I recently had the opportunity to chat with Reuben Yap, Chief Operations Officer at Zcoin. This blog post is the result of an intense, thought provoking, and very fun two-hour chat. Reuben will be excited… I now have many more questions… (I jest, as Reuben took time on his day-off to entertain me. I gotta say, I respect a team that cares enough about what it does do grind in crypto-time! Crypto markets never sleep, and neither does Reuben, I think.)
Here we go! Enjoy!
On Zcoin Cryptography, Privacy Regulation, Decentralization, Governance & More With COO Reuben Yap
1. Explain Zcoin to me like I’m a smart 5 year old.
Reuben: “Zcoin is a way to make payments through the internet directly to people no matter where they are. In such a system, people keep track of these payments by keeping a permanent record of every single payment that has been made. However, this means that everybody can see who pays who and also guess how much that person owns! This can be very bad since it may invite jealousy, or reveal what this person does every day to possibly everybody in the world or have people make judgments on you based on how much you own and what you spend on.”
“To encourage people to use this digital money, Zcoin’s system makes it easy for everyone to get new coins by doing work with their computers and that everyone has a fair chance to get new coins based on the amount of work you do. This computer work helps make Zcoin secure and keeps it running.
“Some other systems aren’t as fair… Zcoin’s system makes it so that everyone has a fair chance of winning new coins.”
2. What are some common misconceptions about Zcoin that should be cleared up?
Reuben: “Because of the similar name we are often mistaken as a fork of Zcash or that we use the same code or cryptography.”
“Zcoin was launched before Zcash and our code bears very little resemblance to Zcash.”
“Although both coins use zero knowledge proofs, we use different cryptography. Zcoin uses the Zerocoin protocol which uses RSA accumulators while Zcash uses bleeding edge cryptography called zkSNARKs in their Zerocash protocol.”
3. What advantages does Zcoin gain by having both masternodes and proof of work consensus? Most privacy coins don’t go that route… why not?
Reuben: “Masternodes don’t help with consensus, but rather provide an infrastructure layer. The zero knowledge proofs that Zcoin uses occupy more space and also take more computational power to verify than regular transactions. Expecting people to run higher speed nodes at no cost may lead to a fragile network with very few nodes online.”
“Masternodes also allow other types of services to be built on top of the blockchain, and gives an economic incentive to upgrade nodes to handle additional loads. We have some interesting ideas on this when it comes to our next gen privacy system and see masternodes as an important backbone for scaling.”
“Also history has shown that masternodes do offer a stabilizing factor in the market: people are less likely to sell on small fluctuations in either direction.”
4. How is Zcoin positioning itself in the fight for privacy rights? Is there a focus on privacy in general, privacy in financial transactions, privacy as an option, privacy by design, privacy first?
“Our focus is privacy in financial transactions.”
Reuben: “Our new GUI is now making it a lot easier for people to understand how to use privacy properly and gives a glimpse into what’s going on in the background intuitively. Eventually we do want to have privacy on by default where you can opt out if you wish for existing compatibility, but ideally once we gain more traction and the path with exchanges are more clear, we may consider privacy compulsorily on.”
“However, although privacy is a big goal, it has to be balanced with other important considerations such as: user experience, acceptance by existing regulatory markets, integration difficulties, scaling considerations and how well it plays with other technologies such as Lightning network etc.”
“We also are highly interested in the use of zero knowledge proofs in polling/voting which is one of the most exciting uses cases of zero knowledge proofs.”
5. What sorts of demographics best fit the Zcoin philosophy, mission, and vision? Who is your target audience?
Reuben: “I think anyone who values their financial privacy fits in Zcoin’s philosophy and this can be for many reasons. For example, people living in oppressive regimes which take away financial freedom, wealthy people who want a safe place to store their funds and libertarians.
“With scandals such as Cambridge Analytica, I think people are starting to realize the importance of privacy in general; as people realize how exposed we are when doing transactions on the blockchain, privacy will gain more mainstream acceptance.”
“Our fans are from a wide range, from people who believe in our mission, speculators, miners or even just people who like the project for the values we portray. Our target audience includes those who have already perhaps owned some cryptocurrencies since only then would they understand Zcoin’s real selling points, rather than people experiencing cryptocurrencies for the first time (who would naturally seek out Bitcoin or Ethereum, first).”
6. What’s your view on the privacy coin market right now? IMHO, it’s a crowded market, with lots of coins not really innovating. Thoughts? Who’s Zcoin’s biggest competition?
Reuben: “True, there are really very few projects out there that are pursuing privacy independently. There are only a handful of privacy protocols: Zerocoin, Zerocash, Ring Signatures, variations of Coinjoin/tumblers and the unreleased MimbleWimble.”
“Many privacy coins are just Frankenstein coins: parts of other coins are integrated into a project without pursuing anything original. Worse are the ones claiming to provide privacy, but doing anything of the sort and just slapping on a TOR/i2p integration.”
“Although Zcoin does of course come from a Bitcoin base and the masternode code is from Dash, we were the first to figure out how to come up with a practical implementation of Zerocoin and how to perform the trusted setup phase. We also were the first coin to re-look into the security of Zerocoin, and funded work for this, which lead to some important vulnerabilities being patched. We funded research into MTP and made it better.”
“Now we’re working on our next-gen privacy protocol with our two PhD cryptographers.”
“Zcoin is doing a lot of independent development at the very core layer that is beyond cosmetic improvements and actively pushing the tech forward. This is why development may seem slower as many things we are doing have a high learning curve.”
“PIVX is probably our closest competitor, which uses the same Zerocoin protocol, and is inspired by us. They have done also some interesting things with it in improving usability and both our projects have contributed in making Zerocoin stronger. Of course Monero is the biggest privacy coin out there, although I think they’re beginning to reach the limits of what their technology can achieve (though it remains a solid offering). Zcash is also doing amazing work with zkSNARKs, and the minds that they have working on it are some of the best, though sometimes they have failed to consider how regular users will use their system and can come off as being too corporate/sciency.”
“Although we are all competitors, I don’t see it as necessarily adversarial. As long as they are actively improving privacy as a general goal, it is good to have multiple implementations out there to compete for diversity in ideas and for privacy technology as a whole to move forward.”
“It is only those that are just there to make money by creating coins with no real innovation that we aren’t too fond of, but in this market where general understanding is quite low, these projects are rife.”
7. What does the privacy coin market look like in 5 years? Are there still many options, or do you see consolidation?
Reuben: “I still see many options available but hopefully only those with independent implementations remain, as there is little value in having multiple copies of the same protocol unless they are utilizing it in a way that is different (for e.g. Komodo that uses Zcash’s technology in their decentralized exchange).”
“We are also seeing Mimblewimble and zkSTARKs in the pipeline. With privacy technology, there are often trade offs between each technology and right now there really isn’t a clear winner. I am confident that more privacy implementations will be devised.”
“I think as the market becomes more mature, privacy coins will decrease to those that deliver true value and innovation.”
8. What do privacy coins look like in 5 years? Everyone’s got bulletproofs, and all the coins do pretty much the same thing, or will there continue to be innovation to differentiate privacy projects? What kinds of innovations, in what areas?
Reuben: “Actually there is a very poor understanding of the public in bulletproofs. Bulletproofs right now are currently being used as a ‘range proof’ to hide transaction values. They don’t provide relationship privacy. You can still see A transacting with B. There are however other ways to use bulletproofs. So, just because it’s called ‘bulletproofs’, doesn’t mean it’s the same thing, though the coins looking to implement it now as far as I know are just looking at it to hide transaction values.”
“There are many new innovations coming up. I mean, zkSTARKs and mimblewimble, as previously mentioned, are great new innovations. Even Dandelion is a big improvement which lessens the need for hiding your IP address by just changing the way transactions are propagated through the network so that it isn’t easy to pinpoint from where it originated.”
“Anyone who thinks privacy innovations are going to be stagnant hasn’t been following privacy technologies, or are just caught up in their little coin cult. Privacy on the blockchain, especially when you’re looking at business use or in smart contracts, is of critical importance. No enterprise will want to use a blockchain which exposes all its activities.”
9. How will regulation impact privacy coins in general and Zcoin specifically?
Reuben: “Regulation is a big thing right now especially with privacy coins. I don’t think there is a silver bullet that solves all regulation issues, but Zcash’s listing on Gemini is promising, as is their continued dialogue with regulators.”
“We are of course taking precautions by looking at p2p exchange solutions and decentralized exchanges, and also engaging with regulators in the SE Asian region.”
“I think regulators would be wrong to take a negative stance on privacy cryptocurrencies. As long as the fiat gateways are regulated and those perform KYC/AML, I think many money laundering or terrorist financing issues can be addressed. Cashing out large amounts of cryptocurrencies is not that easy, and even more so with privacy coins. Cryptocurrencies are not going to replace fiat anytime soon as long as there is trust in the system of government, fiat will coexist alongside cryptocurrencies, so it makes sense to regulate the fiat that they can control.”
