Open in app

Sign in

Write

Sign in

ZCash as a Technology: Privacy Challenges

Applicature
Applicature
Published in
9 min readDec 19, 2018

Very few can doubt the brilliance of blockchain technology and Bitcoin, the world’s first cryptocurrency. Blockchain offers loads of solutions for improving workflow for both big businesses and startups. However, even though it makes the work process more transparent, less costly, and less trust-based, not everyone can use it to their favor due to the confidentiality policy. Applicature will share how ZCash solves this issue.

From Protocol to Platform

The Zerocoin technology was created by cryptographists from several universities: Johns Hopkins University, Massachusetts Institute of Technology, Technion — Israel Institute of Technology, and Tel Aviv University. Initially, ZeroCash was meant to be a protocol that allowed encrypted transactions to take place on the Bitcoin blockchain. Later, in 2016, the concept changed, and there appeared a new cryptocurrency which was built on Bitcoin Core software, ensuring transaction anonymity with zk-SNARKS technology.

Zooko Wilcox, head of the ZCash project, and his team decided not to go for an ICO. Instead, they took money from private investors to start developing the project. The platform went active on October 28, 2016, and it didn’t take users much time to realize that because of the private investors’ sponsorship, 20 percent of the mined coins would be going to the sponsors’ wallets for the next four years. This part of the ZCash code was written in order to ensure that money invested in the project would be paid off. However, it meant that the founders would own 10 percent of the coins on the platform. Of course, a majority of the community didn’t like this type of business approach, but as we all know, nobody wants to work for free.

Outraged at the fact that the founders would be getting a reward for each mined coin, users carried out a hard fork, which gave rise to a new cryptocurrency: Zclassic. The main peculiarity of the ZCash fork was that it didn’t have a founder’s tax. However, Zclassic is now an abandoned cryptocurrency, with no team to develop it.

As a result, ZCash became the first and remains the biggest platform for anonymous money transfers.

Similarity to Bitcoin

Initially, ZCash was just a technology enabling private transactions on the blockchain. Since it grew as a separate blockchain, the only difference between ZCash and Bitcoin has been that Bitcoin transactions are completely transparent; all other features are pretty similar. Let’s have a look at some of the features of ZCash.

ZCash Features

Even though ZCash is pretty similar to Bitcoin — it even has the same maximum emission (21ml coins) — it is still a strong rival to compete with. Here are some of the peculiarities of ZCash:

  • no data on users is stored on the blockchain
  • zCash uses the Equihash hashing algorithm for mining
  • mining time for one block is 2.5 minutes
  • each ZCash coin has a clear history
  • the level of confidentiality is variable according to user preference

ZCash — an Anonymous Cryptocurrency

ZCash competes as the most anonymous cryptocurrency among all others. This becomes possible thanks to the use of zk-SNARKS technology.

In brief, this is an approach of sending transactions on blockchain; however, nobody will be able to see or somehow find out who sent money, who it went to, or how much it was.

For example, on the Bitcoin blockchain, each transaction contains information about the sender, the amount of the transaction, and the recipient. This is exactly what makes blockchain transparent and trustworthy, as, in the case of any fraudulent activity, the nodes taking part in the crime are easy to track by their wallet address.

On the ZCAsh blockchain, users have the opportunity to send an absolutely anonymous transaction or a semi-anonymous one. There are public and shielded accounts. If, for instance, Alice and Bob have public accounts, the data on the transaction between their accounts will be seen by everyone and recorded on the blockchain. However, if both of them have shielded accounts, the transaction will still be added to the ledger. However, the sender, recipient, and sum of money will remain encrypted.

A semi-anonymous transaction occurs if Alice sends the transaction from her public account to Bob’s shielded one: in this case, the transaction data will only consist of the sender and the amount of money Alice has spent. The transaction will still be added to the blockchain.

The opportunity to send money anonymously is enforced by zk-SNARKS technology.

zk-SNARKS

zk-SNARKS technology helps users send a valid transaction without the need to reveal their identity or divulge the sum of money they have sent. Let’s have a closer look at what zk-SNARKS means:

  • zero knowledge — nothing revealed beyond the truth of the statement
  • succinct — the proof is very short and cheap to verify
  • non-interactive — need to write it down
  • proof — true statements have proof, false ones do not
  • of knowledge — allows the use of crypto in statements

Zero-knowledge proof technology literally helps validate information without sharing it. In terms of transactions, in order to stay private, nodes will not have to share the hash of the transaction to all nodes in the network.

To find out exactly how zk-SNARKS work, follow the description below and overview how zero-knowledge helps ZCash encrypt transactions on the blockchain.

How Are Transactions Done?

From the article on the Raiden Network, we all know what a UTXO (Unspent Transaction Output) is. If not, please follow up and check.

To put it simply, this is the amount of Bitcoins a wallet contains. To send 1 BTC to another node, the owner should unlock his/her UTXO and stake all money. The recipient’s wallet will then be replenished by 1 BTC, unlike the sender’s wallet, which will be withdrawn 1 BTC.

The UTXO model is used on the Bitcoin blockchain. In ZCash, the similar value is a “commitment,” the spending of which requires revealing a nullifier.

Let’s consider that a node A wants to send 1 BTC to node B: to do so, node A sends a message that says, “Send 1 BTC from my wallet to the wallet of node B” to the network, and signs this message with his/her private key. When the system has checked that there is enough money in node A’s wallet, the money is transferred to its addressee. As soon as this happens, the ledger updates.

Each node, as we already know, holds a copy of the blockchain. Also the nodes keep a nullifier (a list of the hashes of transaction serial numbers that has ever been sent). Once node A sends a transaction, the nullifier records the hash of the transaction.

To make sure the transaction sent by node A is valid and the money in it has never been spent before, the nodes double-check the serial number of this transaction in the nullifier. If there is no evidence of any fraudulent activity, the nodes verify the transaction.

However, we have missed one important thing: how does the transaction remain anonymous?

Anonymous Transactions on ZCash

As stated earlier, zero-knowledge proof makes it possible for ZCash users to encrypt their transactions while still adding them to the ledger.

This may be done with the help of a proof-string function that assures the nodes that anybody who sends this transaction is aware of the corresponding values.

On ZCash, users have spending and proving keys that are used to control and verify proofs. This is how the nodes prove that information about the sender, the receiver, and the sum of money is valid.

Making transactions anonymous and private is a computationally complicated process. zk-SNARKS technology is used to generate a so-called proof, which consumes quite a lot of computational power, specifically memory. The first versions of ZCash took about 2–3GB of memory and 40 seconds to generate a proof. This is why adoption of ZCash was a challenge for many users.

Launching a solution that solves the issue of memory-consuming has always been a goal for the ZCash team, which came true with the first part of the upgrade Overwinter in June 2018. This summer, users were introduced the Sapling Network, a brand-new, cutting-edge cryptography that promises to reduce memory requirements down to about 60 MB. There is more on Sapling revealed in perspectives of ZCash project.

For more specific information on zero-knowledge proof technology on ZCash, please check out the ZCash Protocol Specification here.

ZCash Perspectives

ZCash occupied 20th place among the most successful cryptocurrencies according to capitalization for a very long time; however, it has now moved to 21st place, overtaken by Dogecoin.

The project can definitely be called successful. It has clear objectives, and reaching them is possible because one of the best developing teams and resources. Even though governments don’t want to accept the fact that people use anonymous cryptocurrencies, they will have to create special regulation conditions for protection against unlawful activity.

Currently, the ZCash team is focused on generating an update for the Sapling Network. This technology aims to widen the blockchain-usage sphere and improve blockchain scaling.

The Sapling Network

As a scaling solution for the ZCash platform, the Sapling update, offers to reduce specified resource requirements: from 2–3GB to 60 MB of memory, and from 40 seconds down to 5–6 seconds. What this means is that users will be able to generate private transactions, even with their phones.

With the Sapling upgrade, ZCash is waiting to gain some wider adoption of Z-addresses (private accounts) and leaning T-addresses (transparent addresses).

Users who consciously want to follow the upgrade will have to migrate; however, the ZCash team expects the migration process to happen very smoothly.

As Sapling is a consensus upgrade, the shielded addresses of ZCash and Sapling will differ. The only thing is that users who want to migrate will move from the ZCash shielded pool to the Sapling shielded pool. Moreover, the ZCash team doesn’t see any reason to deactivate current pools, as ZCash and Sapling are still a single network. There are just two different shielded value pools. Sapling was created for one reason: to generate performance benefits for users.

One interesting thing is that while migrating from Sprout to Sapling, the team will be able to evaluate the general amount of funds held by the blockchain. How is this possible on a privacy-first platform? Before moving funds to a Sapling-shielded address, users will first have to move them to a transparent pool, which is an audit check for the ZCash platform.

Extra Objectives and Updates

The Sapling Network is the main point of focus for the ZCash team. However, along with Sapling update, there are some new features that will be added.

Memo Field

The memo field has always been around as a special feature of ZCash. Basically, the memo field allows users to send text messages and chats to each other, discuss transactions they have sent, etc. These chats are completely secure and private. At the same time, no upgrade for the memo field is coming up, so everything will stay as it is for now.

Key Structure

The new key structure allows “viewing keys” to be separate from “private keys.” Also, users will be able to have full-spend authority on the device, along with the ability to create protocols while still maintaining strong privacy.

This feature is coming along with the Sapling update, so basically, users are already aware of its advantages.

Light Wallet

There is one more project which, unfortunately, doesn’t have a timeline for being launched, but the team hopes to release it in the future. The project itself is a reference implementation for a mobile light wallet utilizing shielded addresses. All information on the development will be open-source, so the community will be able to pick up some of the new information.

Conclusions

The ZCash project was created by cryptographists from technical universities in the U.S. and Israel and gained the support of big corporations. Initially, it was created as a technology to be adopted on the Bitcoin blockchain; however, it later became a separate project.

Now, the ZCash blockchain keeps its place in the first 20 cryptocurrencies as a result of its capitalization, and its peak is yet to come. Even though it is an anonymous cryptocurrency, which inspires even less trust from governments that blockchain overall, it will live on in case anonymous blockchains are ever considered illegal. The reason for this is the high level of decentralization, one of the best development teams, and the support of private investors.

Along with its privacy issue, ZCash is currently implementing the Sapling Network update, which is going to improve scaling on the blockchain and increase transaction time.

Stay updated with Zcash news, and contact Applicature for more information on any blockchain-related topics.

Follow us on Twitter and Telegram.

Bitcoin
Blockchain
Zcash
Fintech
Privacy

--

--

Applicature
Applicature

Written by Applicature

324 Followers
Editor for

Applicature is a Venture Builder and Accelerator of Blockchain companies. Since 2017, we’ve helped more than 270 companies grow.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams