Everything You Need to Know About the Upcoming Zcash Sapling Upgrade: Why It’s So Important and Who’s Activating It

INSIDE: How Zcash’s new upgrade Sapling, set to activate in late October 2018, promises to deliver the most innovative, exciting, and groundbreaking advancements in blockchain privacy technology…and which projects are activating the fork

Coming October 28, 2018

Briefly About Zcash

Zcash is the world’s first widespread cryptocurrency utilizing zk-SNARKS, a “zero knowledge” cryptography, with the capability of verifying encrypted transactions without needing to know anything identifiable about the information in the transaction (such as amount, memo, etc). Other cryptocurrencies such as Bitcoin rely on transparency of transactions for verification.

Zcash accomplishes this cryptography verification using a process that performs the computations without needing to know the information upon which the computations are being performed and without needing to verify the transaction using any information contained within. This means total privacy for the user.

zk-SNARKs: It’s Forking Privacy

I won’t go into a detailed explanation of zk-SNARKs in this post however you can read up on Zcash’s website for more interesting information. Put simply, the “zero knowledge” process in which the blockchain can verify encrypted transactions…knowing nothing about the information…is done via these zk-SNARK proofs. In a zk-SNARK proof, the “prover” can convince the “verifier” that the number in the transaction exists and that they know the number, without ever revealing to the verifier the number or any information about the number.

This privacy within Zcash applies only to what are called “Shielded Transactions” which involve a different type of wallet address, called a z-address. Zcash is also capable of traditional “Transparent Transactions” and up to the present this is the “default” method in which transactions are performed.

When a transaction is Shielded, Zcash constructs zk-SNARKs using computational power of the system on which the transaction is being performed. It’s a resource heavy and slow process. The result is a proved and verified transaction that is fully encrypted, resulting in privacy and anonymity.

This privacy extends to all forks of Zcash. Being an open source project means Zcash can be forked and other projects can create blockchains which have “inherited” the same privacy features designed and developed by Zcash. Many projects exist and are building and thriving today as a result, having forked either Zcash or a fork of Zcash.

This latest upgrade, code-named Sapling, has many features but particularly with regards to zk-SNARKs and the process by which Shielded Transactions are created, processed, etc. It is by far the most revolutionary upgrade to arrive not only for Zcash but for blockchain as we know it and in this post I’d like to explore why it’s so important and what projects are activating it.

A Sapling Appears

Sapling is the result of the Zcash team looking for ways to speed up this process of shielding transactions, the zk-SNARKs or generating of proofs, which occurs when utilizing the privacy features of Zcash. In addition, the team wanted to improve the “parameter generation ceremony” (with a fork of Zcash it’s necessary to start with new public parameters and therefore another ceremony for generating this to protect against counterfeiting) and to improve the security of the elliptic curves and other features, which are necessary for zk-SNARKS to function properly.

What began as a pet project has blossomed into the biggest and arguably the most important upgrade for Zcash and within the cryptocurrency privacy space in general.

As the developments within Zcash took form, the team also wanted to make many other improvements, fixes and introduce some interesting features…all of which have come together in this upgrade. In preparation of this massive event the Zcash team also carried out another ceremony to mitigate the risk of counterfeiting, working to improve on the previous original ceremony.

Because other projects are able to fork off Zcash, this new upgrade is able to be adopted by Zcash-forked projects as well. Presently I’m aware of just one other project besides Zcash, called Verus, which will activate Sapling in conjunction with Zcash, but more on that later.

What Sapling Brings & Why it Matters

Sapling is a massive improvement to Zcash and any Zcash fork who activates it, with incredible fundamental changes that improve efficiency, security and privacy for users.

Faster Shielded Transactions

The primary purpose of Sapling is to improve the efficiency of constructing zk-SNARKS, these Zero Knowledge Proofs necessary in performing the privacy functionality which sets Zcash and forked projects apart.

Presently, for a fast computer with decent memory and resources, it can take up to several minutes to construct the Zero Knowledge Proofs…the zk-SNARKS. It’s a highly intensive computational process and requires quite a bit of RAM, often over 3GB, to perform a single shielded transaction in generating the zk-SNARKS.

Shielding a TX in <1 second

With Sapling this time will be reduced exponentially, to just a few seconds in time…even as fast as under 1 second.

This speed improvement comes at no cost to privacy, making Zcash capable of complete privacy and anonymity at performance comparable to other transparent non-encrypted blockchains.

Resource Friendly, Performance Improved

Not only is the process faster, the team have improved how it uses system resources such as RAM. With Sapling zk-SNARKS can be constructed and a shielded transaction performed with as little as 40MB of RAM utilization.

Shielding a TX with 40MB RAM

Dropping from >3GB, this is one of the most outstanding performance upgrades and truly revolutionizes Shielded Transactions and what is now possible.

First Ever: Mobile-Capable Privacy

For the average user, this means it’s now possible to perform shielded transactions on a mobile device or a very low-resource computer. Mobile wallet providers and Exchanges, for example, will be able to implement full support of shielded addresses and transactions as a result.

Having the capability to implement Shielded Transactions into mobile wallets is groundbreaking. Making this complex computation of proving accessible to mobile devices means a fully native zk-SNARKS encrypted cryptocurrency is now entirely possible.

First Ever: IoT-Ready Privacy

zk-SNARK performance at this level also presents the opportunity of shielded transactions within the IoT industry and using IoT hardware. Devices such as newer 64bit Raspberry Pi will be able to perform Zcash shielded transactions, bringing total privacy to IoT blockchain implementations.

Not only does this present solutions for many of IoT Blockchain challenges, particularly surrounding security, it opens the door for countless encrypted privacy-based IoT Blockchain opportunities. Not only for IoT development projects, with zk-SNARKS fully capable on limited resource IoT devices, adoption within enterprises and governments is right around the corner.

Separating the Keys

One of the important changes Sapling introduces is how Zcash will handle keys, such as proving and spending. With Sprout, the original release of Zcash, both the Spending key (the key used to sign a transaction) and the Proving key (the key used to perform complex zk-SNARK computations) must be on the same device for a Shielded Transaction to be achieved. Sapling changes this.

Securing the Spending Key

In Sapling keys for shielded transactions are split up, the spending key used for signing transactions is separate from the proving key. This allows the spending key to be kept on a trusted, secure device and only used to sign a transaction and generate the proving key.

The spending key requires only basic computational power and never needs to be exposed to any non-trusted environment.

Untrusting the Proving Key

The proving key is where the heavier computational lifting comes into play and separating this from the Spending Key allows the Proving Key to be in an untrusted environment without consequence. Meanwhile, with Sapling this computational overhead has been reduced significantly making it possible for small computing devices, such as smart phones, IoT devices, etc., to construct the zk-SNARKS with ease, where previously impossible.

Offline Security: Hardware Wallet-Capable z-addresses

What this separation means for the everyday user is that hardware wallets can now fully support shielded addresses (z-addresses) in which the hardware wallet contains the spending key alone, while the connected computer/device uses the generated proving key to construct the proof.

Scalability: Outsourcing Complex zk-SNARKS Computing

This will also give enterprises the freedom to perform the light-weight signing step using the spending key in a trusted environment, while placing the burden of constructing zk-SNARKS and proving the tx on a device that does not need to be trusted. This allows companies the ability to outsource the “heavy lifting” of constructing the proof for each transaction…which, while it is highly improved, can add up when hundreds or thousands of transactions are being processed in a short amount of time.

We are talking about making truly encrypted, shielded transactions securely and infinitely scalable. This is one of the most innovative improvements that presents unlimited opportunities for blockchain growth, adoption, and expansion.

Viewing Key Improvements

Another improvement coming to keys in Sapling has to do with visibility in regards to Viewing Keys. Before Sapling the holder of an incoming viewing key for a shielded address was able to see the value of all incoming transactions and the memo field, but not the sending address.

View Outgoing

Sapling expands viewing key capabilities to allow visibility of outgoing transactions for a shielded address. The holder of the viewing key would be able to see the transaction value, memo field and the target address.

These viewing keys allow the shielded address owner the ability to view transaction details without exposing their private spending key. A viewing key could then be shared with a trusted third party without compromising security.

Privacy + Auditing

This is an important advancement for the adoption of a privacy coin by organizations who require compliance and auditing, or for other similar situations which may necessitate the viewing of outgoing transaction values, memos or receive addresses. The privacy of the transaction is maintained on the blockchain while allowing for such auditing by trusted parties.

Better Addresses, More Efficient Wallets

Sapling introduces a new format for z-addresses which are shorter and begin with “zs” instead of “zc”. Any transaction made to a “zs” address after Sapling has activated will be performed with the new features, settings and advantages of Sapling. “zc” addresses will still work after the upgrade, eventually to be deprecated in favor of the zs format, but will not be processed with the Sapling features.

“Lite” Address Generation

In addition to this new format, Sapling brings the capability of generating trillions of these new z-addresses without any computational cost or overhead, making for more efficient wallets. This has not been possible in Sprout.

The use-case for this capability is widespread and obvious, making it easy for large enterprises, Exchanges, IoT, Mobile wallets, and more to adopt fully shielded wallets and addresses in advance or on the fly.

Who‘s Activating Sapling

Zcash

Of course Zcash is activating Sapling. Two years after the launch of Zcash Genesis block (Oct 28 2016), on October 28 of this year (2018) Sapling will activate on the Zcash blockchain at block 419200.

You can see the countdown here.

In preparation of the big day, Zcash has released Version 2.0.0 for all nodes to upgrade to and has a series of really insightful videos and posts on their blog. You can read more and check out the videos here.

VerusCoin

Adopting and activating Sapling is no small undertaking. So it’s a little more than impressive to find another project fully activating this upgrade. The coding involved, the prep work, the tireless hours from developers to have everything in place in time, truly demonstrates strength in development and vision.

Verus is a Komodo-Zcash fork which combines PoW and PoS in a 50/50 split, is truly and competitively CPU minable (equalizing GPU mining using VerusHash), is stakable, and implements dPoW by Komodo.

Founded by the architect of .NET and previous VP at Microsoft, Michael J Toutonghi who is also lead developer, Verus is one of those few truly development-focused projects with some very exciting and revolutionary advancements of their own.

Forward thinking project VerusCoin is activating Sapling in tandem with Zcash. Quickly becoming innovation leaders in blockchain, Verus is creating PBaaS (Public Blockchain as a Service), a very unique spin on BaaS in which miners and stakers of Verus will be provisioning these services and being paid for their decentralized participation. This completely decentralizes BaaS.

Another impressive innovation Verus is developing in cooperation with Komodo is “Verus Interchain Meta-contracts” which are built on the Komodo “custom consensus framework”, a system which enables each blockchain to have its own associated consensus rules, functions and processing, and to leverage services on other chains through cross-chain transactions.

Komodo will spotlight VerusCoin in an upcoming AMA this Monday, September 24. You can also learn more about Verus at https://veruscoin.io where I encourage you to read the Vision Paper…what they are creating and developing is quite interesting and exciting.

Verus will activate Sapling on October 30, 2018 at VerusCoin block 227520 (each Verus block is ~1 min). Verus will be implementing the full feature set of Sapling on their blockchain, as well as some additional features and improvements Michael and other Verus community members are developing.

An update will be released within 2 to 3 weeks which will include the Sapling code upgrade, ready to be activated on schedule, so keep an eye out on Discord in their Announcements channel.

You can follow the progress of Verus and see software updates by visiting their website and joining their Discord, and be sure to check out this handy-dandy Pocket Guide to Verus:

VoteCoin

Project VoteCoin is a project for online, blockchain stored, polls and voting. Using Zcash shielded address technology, poll results and voter identity is kept securely private.

VoteCoin will activate Sapling, at the same time as Zcash as well, at VoteCoin block height 245555. After Sapling is activated, the next release of the VoteCoin GUI wallet will generate Sapling addresses by default and all users will be encouraged to stop using Sprout addresses altogether. The project will also proceed to begin using Sapling addresses and all the benefits therein, for creating polls.

Find out more about VoteCoin at their official site, https://www.votecoin.site

Final Thoughts

Of course any project running a Zcash fork can choose to bring the Sapling upgrade into their blockchain and I’m guessing there will be more who choose to do so. This is such an important upgrade and technological advancement to Privacy and zk-SNARKS, it’s really a no-brainer to activate.

A Fully Shielded, Private-by-default Blockchain

With these advancements in Sapling having a privacy coin capable of performance, speed, secured auditing, secure and flexible wallets, etc, competitive with transparent blockchains such as Bitcoin, having a fully shielded blockchain is a reality. Zcash plans on moving in the direction of eventually doing away with Transparent Transactions altogether and Sapling makes this possible.

Sapling has the feature set to completely revamp modern blockchain privacy from small scale user to user interaction, all the way to enterprise implementation and adoption.


About the Author

John Westbrook is a blockchain consultant, developer and general cryptocurrency nerd.