Zcash: Stash or Trash? “If Bitcoin is http for money, then Zcash is https”

–update 2/14/2018–

What is Zcash? A Comprehensive Guide

How Does Zcash Work?

“Zcash is another blockchain and cryptographic money which permits private exchanges (and by and large private information) in an open blockchain. This permits organizations, buyers, and new applications to control who gets the chance to see the points of interest of their exchanges, even while utilizing a worldwide, authorization less blockchain.” – Zooko Wilcox

How does a normal bitcoin transaction take place?

Suppose, Alice wants to send Bob 1 BTC, what will she do?

She will send 1 BTC to Bob’s public address. The miners then put the transaction details within their blocks and the transaction is deemed complete.

So, how are ZCash transactions different from the normal bitcoin ones?

First, let’s look at a pictorial representation of a Zcash transaction:

What is Zcash? A Comprehensive Guide

Image Credit: Fossbytes

What does that image tell us?

In Zcash, you have a choice to choose between two kinds of transactions.

You can either do the normal transparent transaction OR you can do the shielded private transaction.

Suppose Alice wants to send 1 Zec to Bob. (Zec = Zcash).

If Bob is ok with keeping the transaction transparent and open for the world to see, then she can send him the Zec to his transparent address or t-addr.

However, if he wants some privacy and does not want the transaction details to be open to public, he can simply have the money sent to his shielded address also called “z-addr”.

If both Alice and Bob use their shielded addresses to interact with each other, then all the details of the transaction would be private. This includes Alice’s identity, Bob’s identity and the details of the transaction itself.

What is Zcash? A Comprehensive Guide

Image Credit: Z.Cash

The reason why Z-Cash achieves such a high level of privacy is that of the utilization of zk-SNARKS or Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge.

Before we proceed, it is critical that we understand what Zero-knowledge proofs and zk-Snarks are.

What are Zero-Knowledge Proofs?

Zero Knowledge proofs came about in 1980’s thanks to the work of MIT researchers Shafi Goldwasser, Silvio Micali and Charles Rackoff. They were working on problems related to interactive proof systems, where a Prover exchanges messages with a Verifier (more on provers and verifiers later) to convince them that they have a knowledge of a certain proof without declaring what that knowledge is.

Before they made their landmark discovery, most proof systems were based on the “soundness” properties of the proof system. It was always assumed that the “prover” could be the malicious one in any scenario wherein they will try to fool the verifier. These 3 researchers flipped the idea on its head by questioning the morality of the verifier instead of the prover. The question they asked was, how can anyone know for sure that the verifier won’t leak the knowledge and there were also concerns raised as to the amount of knowledge about the prover that the verifier will get to know during the process of verification.

There are various real-world consequences of this conundrum and one of the most famous ones have to do with password protection. Suppose you want to login to a website using a password. The standard protocol is that the client (you) will write in their password and send it to the server, the server will then hash the password and equate it to the hash that they have stored in their system. If the values match up, then you can enter the system.

You can see the huge flaw in this system right? The server has the plaintext version of your password, and your privacy is at the mercy of the server (the verifier in this scenario). If the server gets compromised or attacked, then your password will be with the malicious party and the consequences could be dire. In order to counter these scenarios, zero knowledge proofs are absolutely essential and path breaking in every sense.

There are two parties when it comes to a zero knowledge proof (as stated above), the prover and the verifier. Zero knowledge states that a prover can prove to the verifier that they posses a certain knowledge without telling them what that knowledge actually is

Properties Of A Zero Knowledge Proof

For a ZKP to work it needs to satisfy certain parameters:

  • Completeness: If the statement is true then an honest verifier can be convinced of it by an honest prover.
  • Soundness: If the prover is dishonest, they can’t convince the verifier of the soundness of the statement by lying.
  • Zero-Knowledge: If the statement is true, the verifier will have no idea what the statement actually is.

So now that we have a basic idea of what a zero-knowledge proof is, let’s checkout some examples of it before we dive deep into zk-snarks and its application in the blockchain.

Case #1 Alibaba’s Cave

In this example, the prover (P) is saying to the verifier(V) that they know the password of the secret door at the back of the cave and they want to prove it to the verifier without actually telling them the password. So this is what it looks like:

What is Zcash? A Comprehensive Guide

Image Credit: Scott Twombly (YouTube channel)

The Prover goes down any of the paths A and B, suppose they initially decide to go through path A and reach the secret door at the back. When they do so, the verifier V comes in at the entrance, with no knowledge of which path the prover actually took and declares that they want to see the prover appear from path B.

In the diagram, as you can see, the prover does indeed appear in path B. But what if this was dumb luck? What if the prover didn’t know the passcode, and took the path B, was stuck at the door and by sheer fortune, the verifier told him to appear from path B, the one they were originally on anyway?

So, to test the validity, the experiment is done multiple times. If the prover can appear at the correct path every single time, it proves to the verifier that the prover indeed knows the password even though the verifier doesn’t know what the password actually is.

Let’s see how the three properties of zero knowledge are satisfied in this example:

  • Completeness: Since the statement was true, the honest prover convinced the honest verifier.
  • Soundness: If the prover was dishonest, they couldn’t have fooled the verifier because the test was done multiple times. Eventually, the prover’s luck had to run out.
  • Zero-Knowledge: The verifier never knew what the password was, but was convinced that the prover had possession of it.

Case #2 Finding Waldo

Remember finding Waldo? Of course, you do, you must have seen it somewhere, either in real life or online. For those who don’t know, Finding Waldo is a game where you have to find “Waldo” among a sea of people. It is a simple “Spot the guy” game. Just to give you a basic idea, this is what the game looks like:

What is Zcash? A Comprehensive Guide

Image Credit: Youtube (IntoConnection)

And the idea is to find Waldo who looks like this:

What is Zcash? A Comprehensive Guide

Image Credit: Pinterest

Seems pretty straightforward right? Find this guy among the sea of other people that you see in the game. Ok, so where does the concept of Zero Knowledge come in here? Imagine there are two people Anna and Carl. Anna tells Carl that she knows where Wally is but she doesn’t want to show him where exactly he is. So, how can she prove to him that she has found Wally without showing his exact position?

There was an interesting paper by Naor, Naor and Reingold which shows two Zero Knowledge solutions to this problem. There is a “Mid-Tech Solution” and a “Low-Tech Solution”. Let’s discuss both of them.

Mid-Tech Solution

The reason why this solution is “mid-tech” is because our prover and verifier need access to a photocopy machine to make this work. So this is how it goes. First, Anna and Carl would make a photocopy of the original game. Then Anna, whilst making sure that Carl isn’t looking, will cut out Waldo from the photocopy and then destroy the leftovers. After that, she can show the Waldo cutout to Carl and prove that she did know where Waldo was after all without pinpointing his exact location to Carl.

There are problems with this solution. While it does fulfill the “Zero Knowledge” criteria, it doesn’t fulfill the “Soundness” criteria. There are many ways that Anna could have cheated here. She could have had a random Waldo cutout with her from the very beginning and could have just shown it to Carl without actually knowing where Waldo was. So what is the solution to this?

The solution to this is meticulous and careful testing. Firstly, Anna and Carl will take a photocopy of the game. Then Carl will draw a distinctive pattern at the back of the photocopy. After that, Carl will escort Anna to a room where she will be isolated and have no chance of cheating whatsoever. If Anna comes out with a cutout of Waldo, then Carl can be convinced that she actually knew where Waldo was without revealing the solution. They can repeat this experiment multiple times and Carl can compare the different cutouts of Waldo to be even further sure about the validity of Anna’s claim.

Low-Tech Solution

This solution required very basic equipment. The idea is simple. Get a huge cardboard, one that is twice the size of the game and cut out a small rectangle on it. Now, when carl isn’t looking, Anna can move the cardboard on the game in such a way that the rectangle is directly on top of Waldo. Now, she can tell Carl to have a look and this is what he will see:

What is Zcash? A Comprehensive Guide

Image Credit: Applied Kid Cryptography by Naor, Naor And Reingold

So, while Carl may get a very basic idea of where Waldo actually can be, he doesn’t know the exact location. Anna has hence proved to Carl that she knows where Waldo is without pinpointing his exact location.

How to make zero-knowledge proofs non-interactive?

With earlier zero-knowledge verification systems there was one big problem. For it to work, the prover and the verifier had to be online at the same time. In other words, the process was “interactive”. This made the entire system inefficient and almost impossible to scale up. The verifiers couldn’t possibly be online at the same time as provers all the time? There needed to be a system to make this more efficient.

In 1986, Fiat and Shamir invented the Fiat-Shamir heuristic and successfully changed the interactive zero-knowledge proof to non-interactive zero knowledge proof. This helped the entire protocol work without any interaction. The procedure behind it is very simple.

So, to give you an example, this is how zero knowledge proofs used to work before Fiat and Shamir. Let’s prove this using simple discrete logarithms.

  • Anna wants to prove to Carl that she knows a value x such that y = g^x to a base g.
  • Anna picks a random value v from a set of values Z, and computes t = g^v and sends t to Carl.
  • Carl picks a random value c from the set Z and sends it to Anna.
  • Anna computes r = v-c*x and returns r to Carl.
  • Carl checks if t= g^r * y^c  holds or not ( since r= v-c*x, y= g^x and by simple substitution, g^(v-c*x)* g ^ c*x = g^v = t).
  • Carl doesn’t know the value of x, by merely checking if t = g^r * y^c he can verify that Anna does indeed know the value of x.

Now while the above interaction is zero-knowledge, the problem with this is that Anna and Carl need to be online and exchanging values for it to work.

How can Anna prove to Carl that she has knowledge of something without Carl being online? She can do so by using a simple cryptographic hash function, as Fiat and Shamir theorized.

Let’s look how the example above would work in a non-interactive way:

  • Anna wants to prove to Carl that she knows a value x such that y = g^x to a base g.
  • Anna picks a random value v from a set of values Z, and computes t = g^v.
  • Anna computes c = H(g,y,t) where H() is a hash function.
  • Anna computes r = v – c*x.
  • Carl or anyone can then check if t = g^r * y^c.

So, as you can see, zero knowledge proofs were made non interactive. And this was what laid the foundations for Zk-Snarks.

What is the use of Zk-Snarks?

Zk-Snarks stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge”. Its use in modern blockchain technology is immense. To understand its application, it is important to know how a smart contract works. A smart contract is basically an escrow of funds which gets activated once a particular function is done.

Eg. Anna puts 100 ETH in a smart contract that she gets into with Carl. Carl has to do a particular task, on the completion of which, Carl will get the 100 ETH from the smart contract.

This gets complicated when then tasks that Carl has to do are multi layered and confidential. Suppose you have entered a smart contract with Anna. Now, you will only get the payment if you do A, B and C. What if you don’t want to reveal the details of A, B and C because they are confidential to your company and you don’t want any competitors to know what you have to do?

What Zk-Snarks does is that it proves that those steps have been taken in the smart contract without revealing what those steps actually are. It is very useful is protecting you and your company’s privacy. It can just reveal part of the process without showing the whole process itself and prove that you are being honest about your claims.

How does a Zk-Snark work?

A Zk-Snark consists of 3 algorithms: G, P and V.

G is a key generator takes an input “lambda” (which must be kept confidential and shouldn’t be revealed under any circumstances) and a program C. It then proceeds to generate two publicly available keys, a proving key pk, and a verification key vk. These keys are both public and available to any of the concerned parties.

P is the prover who is going to use 3 items as input. The proving key pk, the random input x, which is publicly available, and the private statement that they want to prove the knowledge of without revealing what it actually is. Let’s call that private statement “w”. The P algorithm generates a proof prf such that: prf = P(pk, x,w).

The verifier algorithm V is basically returns a boolean variable. A Boolean variable has only two choices, it can be TRUE or it can be FALSE. So, the verifier takes in the verifying key, public input x and proof prf as input such as:

V(vk,x,prf)

..and returns TRUE if the prover is correct and false otherwise.

Now, about the parameter lambda. The value of the “Lambda” must be kept confidential because then anyone can use it to generate fake proofs. These fake proofs will return a value of TRUE regardless of whether the prover actually has knowledge of private statement “w” or not.

Functionality of Zk-Snark

For showing the functionality of a Zk-Snark we are going to use the same example function that Christian Lundkvist used in his article for Consensys. This is what the example program looks like:

function C(x, w)

{

return ( sha256(w) == x );

}

Basically, the function C takes in 2 values as input, a public hash value “x” and the secret statement that needs to be verified “w”. If the SHA-256 hash value of w equals “x” then the function returns TRUE otherwise it returns FALSE. (SHA-256 is the hash function that is used in Bitcoin).

Let’s bring back our old friends Anna and Carl for this example. Anna being the prover and Carl the skeptic is the verifier.

The first thing that Carl, as the verifier, has to do is to generate the proving and verifying key using the generator G. For this, Carl needs to generate the random value “lambda”. As stated above however, he needs to be super careful with Lambda because he can’t let Anna know its value to stop her from creating fake proofs.

Anyway, this is what that will look like:

  • G(C, lambda) = (pk , vk).

Now that the two keys are generated, Anna needs to prove the validity of the statement by generating the proof. She is going to generate the proof using the proving algorithm P. She is going to prove that she knows the secret value “w” which hashes (on parsing through SHA-256) to give the output x. So, the proving algorithm for proof generation looks like this:

  • prf = P( pk, x, w).

Now that she has generated the proof “prf”, she is going to give the value to Carl who is finally going to run the verification algorithm of Zk-Snarks.

This is what that will look like:

  • V( vk, x, prf).

Here, vk is the verifying key and x is the known hash value and prf is the proof that he has gotten from Anna. If this algorithm returns TRUE then this is means that Anna was honest and she indeed had the secret value “w”. If it returns FALSE then this means that Anna was lying about knowing what “w” is.

How Is Z-Cash Mined?

Block mining in Zcash is done via the equihash.

Equihash is a Proof-of-Work algorithm devised by Alex Biryukov and Dmitry Khovratovich. It is based on Generalized Birthday Problem.

A big reason why equihash is being used is to make mining as ASIC unfriendly as possible. The problem with currencies like Bitcoin is that most of the mining pools monopolize the mining game by investing a lot of money on ASICs to mine as much bitcoin as possible.

Making your mining ASIC unfriendly means that mining will be more democratic and less centralized.

This is what the Zcash blog had to say about Equihash:

“We also think it is unlikely that there will be any major optimizations of Equihash which would give the miners who know the optimization an advantage. This is because the Generalized Birthday Problem has been widely studied by computer scientists and cryptographers, and Equihash is close to the Generalized Birthday Problem. That is: it looks like a successful optimization of Equihash would be likely also an optimization of the Generalized Birthday Problem.”

So we have heard about this “birthday problem” quite a bit now, what is it? What is the birthday problem or the birthday paradox?

If you meet any random stranger out on the streets the chances are very low for both of you to have the same birthday. In fact, assuming that all days of the year have the same likelihood of having a birthday, the chances of another person sharing your birthday is 1/365 which is a 0.27%.

In other words, it is really low.

However, having said that, if you gather up 20-30 people in one room, the odds of two people sharing the exact same birthday rises up astronomically. In fact, there is a 50-50 chance for 2 people of sharing the same birthday in this scenario!

What is Zcash? A Comprehensive Guide

Why does that happen? It is because of a simple rule in probability which goes as follows. Suppose you have N different possibilities of an event happening, then you need square root of N random items for them to have a 50% chance of a collision.

So applying this theory for birthdays, you have 365 different possibilities of birthdays, so you just need Sqrt(365), which is ~23~, randomly chosen people for 50% chance of two people sharing birthdays.

Zcash Coin Distribution

Since Zcash is a fork of Bitcoin there are some similarities.

Zcash also has a 21 million coins maximum supply and they are all expected to be mined by 2032. Every four years, the block reward gets halved to keep the supply in check.

Unlike most of the other coins though, Zcash wasn’t pre-mined and nor is it ICO funded.

Zcash had a group of closed investors who funded then with $1 million to kickstart their development. The investors were then promised with a 10% reward of the total supply in an incremental way over the first 4-year period. This reward is called “Founder’s Reward”.

Some of these closed investors were notable names such as Barry Silbert, Erik Voorhes, Roger Ver, and Naval Ravikant.

Is Zcash Regulation Difficult?

Zcash regulation is obviously difficult because of the added security measures, however, there is a way for law enforcement to check the regulation as and when required. This is done via two methods:

  • View Key.
  • Memos.

Every user in Zcash has their own “View Key”.

When needed, the user can share their view key with someone else. The view key then, in essence, unshields all hidden transactions. With the view key, anyone will be able to see that particular person’s transactions and the address of the recipient.

Zcash transactions also come with a memo field.

The memo field can carry additional information which is viewable only to the recipient.

According to Zooko Wilcox: “This memo could carry data between financial institutions wherever they are required by law to send that data along.”

The Zcash Counterfeiting Problem

Zcash was facing pretty serious counterfeiting problem which was a direct offshoot of their zk-snark programming.

In Zcash 1.0, the private transactions rely on SNARK public parameters for the creation and verification of zero-knowledge proofs. Generating these SNARK public parameters requires the creation of a public/private key pair and then destroying the private key and keeping the public key.

However, this is where things get tricky.

If someone gets hold of that private key, then they can create counterfeit coins!

This usually isn’t a problem in an open ledger like bitcoin where all the transactions are open for the world to see. However, in Zcash, the privacy stops anyone from checking the state of the coins.

This how Zooko Wilcox describes the private key or, as he likes to call it, “toxic waste” problem:

“We call the private key “the toxic waste”, and our protocol is designed to ensure that the toxic waste never comes into existence at all. Imagine having a bunch of different chemical byproducts in your factory, each of which is individually harmless, but if you let all of them mix together they will form a dangerous substance that’s difficult to manage safely. Our approach is to keep the individually-harmless chemicals separate until they are destroyed, so the toxic waste never comes into existence at all.”

So, in order to reduce the chance of an attacker to get their hand on the “toxic waste”, an elaborate ceremony was conducted.

The Ceremony

The ceremony is beautifully documented in the Radiolab podcast and you can give it a listen here.

The ceremony’s purpose was as follows:

Create a secure multiparty computation in which multiple people each generate a “shard” of the public/private key pair.

Once that is created, each member destroys their shard of the private key and then come together to join the public key shards to create the public key.

So basically, if only one participant destroys their private key shard then it is impossible to recreate. The experiment fails only if all of the participants have been dishonest.

You should read Morgan Peck’s first-hand account of the ceremony. The sheer lengths to which these people went to conduct it is extremely commendable.

This is Zooko Wilcox’s statement on the bottom-line of the ceremony:

“We have performed a remarkable feat of cryptographic and infosec engineering in order to generate SNARK public parameters for Zcash 1.0 “Sprout”. The general design of this Ceremony was based on Multi-Party Computation, air-gaps, and indelible evidence trails. Six different people each took one part of the Ceremony. The Multi-Party Computation ensures that even if all five of the others were compromised, or were secretly colluding, to try to reconstruct the toxic waste, one single Witness behaving honestly and deleting their shard of the toxic waste would prevent it from ever being reconstructable. Despite the remarkable strength of this Ceremony, I intend to advocate for a major upgrade to the Zcash protocol next year which will add a layer of detection in addition to the current layer of prevention.”

Ethereum + Zcash = <3 ?

What is Zcash? A Comprehensive Guide

Image Courtesy: Zcash

Zcash is a cryptocurrency launched by Zerocoin Electic Coin Company on 9th September 2016 and is the first example a cryptocurrency marrying the concepts of blockchain technology with Zk-Snarks. It aims to provide completely safe and shielded transaction spaces for its users without revealing details (such as their addresses) to anyone.

Ethereum wants to integrate Zk-Snarks as it enters its Metropolis phase and the way that they are planning to do so is by creating an alliance with Zcash which will include a mutual exchange of value. The chief developer of Zcash, Zooko Wilcox, gave a presentation in DevCon2 in Shanghai which explored the future of such an alliance. According to him, there are 3 ways that Z-Cash and by extension, zk-snarks could be integrated with Ethereum.

The first method is called Baby Zoe (Zoe = Zcash on Ethereum). It adds a zk-snark pre-compiler on Ethereum and makes a mini Zcash smart contract on Ethereum. The idea is to see whether the Ethereum system can create a zk-snark enabled DAPP on top of its blockchain.

The Second method is to integrate the Ethereum computability inside the Zcash blockchain. As Wilcox puts is, the greatest asset of Ethereum is its computability and people want to see whether they can integrate it on a zk-snark based blockchain like Zcash. Can people create DAPPS on a blockchain made on zero knowledge proofs? That is something that they are waiting to see.

The third and the most exciting aspect is Project Alchemy. This is basically the connection and interoperation of the two blockchains such that one can seamlessly move between the two. The way that Zcash plans to do that is by cloning the BTC  Relay. It is an Ethereum script which was written to create a Bitcoin light client inside Ethereum. The Zcash clone will use the same concept to create a Zcash light client inside Ethereum.

If this works then we will have the first, decentralized currency system in the world which facilitates the creation of DAPPS with zero knowledge ingrained in it.

–end of update–

–update 2/13/2018–

With over $1.4 billion in market cap, Zcash is arguably one of the fastest growing cryptocurrencies in the world — around this time last year, the value of Zcash was hovering around $32 and now it’s over $450 a piece.

The company behind Zcash has raised close to $3 million from investors including Naval Ravikant of Angel List, keenly followed for the early trends he spots, and a clutch of investment firms.

Last week, we interviewed Bryce “Zooko” Wilcox, a cypherpunk and the founder of Zcash, to understand why the world needs another cryptocurrency, how likely are cryptocurrencies to go mainstream and will enterprises ever put the blockchain to real use?

Bitcoin is unsuitable for personal or commercial use because it fails to provide its users privacy, says Wilcox on a call from Moscow, where he travelled to speak at a conference. Edited excerpts:

What problem is Zcash solving?

To appreciate the problem, it’s useful to look at Bitcoin. Before, we had centralised financial systems like the banking system. None of the centralised systems are native to the internet and they don’t go everywhere the internet goes. Bitcoin was a great leap forward because it is a financial system that goes anywhere the internet goes, like the email.

Bitcoin is really useful to send money across borders. It’s very important that Bitcoin doesn’t have a central governing organisation that controls it because that way people can rely on Bitcoin to continue to be scarce. But it has a deep problem that it exposes the records of transactions used to move money from one account to the other to everyone on the whole network.

Edward Snowden on Zcash. Bitcoin uses a public, distributed ledger or the Bitcoin blockchain to store transactions. So anyone looking at the ledger can make out which account made what transactions.
Edward Snowden on Zcash. Bitcoin uses a public, distributed ledger or the Bitcoin blockchain to store transactions. So anyone looking at the ledger can make out which account made what transactions.

You can’t use Bitcoin for personal use. If you got paid your salary in Bitcoin and then you bought coffee with it, then the coffee shop owner could learn what your salary was (by looking at the Blockchain) and your boss would learn what you do after work. Worse than that, even just random criminals who are looking for targets could find out what your salary is and where you go after work. So Bitcoin is completely unsuitable for consumer use because of complete loss of privacy.

We reuse all of the good ideas from Bitcoin and then we add this layer of encryption so that the payment of Zcash from one user to the next is included in the global replicated ledger for integrity.

It’s also unsuitable for commercial use because companies require confidentiality of their transactions for either regulatory or competitive reasons. That’s why we invented Zcash which is just like Bitcoin. We reuse all of the good ideas from Bitcoin and then we add this layer of encryption so that the payment of Zcash from one user to the next is included in the global replicated ledger for integrity (the recipient of the money can be sure that the payment has happened) and it’s part of the global consensus but it’s encrypted so no one else can learn of your behaviour by looking at the ledger except for authorised parties who you have given the decryption key to.

That encryption layer is Zero Knowledge Proof. How does it achieve the privacy objective here?

Zero Knowledge Proof is a new… well, it’s not that new. It was originally a scientific discovery in the 1980s. The people (pdf) who discovered it won the Turing Award (the highest honour for a computer scientist) for discovering the existence of Zero Knowledge Proofs. It wasn’t until a few years ago that scientists discovered methods of computing Zero Knowledge Proofs that were efficient enough that we could put them into blockchains.

In Picture: An application of Zero Knowledge Proof. It is a mathematical method using which someone can prove that a statement is true without disclosing any information about what’s in the statement. Also see: Explain like I’m 5: Zero Knowledge Proof
In Picture: An application of Zero Knowledge Proof. It is a mathematical method using which someone can prove that a statement is true without disclosing any information about what’s in the statement. Also see: Explain like I’m 5: Zero Knowledge Proof

With the Zero Knowledge Proof, you can prove the truth of some statement without revealing the statement. For example, you could use Zero Knowledge Proof instead of sending someone a scan of your driver’s licence over the internet, you could use a Zero Knowledge Proof which proves that there’s a document which is an official ID card and has my name on it and it shows that I’m licensed to drive and over 18 years old. But it doesn’t show any other fact such as my birth date, address and such. With Zero Knowledge Proof you can choose what facts you are going to prove the truth of and it doesn’t reveal anything else besides those facts. So, it’s a mind-boggling concept like a robot that can only tell the truth and everyone knows that if the robot gives you an answer, it must be true.

In Zcash, we use that since it became possible to make Zero Knowledge Proofs that were sufficiently compact to be put on a blockchain. In Zcash, I don’t have to reveal my actual account ID, I’ll just prove to you that there is a document which proves that I own one of the coins. You can post this to the Zcash blockchain and all of the miners and validators can verify the proof that you own the coin and you did not previously double spend it. (Editor’s note: Double spending is when the same digital coin is spent more than once because it’s been counterfeited.)

You can include a message with your payment like a purchase order number or a customer account number or something like that to explain to them why you’re sending them this money.

Therefore, they are willing to add your transaction to the blockchain. You give the recipient the decryption key and so they are able to see the transaction and they know how much the coin you gave them is worth. Also, you can include a message with your payment like a purchase order number or a customer account number or something like that to explain to them why you’re sending them this money. Or you could put a little note if you want. In fact, I know someone who has an encrypted love note on the Zcash blockchain.

Do you see the possibility of using Zero Knowledge Proof-based blockchains in countries like India – for example, India is talking about putting college certificates on the blockchain so that it can be easily verified.

That’s an interesting one. It’s an exciting moment because the science and the technology is pretty new and Zcash is the first time Zero Knowledge science has been applied in a viable manner even though the science has been discovered in the 1980s. Now that it has been proven to work, a lot of entrepreneurs around the world can think of other applications of Zero Knowledge Proofs. It’s interesting how many there are if you start thinking about it. For example, if you want to put college certificates on the blockchain, obviously you don’t want to post them publicly for anyone who touches the blockchain to see. It seems obvious to me.

Zero Knowledge proofs could potentially be one way to make that possible by posting encrypted forms of certificates to the blockchains and then you would be able to use it to prove facts about your certificates or some parts of your certificates without divulging private information to the wrong partners.

Zcash as a cryptocurrency can also be useful to people in India. Like Bitcoin, it is a thing you can buy and use to send money around the world. I would like to see people doing services like language translations, therapy, writing editing, art or something over the internet but clients should be able to pay them in Zcash instantly.

How do you pay someone with cryptocurrency when the money keeps fluctuating? Do you see this stabilising?

The price of Zcash has gone up from about $32 last February to over $450 now.
The price of Zcash has gone up from about $32 last February to over $450 now.

There are longer-term solutions that people may experiment with to hedge so that if the price of the coin changes you make sure roughly the same amount. Even in the short term, you can probably fix this just by agreeing in terms of Rupees or other value. Then, you use the coin as a medium of exchange. Imagine if you agreed to get paid a lakh a month and then on the day of your paycheque, you receive a certain amount of Zcash which is worth Rs 1 lakh that day and you could sell it the same day. That’s just a low tech solution. In the future, there may be technology or more sophisticated financial infrastructure that allows you to own cryptocurrency while being insulated from the price variation of the currency.

Are you seeing any interest from India for Zcash?

There’s a lot of interest from techies – engineers and computer programmers. But the Indian cryptocurrency exchanges that offer Bitcoin and Etherium don’t offer Zcash yet. All of your readers should open a support request with their crypto exchanges saying you want Zcash because privacy is good for society and helps protect and improve the prosperity of the whole economy. Just like the world wide web couldn’t have taken off for business if it hadn’t been upgraded from HTTP to HTTPS. (Editor’s note: HTTP is short for Hypertext Transfer Protocol which forms the bedrock of the Internet and HTTPS is Hypertext Transfer Protocol Secure, in which the data flow is encrypted thus making it more suitable for business use cases such as e-commerce.)

Is there a bubble in cryptocurrency or not? How do you see this play out in the next five years?

One question is: are there scams? There certainly are. There are fraudulent, irresponsible raising of money, Ponzi schemes and people should be wary of that. One of the big questions is does it make sense for money or something of value to be valued solely because of scarcity and social consensus? The surprising fact when Bitcoin came out is that a lot of people thought that Bitcoin could never retain value because it has no backing or underlying asset that guarantees its value. I think these people are really confused. The truth is no form of money has any backing or underlying asset that provides value.

Some people think that Bitcoin or Zcash must lose their value based on that argument but that’s not correct.

Even if there were a form of money, like in the past, that could be redeemed for pieces of gold, the value of money was greater than the piece of gold you could get it for. So it has always been the case that money has value because of its use and people accepting it. Some people think that Bitcoin or Zcash must lose their value based on that argument but that’s not correct.The next question is whether the fundamental technology works or not. We’re getting better and better demonstration that it does work and is valuable to people. As years pass by, it continues to survive all threats and attacks. It’s still early. It’s only been one year for Zcash and nine years for Bitcoins. It takes longer than that for such a radical idea to percolate through all the societies around the planet. We can expect it to continue to be more widely understood year after year.

What are the factors that need to come together for this to go mainstream? Right now it is used by people who understand technology and not so much for day-to-day transactions.

It already happened for the use of cryptocurrencies as a speculative investment in the last six months in South Korea and to a lesser extent in the United States. In South Korea, almost one-third of all working adults have bought cryptocurrency. That’s mainstream. However, it’s not mainstream as a method of exchange. To get to the next level, we’re going to have to solve the scalability problem and that’s an unsolved science challenge that many smart people in the cryptocurrency industry are working on.

Today, all of the cryptocurrencies including Bitcoin, Ethereum and Zcash have a very limited capacity. Bitcoin ran out of capacity where there wasn’t room for all the users. So, the ones who were willing and able to pay higher fees could use it. That same barrier is probably going to hit Etherium in 2018. The scientists are all working very hard to figure out how to expand the functionality to greater and greater numbers of people while maintaining the decentralisation properties that make it attractive in the first place. It might take years and it might be that we’re unable to solve it in 2018. It is far from certain if it’s possible at all and how we achieve it. That’s a huge challenge for the whole industry.

Do you see government regulations leading to slow adoption of cryptocurrencies? For instance, in the Budget session, India’s finance minister said cryptocurrencies aren’t legal tender.

Different countries have different regulatory regimes. It’s been interesting how in China the government has clamped down on cryptocurrencies and ban them. It will be interesting to see how much they are able to stamp it out versus how much it becomes underground but stays vibrant in China.

At the same time, other countries have taken different approaches. Some Asian countries like Japan, Singapore and South Korea seem to be attempting to perhaps regulate some of the risks but certainly not trying to eliminate the whole phenomenon. On the contrary, those countries impose detailed and consistent regulation that encourages a lot more of investment into the cryptocurrency infrastructure.

The US is a great example of regulation done well. Or at least it promises to be.

The US, it turns out, is quite positive about the promise of cryptocurrencies and regulators responsible for managing such things have been pretty consistent about simultaneously detecting and deterring scams and also encouraging the growth of the legitimate industry. The US is a great example of regulation done well. Or at least it promises to be. (Editor’s note: Earlier this month, the United States held a Senate hearing in which SEC Chairman Jay Clayton and Commodity Futures Trading Commission Chairman Christopher Giancarlo called for coordinated regulation of the industry. Here’s a brief overview of what went on at the hearing.)

Russia has a thriving scientific, technical, entrepreneurial ecosystem but the government seems confused or self-contradictory because different parts of the government has issued statements that contradict one another. That’s not a very good way to get any outcome.

Countries are going to observe the effects that other countries get when trying different policies. Some countries are going to benefit from the technology and the industry and also the financial industry itself. It’s going to be very profitable for governments and industries to have cryptocurrencies as a financial tool for their use. This will take several years to play out.

How do you see enterprises taking up solutions like these?

As far as I’m aware, all of the enterprise solutions of blockchain so far are still in a preliminary stage. It could be that’s just because iterating such complex and high-value systems take many years of careful effort or you could say pessimistically that blockchain is failing to satisfy their needs and it will eventually be abandoned. I don’t know which it is yet. I’ve been waiting for several years now to find out about the application of blockchain to enterprise use cases which gains traction and gets more and more users and makes more money.

The Zcash and JP Morgan partnership is making an enterprise blockchain technology which could be a leading candidate for the breakthrough that allows enterprises to use blockchain for real-world use cases.

The Zcash and JP Morgan partnership is making an enterprise blockchain technology which could be a leading candidate for the breakthrough that allows enterprises to use blockchain for real-world use cases. The JP Morgan partnership allows smart contracts, it also allows privacy which is necessary for every enterprise. (Editor’s note: JPMorgan uses a payments platform called Quorum, built on the Ethereum blockchain. Zcash’s Zero Knowledge Proof-based method adds a layer of privacy to the transactions that happen on Quorum. See more here.)What are the top priorities for Zcash this year?

First, we are going to upgrade the cryptography protocol of Zcash so all users will have to upgrade their software. The new software will have encryption which is 10 times more efficient from the first generation. We’re also supporting all users to continue using the network and more users joining. The important thing is to demonstrate that a decentralised open network can remain completely accessible and reliable even if it’s going through an upgrade.

Our second goal is to study and figure out the scaling problem so that we are able to onboard a billion more users in the future.

–end of update–

–update 2/8/2018–

Resources For Learning How To Mine ZCash $ZEC

Just a list of resources…

Information on how to mine cryptocurrencies is EVERYWHERE. Here I’m aggregating ZCash mining resources (mostly so I don’t keep losing them, lol). Please let me know if there’s something I should add so this list can be constantly updated. Enjoy!

–end of update–

–update 2/7/2018–

3 Top ZEC Wallets For How YOU ZCash

With ZCash it seems that the most important question is: “What are you trying to DO with your ZEC?”

1. I’m trying to manage my ZEC on my cell phone!

Jaxx Wallet

  • Jaxx is a Multi-Currency wallet which allows you to manage your crypto on Mobile and Desktop.
  • You get a 12-word seed key at the time of signing up with the wallet: As you own the private keys, this wallet is very safe to store Zcash.
  • You can store many other cryptocurrencies along with Zcash.
  • Jaxx is super user friendly.
  • It is fully open source.
  • Jaxx never holds or has access to your funds – they remain securely in your control on their respective blockchains.
  • If you back-up your Masterseed you will be easily able to recover your wallets if you lose access to the device they were on.
  • Use your Masterseed to view your wallet on iOS, Android, Chrome Extension, Windows, Mac and Linux desktops.
  • The Jaxx Blockchain Interface give you ability to trade your Bitcoin, Bitcoin Cash, Ethereum, Ethereum Classic, Litecoin, Dash, Zcash and a variety of other cryptocurrencies simply, quickly, and securely with as few as two touches.
  • Converting from one asset to another is as easy as that in Jaxx.
  • It should not be used for large amounts of Zcash, but is a great option for day-to-day use or accepting payments on the go.
  • Jaxx supports all eight of the most popular platforms.

2. I’m trying to live off-the-grid in my ZEC bunker!

Ledger Nano S / TREZOR for ZCash

  • Ledger Nano S is a Hardware Wallet which is one of the most secure ways to store Zcash.
  • Once you have bought this tiny device, you need to connect it to the computer and configure it.
  • You will get a 4-Digit Pin which would be backed by a 24-word seed phrase.
  • Private key control: Owned by the user
  • Make sure to store this seed key safely as this would be required if in case you forget the 4 digit pin.
  • Since this is a hardware wallet (cold storage), your coins will be extremely safe from any hack.
  • You can only lose your crypto if you tell the seed phrase or pin to someone.
  • With the Trezor, a 9-digit security code appears on its OLED screen whenever you wish to connect it to your PC.
  • Apart from price there is not much difference between the two.

3. I’m trying to mine ZEC!

ZCash Desktop GUI Wallet

  • This wallet is suitable for users and miners who work on desktop systems and wish to have full control of the ZCash private keys.
  • It communicates with the ZCash server (zcashd) running locally via the zcash-cli program.
  • When installed, it is packaged as one executable JAR file (ZCashSwingWalletUI.jar) and requires Java (JDK7 or later).
  • The details of how to obtain, and install the ZCash Desktop GUI wallet may be found on GitHub.
  • Users who are less experienced with working on  a command line, may instead use this quite-user-friendly installation guide and usage guide.
  • Be sure to perform regular Backups of your wallet.
  • It has all the typical features that might be expected from a desktop cryptocurrency wallet:
    • Balance/monetary amounts
    • List of transactions
    • Status of blockchain synchronization
    • Management of ZCash addresses (including Z addresses)
    • Sending ZCash
  • Known issues and limitations:
    • Wallet versions 0.58 and below, when running on systems with (typically non-western) locales that redefine the decimal point in the OS locale settings, have problems with updating the GUI wallet state. A workaround is to change the locale settings to have dot as decimal separator.
    • Wallet encryption has been temporarily disabled in ZCash due to stability problems. A corresponding issue#1552 has been opened by the ZCash developers. Correspondingly wallet encryption has been temporarily disabled in the ZCash Desktop GUI Wallet.
    • The GUI wallet does not work correctly if zcashd is started with a custom data directory, like: zcashd -datadir=/home/data/whatever This will be fixed in later versions.
    • GUI data tables (transactions/addresses etc.) allow copying of data via double click but also allow editing. The latter needs to be disabled.
    • The list of transactions does not show all outgoing ones (specifically outgoing Z address transactions). A corresponding issue #1438 has been opened for the ZCash developers.
    • The CPU percentage shown to be taken by zcashd on Linux is the average for the entire lifetime of the process. This is not very useful. This will be improved in future versions.

Resources:

–end of update–

On August 9th, 2017, Zcash had a market cap at USD $467,656,057 for an equivalent of 140,914 BTC or 1,589,975 ETH with a circulating supply of 1,924,994 ZEC at a price of $242.94 per coin.

Zcash is gaining traction in the world of cryptocurrencies at a time when speculators have become decidedly more selective with their trading dollars. In the last week, in fact, Zcash passed long-established BitShares in becoming the #17 digital currency by market cap.

Right now traders are becoming investors in some cryptocurrencies. Why?

As the world quickly adopts cryptocurrencies, hedge funds go bananas over ICOs, and even the 5 o’clock news talks about the price of Bitcoin for the day, early adopters are positioning themselves in advance of the great spike expected to hit once grandma and grandpa understand that crypto is their key to retirement.

In the case of Zcash, in May JPMorgan Chase decided to integrate Zcash technology into its Enterprise Blockchain Platform:

“By adding the Zero-knowledge Security Layer into Quorum, we are able to explore how state of the art cryptographic privacy technology will enhance the next generation of financial services applications,” said JPMorgan executive director and blockchain center of excellence lead architect Suresh Shetty in a statement.

THAT’S why I’m interested in digging into Zcash.

I want to understand what makes Zcash interesting and what the future for Zcash holds. I hope to uncover answers through the Zcash website, forums, whitepapers, and any other relevant content that comes my way. Let’s get started!

“Zcash is the first open, permissionless cryptocurrency that can fully protect the privacy of transactions using zero-knowledge cryptography.”

  • If Bitcoin is like http for money, Zcash is https—a secure transport layer.
  • Zcash brings fungibility to cryptocurrency by unlinking shielded coins from their history on the blockchain.
  • Zcash is pioneering the use of zero-knowledge proofs, applying cutting-edge cryptography to blockchain technology. This new property will enable entire new classes of blockchain applications to be built.
  • Zcash: “We believe that personal privacy is necessary for core human values like dignity, intimacy, and morality.”
  • Every user of Zcash contributes to its decentralization, helping to protect it against failure and corruption.
  • Since Zcash is an open-source protocol, the Zerocoin Electric Coin Company (ZECC) does not control it (including controlling the mining or distribution of it) or have special access to private or shielded transactions.
  • The Zcash Foundation was launched in March of 2017 to guide the evolution of Zcash.
  • Zcash is a decentralized and open-source cryptocurrency that offers privacy and selective transparency of transactions.
  • Zcash is based on peer-reviewed cryptographic research, and built by a security-specialized engineering team on an open source platform based on Bitcoin Core’s battle-tested codebase. “Our improvement over Bitcoin is the addition of privacy.”
  • Zerocoin extends Bitcoin by creating two new transaction types: mint and spend. A mint transaction allows a user to exchange a quantity of bitcoins for the right to mint a new zerocoin.
  • Zcash encrypts the contents of shielded transactions. Since the payment information is encrypted, the protocol uses a novel cryptographic method to verify their validity.
  • Zcash uses a zero-knowledge proof construction called a zk-SNARK. These constructions allow the network to maintain a secure ledger of balances without disclosing the parties or amounts involved. Instead of publicly demonstrating spend-authority and transaction values, the transaction metadata is encrypted and zk-SNARKs are used to prove that nobody is cheating or stealing.
  • With the support for both shielded and transparent addresses, users can choose to send Zcash privately or publicly.
  • Zcash is the first widespread application of zk-SNARKs, a novel form of zero-knowledge cryptography. The strong privacy guarantee of Zcash is derived from the fact that shielded transactions in Zcash can be fully encrypted on the blockchain, yet still be verified as valid under the network’s consensus rules by using zk-SNARK proofs.
  • The acronym zk-SNARK stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge.”
  • “To learn more about our parameter generation ceremony and see the precautions we’ve taken to prevent the secret randomness essential to Zcash from being exposed, visit our Paramgen page.”
  • Bitcoin tracks unspent transaction outputs (UTXOs) to determine what transactions are spendable. In Zcash, the shielded equivalent of a UTXO is called a “commitment”, and spending a commitment involves revealing a “nullifier”.
  • Zcash nodes keep lists of all the commitments that have been created, and all the nullifiers that have been revealed. Commitments and nullifiers are stored as hashes, to avoid disclosing any information about the commitments, or which nullifiers relate to which commitments.
  • The privacy of Zcash’s shielded transactions relies upon standard, tried-and-tested cryptography (hash functions and stream ciphers), but it’s the addition of zk-SNARKs, applied with the system of commitments and nullifiers, that allows senders and receivers of shielded transactions to prove that encrypted transactions are valid.
  • The fact that Zcash transactions can be stored on the blockchain fully encrypted opens up new possibilities for cryptocurrency applications.
  • The Zcash Company is at the forefront of the Internet Money revolution. “Fueled by scientific discovery and guided by love for humanity, we are aiming to create a global open economic fabric.”
  • Zcash’s zero-knowledge proofs rely on a set of public parameters which allow users to construct and verify private transactions.
  • Rather than a full-fledged anonymous currency, Zerocoin is a decentralized mix, where users may periodically “wash” their bitcoins via the Zerocoin protocol.
  • While Zerocoin constitutes a basic e-cash scheme, it lacks critical features required of full-fledged anonymous payments.
  • Zerocoin uses coins of fixed denomination: it does not support payments of exact values, nor does it provide a means to give change following a transaction (i.e., divide coins).
  • Zerocoin has no mechanism for one user to pay another one directly in “zerocoins”.
  • While Zerocoin provides anonymity by unlinking a payment transaction from its origin address, it does not hide the amount or other metadata about transactions occurring on the network.
  • Zcash introduces the notion of a decentralized anonymous payment scheme, which formally captures the functionality and security guarantees of a full-fledged decentralized electronic currency with strong anonymity guarantees.
  • Due to its substantially improved functionality and performance, Zerocash makes it possible to entirely replace traditional Bitcoin payments with anonymous alternatives.
  • Zerocash can be integrated into both Bitcoin and Bitcoin forks.
  • Zerocash can be deployed atop any ledger (even one maintained by a central bank).
  • By introducing new transaction types and payment semantics, Zerocash breaks compatibility with the Bitcoin network.
  • Zerocoins can then be transferred, split, and merged into other zerocoins.
  • The Zcash block chain launched on October 28, 2016, bringing into existence the first Zcash monetary units. This software release and the initial phase of the block chain was called ‘Sprout’ to emphasize a young, budding block chain with great potential to grow.
  • Zcash’s monetary base is the same as Bitcoin’s — 21 million Zcash currency units (ZEC, or ⓩ) and is mined over time.
  • What is the difference between Zerocoin, Zerocash, Zcash and ZEC? Zerocoin is a cryptographic currency protocol invented by Ian Miers, Christina Garman, Matthew Green, and Aviel D. Rubin in 2013. Zerocash is an improved cryptographic currency protocol invented by Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza in 2014. Zcash is an implementation of the Zerocash protocol, with certain improvements as described in our protocol specification (all of the scientists who designed the Zerocash protocol are members of the Zcash team). ZEC is three letter currency code for the Zcash currency.
  • Zcash does not: encrypt data for multisignature, protect against correlations made with public transactions (for example, when Zcash is traded to/from another cryptocurrency) or obfuscate IP addresses.
  • It is possible to Zcash in conjunction with an anonymizing network, such as Tor, in order to obtain protection against network eavesdropping which is complementary to transaction privacy.
  • “It should be noted that while Zcash facilitates anonymization for its users amongst a wide pool of individuals, we align more with the term ‘privacy’ to describe what Zcash technology aims to provide.”
  • Large quantum computers, if and when built, would be capable of breaking an encryption scheme used by Zcash.
  • New Zcash blocks are created roughly every 150 seconds (2.5 minutes).
  • The Zcash monetary supply curve mirrors Bitcoin’s, except that, because Zcash’s blocks are mined 4 times as frequently as Bitcoin’s, the number of ZEC created per Zcash block equal a quarter the number of BTC created per Bitcoin block.
  • Zcash maximum block size: 2MB
  • Whitepaper: Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture
  • Whitepaper: Zerocash: Decentralized Anonymous Payments from Bitcoin
  • The primary markets for Zcash are:
    • Poloniex (currency pairing ZEC/BTC and also pairing ZEC/USDT)
    • Yunbi (currency pair ZEC/CNY)
    • Bitfinex (pair ZEC/USD and also pairing ZEC/BTC)
    • HitBTC (currency pair ZEC/BTC and also pairing ZEC/USD)
    • Bittrex (under currency pair ZEC/BTC)
  • The Twitter handle for Zcash is: ‎@zcashco
  • Market Cap history:
    • On October 29, 2016, the market cap for Zcash was $1,383,590.
    • On November 1st, 2016, the market cap for Zcash was $2,895,110.
    • Then, on November 2nd, 2016, the market cap for Zcash exploded to $3,701,650.
    • On November 9th, 2016, Zcash passed market cap $5,000,000.
    • On December 13th, 2016, Zcash passed market cap $10,000,000.
    • On January 5th, 2017, Zcash passed market cap $20,000,000.
    • On March 2nd, 2017, Zcash passed market cap $30,000,000.
    • From March 18th to March 19th, 2017, the market cap for Zcash went crazy and grew from $42,797,100 to $56,746,400.
    • On March 20th, 2017, the market cap for Zcash passed $60,000,000 for the first time.
    • On April 14th, 2017, the market cap for Zcash passed $70,000,000 for the first time.
    • On April 19th, 2017, the market cap for Zcash passed $80,000,000 for the first time.
    • On April 28th, 2017, the market cap for Zcash passed $90,000,000 for the first time.
    • On April 30th, 2017, the market cap for Zcash passed $100,000,000 for the first time.
    • On May 22th, 2017, the market cap for Zcash passed $160,000,000 for the first time, having blasted from $145,825,000 the previous day to $162,935,000.
    • Not to be outdone, on May 23rd, 2017, the market cap for Zcash stood at $277,175,000.
    • Then, on May 24th, 2017, the market cap for Zcash ended the day at $326,874,000.
    • On June 9th, 2017, the market cap for Zcash passed $400,000,000 for the first time.
    • From June 13th to June 14th, 2017, the market cap for Zcash grew from $470,678,000 to $558,715,000. #WOW.
    • The market cap for Zcash passed $600,000,000 for the first time on June 16th, 2017.
    • Sentiment for Zcash has eased somewhat since the June 16th high: on August 8th, the market cap stood closer to $400,000,000.
    • “Decentralized currencies should ensure a user’s privacy from his peers when conducting legitimate financial transactions. Zerocash provides such privacy protection, by hiding user identities, transaction amounts, and account balances from public view.”

“Our Mission is to make Zcash the premier platform for commerce — secure, borderless, and available equally to every person on our planet. We believe that Zcash can do for resource sharing and coordination what the Internet did for communication.”

Thanks for reading!

Make sure you get you free subscription to my daily digital newspaper, Quotidian Disruption: “The FUTURE is NOW” and don’t forget to check out my other cryptocurrency articles, collected here: A Growing Cryptocurrency Resource

A Growing Cryptocurrency Resource

Check out the @zcashco Live Twitter feed: