Zcash vs. Monero: Blockchain’s Fundamental Need for Privacy
A look into the importance of personal intellectual property.
Co-written by Asher Fishman
In the early years of the internet, everyone was worried about giving up their private information: “Don’t friend strangers!” “Watch out for identity theft!” I can still hear my mother warning me like in the AOL days. Now it seems that fear has somewhat disappeared. We’ve passed a point where the average person is conscious about these things. At the comfort of our own screens, we blindly trust the internet and our devices to safeguard financial and personal information.
Ironically enough, in the crypto world, where we proceed with caution on most subjects, we often underestimate the impact of one of the most dangerous aspects of transactions. We allow ourselves to be completely exposed to the public eye. And we let anyone and everyone see our every move. Forever on the chain. Forever immutable.
Why would I ever want the next door neighbors knowing what I bought my Mom for her birthday? Why would I want institutions snooping in on my transaction history, checking to see exactly what I spent my income on? Even exposing my family savings to the eyes of the internet? Why would users interact with decentralized applications if they display personal data to all?
Our actions online are more than just numbers or stats, they have reshaped the image people might have of us or we might have of them. Worse yet, governments might use our habits against us. Chinese civilians already live in a Black Mirror-esque reality. Privacy is a big deal. As technology takes over, data will rule. Transactions aren’t simply money and payments. Companies like Facebook have access to so much personal information that they can use it to purposefully make users depressed, as shown by this Princeton study. In the internet age, data is power.
I once heard a businessman say “I’d rather stand on this table, get ass-naked, and wiggle around than have someone read my financial statements.” I’m sure our orange man in the White House would agree. In the blockchain ecosystem, people believe that their actions are anonymous and unwatched. But the world is catching up to the complexities of blockchain, and there isn’t much defense on popular chains today to deflect Peeping Toms or Uncle Sams efficiently.
But is it it actually needed?
Why does it matter if people can peek into each other’s transaction history? “I’m an honest and good person with have nothing to hide. I’m not a criminal” is the common conclusion some arrive at. And is privacy worth an extra cost?
The short answer: Yes, we need it, we want it, we won’t succeed without it. Two major projects are seen as the forerunners of privacy: Zcash and Monero. In order for us to understand these two projects at solving privacy concerns,
Let’s start with Zcash.
In order to understand Zerocash, we have to start with it’s cousin, Zerocoin.
Zcoin was created by the same developer as Zcash, and during its creation it looked very promising, being that it was one of the first of it’s kind to give privacy to transactions.
To solve privacy, Zcoin implemented minting and zero-knowledge proofs on transactions. The process consists of “minting” or burning the original coins and then sending them to an address. These new coins are then redeemed and have no transaction history. This process gives basic anonymity. But in order to redeem these new coins or transact, you have to prove that they were indeed burned. Zero-knowledge proofs allowed Zcoin holders to prove their ownership of minted coins from a “fake” address created by the system. Miners would then “double check” the serial number to make sure it had never been used before, using a method called (you guessed it) the Double-Spend Check. Then eventually the transaction would be verified and go through.
Sounds simple enough.
But turns out the system was quite flawed. What ended up happening was that to power this whole process, the proof needed to use 25kb, which is too much considering how expensive memory is on the blockchain. The cost of privacy simply wasn’t worth it. Additionally, you were only able to just send in fixed amounts of 1, 10, 25, 50 and 100 coins at one time because of memory and privacy obstacles. On top of this, the process of acquiring the serial number (aka the fake address) would go through several rounds of checking and proofs. So in addition to it being expensive, it also took a long time.
If that wasn’t enough, Zcoin found a huge mistake.
They discovered that their protocol was producing way more than the amount of coins actually minted, which meant someone had found a way to spend more than once with one single “burned” coin. The dreaded double-spend.
And to add to it, in terms of privacy, Zcoin was really only making the account private. It was still possible to trace the redeemed coin back to the minted coin, which means it wasn’t 100% untraceable.
Expensive, time consuming, a whopping mistake, and no real privacy. As you can see it was simply an incomplete product.
It was then that the developers created Zcash.
Zcash sought to fix the issues of zero-knowledge proofs in order to make the whole process quick and private. They tried to find a way to verify transactions without having to do 5–7 rounds of checks. So they implemented a polynomial algorithm called zksnarks.
The unique thing about a polynomial is that if one single “x” in the equation is off or moved, the entire equation changes. This is exactly what Zcash was looking for. Another problem Zcash had to solve was that the sender would be exposed to too much information about the part that the verifier/receiver is asking for. And from there, the sender could figure out which variable was needed and change the original value of the other. This again would cause a double-spend situation.
To fix this, Zcash uses Homomorphic Encryption, which basically allows the prover/sender to prove his piece of the equation without showing the value itself and knowing which part of the equation it is. Encrypted variables were hard to identify and exploit.
The way Zcash reduced verification time is by implementing the “Trusted Setup”. Remember that in Zcoin’s model, a verifier must do multiple checks to verify a transaction. This consisted of the back and forth interaction between the sender and receiver until the final verification and the protocol approved the transaction. With Zcash’s “Trusted Setup,” the polynomial is consisted of both the sending and receiving ends, that way if one part of the polynomial is incorrect or invalid, the transaction will not go through. Both the sender and receiver need to input private information into their side of the setup at the same time, reducing the verification to a one-step event. And if during the process either side attempted anything funny or if there was a breach, the transaction would be lost. So in this way Zcash holds both sides responsible for their secrets.
In conclusion: in one process, both sides are sent out and then verified rather than it taking a few rounds. And THIS took care of the power and time problem. Now, people were able to make smaller and quicker transactions.
So to review:
- Polynomial Equation (To sense a problem/breach right away)
- Homomorphic Encryption (to hide compromising data)
- Trusted Setup (They meet in the middle and all sides are responsible)
This shrunk the whole process down to 40 seconds. In 40 Seconds, your transaction is sent and completely shielded.
Zcash is constantly trying to increase speed and security. Their model allows for uploading a more successful proof seamlessly. So if someone else makes a better proof than zksnarks, they can easily attach it to their system, protecting them from falling behind in this market. Their effort to keep pushing and staying strong in the market also includes upgrading to Sapling, giving them the ability to take the transaction time from 40 seconds down to 2, and upgrading from zksnarks to zkstarks.
But Zcash aren’t the only ones using these proofs. Ethereum also has added privacy options that use zksnarks since its Byzantium update. However, this makes private Ethereum transactions too expensive (roughly $10) because Ethereum isn’t built for zero knowledge proofs and are therefore expensive. But, if Ethereum fixes this and makes it cheaper and just as efficient as Zcash, this would make Zcash useless.
Now that we have gotten the lowdown on Zcash, it’s time to speak about Monero. It was created back in April 2014, by Nicolas van Saberhagen who created the original protocol, and took on the CryptoNote codebase and a memory-hard proof of work (POW) consensus mechanism. It was then launched onto the Bitcointalk forum by a user named “thankful_for_today” under the name “BitMonero”. Five days later it’s supporters opted for the name to be shortened to what we know today as Monero.
Monero boasts that its transactions aren’t only untraceable but also unlinkable. These are similar but have key differences. In this case, unlinkability means addresses are public but transactions to and from (as well as balances) are hidden. Untraceability means an observer cannot tell which outputs and receivers are controlled by which party.
It is possible to have unlinkability without untraceability. In fact there are many coins that offer one time use stealth addresses. Monero (and other CryptoNote currencies) are different because of the use of stealth addresses is automatic and mandatory.
The way Monero is able to make transactions untraceable is through a technology called ring signatures. It basically mixes an individual’s set of transactions with others so it is not clear on the chain who owns which addresses. It also hides balances through stealth addresses which are random one-time addresses which can’t be associated with an individual publicly. Funds are not associated with the original address. If one time use addresses are not used every time, user and network privacy is decreased. Monero makes it easy to obtain a high level of privacy by automating this process at the protocol level. There is also a “spend key” used to spend funds and a “view key” which the user can share with others to allow transaction details to be selectively transparent to certain individuals. If compared to bank accounts, the bank’s login information needed to access your funds is like the spend key while a copy of your bank account statement and transactions is like a view key. This separation into two different keys makes sure that a third party may view transaction details without exposing the viewer to all of the sender’s funds. Monero prevents double spending by giving each ring a key image, another word for serial number, so the system can confirm the transaction and make sure it hasn’t been used more than once.
In 2016 it saw enormous market growth when it was heavily adopted in the darknet market called “Alphabay” (which was later closed down by law enforcement in 2017). Then in 2017, their privacy transactions were strengthened when adopting Gregory Maxwell’s Bitcoin core algorithm called “Confidential Transactions”. This algorithm hid the amounts of the transactions and improved the Monero Ring Signatures. This change grew their community to 128,000 loyal followers
Anyone who is on the Monero Network owns a piece of Monero, and each time there is a transaction, the system hides your piece between others in a ring of that public address, so it isn’t easily found.
“Easily found” doesn’t sound so private to me.
Monero’s model makes it relatively simple to trace the patterns of transactions back to the sender through something referred to as a ‘matching attack,’ lining up multiple relays to see repeats. This would allow someone to trace transactions to a specific address. Even though Monero uses Kovri to cover your IP address and cover messages, this is still possible.
There’s another problem here: Monero isn’t completely anonymous. You have plausible deniability but are not fully hidden. In other words, if accused of conducting a transaction, you can say in the famous words of Shaggy, “It Wasn’t Me”. But the fact that you could even get suspected is a problem. Do something enough times in a pattern and you will get caught.
The question remains: Zcash, Monero, or neither?
Some support Monero because it stems from grassroots developers with a more justifiable cause. Zcash is known to come from developers of a corporation. On top of this, Zcash’s founders own 10% of the coins. Although they claim it is for the stability of the platform, some view it as pure greed. Additionally, Monero is always private, meaning all transactions are anonymous. Zcash gives users the option whether to send a private transaction or a public one.
It’s also safe to say that the Monero community is stronger than Zcash’s. They have been around for longer and have more developers on their platform. Its undying support online has made it a top 11 coin. Additionally, people are very excited about Monero’s ability to support distributed applications. Most notably, a ticketing service named Tari has recently been built on Monero in stealth.
But the world seeks secure, fast, and untraceable privacy. From this perspective, Zcash takes the gold. This is due to its security in anonymizing holders and transactions, plus its flexible protocols which can conform to any superior proof that may come along
Many are concerned about the future of privacy coins. There are fears that governments will attempt to ban them. To this, Zcash founder Ian Miers, says no.
“The banks need something like this but they just don’t know it yet,” he explained at a New York technical discussion last month. “Banks have the obligation to keep all transactions and financial statements private and this would be a great way to do it.” This is true: nearly every bank must follow strict regulations on the privacy of their account holders. Regulations that Ethereum has yet to provide sufficient answers for. Any banks currently working on blockchain technology (which many are) need privacy to exist. As far as catching criminals, governments have no greater issue with privacy coins as they do with the current monetary system. Since we aren’t yet in a completely crypto-friendly world, criminals will still need cash to spend their booty on serious purchases such as real estate and stock. Banning privacy coins instead of understanding how they work wouldn’t solve money laundering at all; it might even be impossible to do.
But after all of this, does the world even care?
Judging by the transaction statistics, it seems not.
Users can send exposed transactions on Zcash if they wish to save money and have nothing to hide. Therefore, according to Ian Miers, only 20% of the total number of transactions on the Zcash blockchain are anonymous, while a whopping 80% were naked to the public eye; only 8.3% of the volume of transactions were anonymous, meaning only 8.3% of all money sent was anonymous. Most of the people on Zcash don’t even send their money privately because of the cost, so only a small amount of $60 million worth of daily transactions are covered on the chain. Of course, Zcash is working to shorten this price gap with changes such as zkstarks in an effort to make shielded transactions the norm. This leads to During the Cambridge Analytica scandal, less than 1% of Facebook users whose data was stolen actually cared or did anything about the fact that all their information had be gotten to.
We live in a world where blockchain attempts to give us a fresh start, create new opportunities for communities, turn nobodies into experts, and provide financial freedom. All of these cases require privacy. The right to choose what to show. The right to own your own data and restrict access to the nosey. This isn’t just a right, but a necessary component for healthy and functioning public blockchains. As privacy continues to define the fate of distributed ledger technology, we look forward to a scalable model for such a fundamental need.
Hold down the clap button to 50 claps if you liked the content!
I love getting questions or suggestions, so comment away.