoned the statement and protections, Zcash is squarely successful the speech of the apical privateness coins and volition proceed to march up arsenic such.

On Nov. 19, 2021, ECC announced plans to migrate Zcash distant from its proof-of-work statement mechanics based connected the equihash algorithm to a much energy-efficient and interoperable staking-based system.

The CEO of ECC, Zooko Wilcox-O'Hearn, floated the thought of specified a modulation successful a blog post earlier that year, citing the alteration would “[eliminate] the downward unit connected the terms of ZEC and [add] further inferior for ZEC.” He was referring to the existent concern wherever Zcash miners are forced to merchantability an magnitude of the coins they excavation to screen moving costs, serving to suppress the terms of ZEC.

Furthermore, staking would supply further inferior and let much users to enactment successful validating transactions connected the web successful speech for rewards. Not to mention, the important energy-reducing benefits of switching to PoS would marque Zcash a much environmentally affable task than it presently is.

No circumstantial day has been fixed for the rollout of this transition, though ECC stated it is expected to hap sometime wrong the adjacent 3 years.