“Hopefully the growth and popularity of privacy cryptocurrencies will outstrip attempts at regulation, and this is why everyone needs to understand the importance of privacy before it is too late.”
10. I’ve seen some pretty disgusting governance in (nameless) cryptocurrencies, and a lack of focus on allocation of capital to the point of questionable morality. This becomes an issue for the investor… they invest with the expectation that management has their best interests in mind (the price of the currency). Where is Zcoin’s focus right now? What’s getting spend in this down time in preparation for future growth?
Reuben: “Zcoin is actively hiring additional long-term and full-time developers to join the team, and this is our biggest priority at the moment. Zcoin’s development needs to accelerate to leapfrog the competition and to fully flesh out the ideas and goals of Zcoin. We are also spending our funds in research on privacy technologies that can be used in Zcoin, and also funding bounties for miner/pool development.”
“Merchant adoption is also something we’re starting to take more seriously, and we have a couple of partnerships in the pipeline that will strengthen this. After all, a cryptocurrency needs to be used to survive in the long term (rather than pure speculation).”
“Community development also goes hand-in-hand with merchant adoption, and we’ll be starting our Zcoin ambassador program soon which will ensure educated ambassadors represent our brand throughout the world and host meetups/events. Aaron has just completed a first draft of our course material and we’re refining this. We aren’t accepting just any body to become an ambassador, as we really want to make sure Zcoin is presented the right way.”
“We have also started taking a hard look into understanding our user base which is why we engaged NagaDDB Tribal to do a consumer audit and brand definition and positioning, which we are in the final phase of. We recently engaged Lion and Lion to do a social media listening and audit to better understand our audience, share of voice and reach. Understanding this would allow us to put our marketing dollars to maximum effect when the market turns.”
“Exchange listings, although we are pursuing them, are not a huge priority at this point in time as we are already listed on some of the largest exchanges in the world. However, we are very keen to build additional fiat pairings on localized exchanges and cultivating the communities there, as has been successful in Thailand and Indonesia.”
11. How is Zcoin focused on fair distribution, decentralized coin supply, and protecting investors through good governance?
Reuben: “The majority of the block reward still goes to mining and once MTP comes out, this will serve in greatly decentralizing and democratising the mining reward since nobody can easily gain a significant advantage.”
“We also aim to make it easy for users to mine by having it inbuilt in our wallet at a later stage, so that people don’t have to go through the technicalities of setting up a miner.”
“We don’t have any plans to up the Znode reward and we feel that it’s at a good point right now that is still attracting new Znode holders, but not giving incredibly high gains.”
“Zcoin’s inflation is relatively high following the same schedule as Bitcoin, and although some see it as a bad thing, given that we’re a crypto-CURRENCY, the high inflation allows for longer periods of fair distribution and this is important in the long run. We’re not talking like 2-3 years, but like 5-10 years down the road. In fact, you will actually realize that most cryptocurrencies aren’t owned by that many people, which should be very alarming. This is why MTP is so important in our strategy despite it being so complex and a real challenge to implement.”
“Although we have a founder’s reward, which rewards our seed investors and also funds the team, this is set to cease in about 2+ more years. You have to realize that when Zcoin was founded, there was no such thing as an ICO. Though even then, we also managed to get our seed investors to agree to halve their reward and to also sell part of their stakes to strategic investors or to fund important partnerships so the centralization isn’t so bad (and most importantly it is 100% transparent).”
“As for good governance, I am particularly proud of Zcoin’s communications to the community on what we are working on and the reasoning behind the decisions we make. For example, the disclosure of the hack, our decision to delay MTP last year, the founder reward halving, or even the block time halving. We hold polls on important decisions.”
“Eventually, we will have a more formal governance system that will be powered by the community, but right now we haven’t found an ideal system to achieve decentralized governance. This is something that should be considered when the project is a bit more mature and the core technologies locked down.”
“Those who engage us in our community have always had access to our top level management, and I think you get a good feel of who we are when interacting with us.”
12. S.W.O.T ANALYSIS! What are Zcoin’s: Strengths? Weaknesses? Opportunities? Threats?
–> IMHO, it takes intelligence, humility, and bravery to produce a SWOT like this… Reuben took this task seriously, and the analysis is great.
About Reuben Yap:
Reuben Yap is the Chief Operations Officer of Zcoin. He was a corporate lawyer for ten years specializing in institutional frameworks before joining Zcoin. He joined the Zcoin team in October 2016 and has played a pivotal role in shaping Zcoin’s strategy and vision. Reuben has been a strong advocate of online and financial privacy for over ten years, having founded one of SE Asia’s top VPN companies and being the first merchant in Malaysia to accept cryptocurrencies. He is a regular speaker at blockchain conferences with a focus on blockchain privacy and decentralisation technologies. Reuben graduated with a LLB from the University of Nottingham.
In Bitcoin, all transactions are broadcasted on a public ledger. Research has shown that external information, such as publicly announced addresses, can be used to link identities and organizations to transactions. The default reuse of bitcoin addresses exacerbates this problem.
Furthermore, the same type of mechanism used to break privacy in social networks, such as the analysis of social network topology, can be used to break privacy in the Bitcoin network.
Bitcoin and preceding alternative cryptocurrencies have attempted to solve this problem through the use of transaction mixers or ring signatures. However, there are a number of drawbacks to these proposed solutions. For one, a malicious or compromised member of a mixer or ring signature can break privacy. Furthermore, the anonymity set is a key metric to understanding how private a cryptocurrency is. The anonymity set in formerly proposed solutions is limited by the size of the mixing cycle or ring signature. Each mixing cycle or ring signature is limited by the number of transactions per cycle, which is transitively limited by the the block size of the cryptocurrency. Thus, the anonymity set in previous attempts at privacy tends to only be a few hundred transactions.
With Zcoin, the anonymity set is on a dramatically higher magnitude. Instead of having an anonymity set limited to the few dozen, Zcoin has an anonymity set that encompasses all minted coins in a particular RSA accumulator that can scale to many thousands and unlike other solutions is not subject to transaction graph analysis.
DECENTRALIZED AND FAIR SECURITY: MTP
Bitcoin and many other Proof of Work coins suffer from centralization of security. This mainly arises from the creation of highly specialized machines
The MTP algorithm was devised by Alex Biryukov and Dmitry Khovratovich from the University of Luxembourg in their paper published on the 11 June 2016 titled Egalitarian Computing which was subsequently improved in January 2018 (with research partially funded by Zcoin). These are the same researchers who came up with Equihash.
MTP was created as a way to remedy the disparity between ordinary users and adversaries/cheaters where the latter could use botnets, GPU, FPGA and ASICS to gain a significant advantage and mount a cheaper attack. The basic concept is that it should establish the same price/cost for a single computation unit on all platforms. This means that no single device should gain a significant advantage over another for the same price hence promoting egalitarian computing. With egalitarian computing, attackers would need to spend the same amount as ordinary users for equivalent ‘hashing’ power. As attackers need to usesimilar hardware as ordinary users, automated large-scale attacks become no longer possible. This combined with the fact hashing in MTP is highly memory intensive, users infected by trojans to participate in botnets would experience noticeable performance degradation and therefore more likely to suspect something is amiss.
Massive centralization can be seen with many existing proof of work algorithms such as SHA256 (Bitcoin), Scrypt (Litecoin, Dogecoin) and X11 (Dash) where hashing power is centralized in ASIC farms and normal users are not incentivised to participate in the security of the network. Even in newer schemes such as Ethash which is used in Ethereum, although it is deliberately designed to be GPU friendly (more than a 100x more efficient than on a CPU), this still encourages GPU farms and centralization. Equihash despite it being memory hard, is not sequentially memory hard, meaning it can be mostly parallelized which makes development of ASICs more likely.
This doesn’t mean that we discourage GPU mining, but with MTP it is foreseen that even with GPUs mining, CPU mining would still remain competitive.
Fast and lightweight Verification
MTP although it is computationally and memory intensive to find the solution, once found, its solution can be quickly and efficiently verified without requiring a lot of memory. Although our reference implementation uses 2gb of RAM making it noticeable on many CPUs thus discouraging botnets as it would be noticeable to the user, MTP is designed to even support RAM usage up to 10 gb while remaining quick to verify that is not possible with other PoW implementations.
This is important since by keeping verification quick, this makes the network more resistant to DoS attacks that target verifiers. It also allows lightweight hardware such as smartphones to perform verification which is not possible on many other hard memory hard algorithms. Verification speed of MTP is very quick.
- Twitter: @zcoinofficial
- Homepage: https://zcoin.io/
- Academic Papers: