Zcash (ZEC) is a fork of the Bitcoin protocol. Like so many projects, Zcash has made it its mission to eliminate a major weakness of Bitcoin (BTC) in 2016: Bitcoin transactions are only pseudo-anonymous. This means that no name is associated with the transactions. Since the transactions are stored in a public blockchain, the transaction history can be traced by anyone.

In particular, larger analysis companies, but also individual persons, can link individual transactions with each other and identify related payments and thus track the activities of the Bitcoin user. By linking the transaction data with the personal data stored on cryptocurrency exchanges, even the user can possibly be fully identified.

This problem can be avoided by Bitcoin-Mixer. However, mixers have some disadvantages. For example, the user must trust the provider of the tool to return the BTC. In addition, users of mixers must trust that the provider will not pass on the user data and that their own transaction will not be associated with criminal transactions.

What is ZCash?

Due to the problem described above, Zcash (ZEC) was developed by the Zerocoin Electric Coin Company and forked by the Bitcoin Blockchain on October 28, 2016. Zcash is a decentralized peer-to-peer cryptocurrency that belongs to the Privacy Coins, such as Monero (XMR), Dash (DASH), Bytecoin (BCN), Verge (XVG), PIVX, GRIN and Bitcoin Private. This means that ZCash is a cryptocurrency which hides the data of its users and in particular the receiving address, the sender address and the transaction amount from the public.

Like Bitcoin, ZCash has a maximum supply of 21 million. At this point, however, the common features of the two cryptocurrencies already end. In addition to complete anonymity, the ZCash developers have made numerous other changes to the Bitcoin code:

• Consensus algorithm: With Equihash, a memory-oriented proof-of-work algorithm was implemented.
• Block time: The block interval target has been changed from 10 minutes to 2.5 minutes.
• Mining Difficulty: ZCash has introduced a “gentle” difficulty adjustment algorithm based on DigiShield v3.
• Founder Reward: The Zcash team has introduced a Founder Reward equal to 20 percent of the Block Rewards for the developers who developed Zcash. This is used to fund ongoing development. In addition, the ZEC Foundation was established to manage the funds. After the first 4 years, the founder’s reward ends. From this point on, 100 percent will be distributed to the miners.

At the heart of the Zcash technology, however, are the so-called “zero-knowledge proofs”, which make it possible to validate transaction data without disclosing information about the amount and the parties involved.

The science behind Zcash

The technology of Zero Knowledge Proofs was developed in the 1980’s thanks to the work of MIT researchers Shafi Goldwasser, Silvio Micali and Charles Rackoff and represented a scientific breakthrough in the field of cryptography. The Zero Knowledge Proofs solved the initially difficult to understand problem that knowledge about something is verifiable without revealing the information.

From a technical point of view, the problem can be described as two parties (the proofer and the verifier) communicating with each other and the proofer having to convince the verifier with a certain probability that he knows a secret without revealing any information himself. In order for the verifier to do this, Goldwasser, Micali and Rackoff have established three three conditions that must be fulfilled:

• Completeness: If a statement is true, the verifier can convince the verifier.
• Reliability: If the statement is false, the verifier cannot convince the verifier.
• Zero-Knowledge: If the statement is true, the verifier only learns that the statement is true.

Since this is very difficult to imagine, we would like to give you an example to illustrate the problem. Imagine that A is in possession of a secret piece of information that is of great interest to another person B. B first wants to proof that A actually owns the information before B pays for it. Since A cannot disclose the information before payment, otherwise B would have no reason to pay for the information, a Zero Knowledge Proof is required. This proves that the statement is true (“A owns the information”) without B knowing the secret.

Zcash uses a certain type of Zero Knowledge Proof called zk-SNARKs (“zero-knowledge succinct non-interactive arguments of knowledge”) to enable private transactions within the Zcash blockchain.

What is zk-SNARKs?

The technical basis for ZCash’s private transactions is therefore zk-SNARKs. Technology is fundamentally changing the way data is exchanged. As explained in the Zero Knowledge Proofs, privacy is achieved by keeping transactions encrypted, but using Zero Knowledge Proofs, authenticity can be verified.

Within the SNARK acronym, “Succinct” means that the evidence is smaller and can be verified faster than in older versions of zero knowledge protocols. “Non-interactive” means that the verifier does not have to exchange multiple messages (as in older versions), but only one proof.

The next two letters stand for “ARguments” and mean that dishonest actors have virtually no way to crack the encryption due to today’s limited computing power. This would require quantum computers, which many consider a threat to zk-SNARKs, Bitcoin and the blockchain in general. The last part of the acronym stands for “knowledge” and means that it is impossible for anyone to construct the evidence without actually possessing the information.

Generation of SNARK parameters = “toxic waste”

When using zk-SNARKs, however, there is a big problem: An initial creation is necessary, which is called a “parameter generation ceremony“. During this ceremony, the so-called public SNARK parameters, which are used to create and verify zero knowledge proofs, are created. The parameters are necessary to prove that a transaction was valid.

The generation of the “SNARK public parameters” is essentially equivalent to the generation of a public/private key pair in which the public key is retained and the private key is destroyed. The problem here is that the parameters are derived from some random numbers (which Zcash calls “toxic waste”) that could theoretically be used to reconstruct the parameters.

If this would succeed, the attackers could create a copy of the private key and thus fake Zcash. To prevent this, the Zcash developers have developed a Multi-Party Computing Protocol (MPC), in which a number of multiple participants participate in a ceremony that jointly create the parameters.

The first ceremony took place in October 2016 just before the launch of Zcash Sprout. It is important to note that the SNARK public parameters must be regenerated each time the network is upgraded. Accordingly, there was a second ceremony for the Sapling upgrade in 2018. With each further upgrade, the SNARK parameters must be created again.

The following video provides a detailed description of the first “Parameter Generation Ceremony”.

t addresses vs. z addresses

As explained before, the integration of zk-SNARKs allows to hide the address, quantity and memo data within the Zcash blockchain. Important to know at this point is that not every transaction in Zcash is anonymous. Zcash users have the choice of sending the ZEC transactions anonymously via so-called “shielded addresses” (z-addresses) or transparent (t-addresses). Many cryptocurrency exchanges only offer transparent transactions.

Both address types are interoperable. This means that ZEC can be sent from Z addresses to T addresses and vice versa. However, it is important to know the result which privacy implications bring. The following graphic provides an overview of this:

Source: https://z.cash/technology/

According to the graphic, Z-to-Z transactions and T-to-Z transactions are anonymous. Of particular interest is the option of sending ZEC from a transparent address to a shielded address. This interrupts the linkability between future transparent addresses. On the other hand, a Z-to-T transaction is transparent. The protection of privacy is thus lost.

Sapling Network Upgrade Changes

With the sapling network upgrade, Zcash developers developed new shielded addresses for improved efficiency and functionality. The old shielded addresses begin with a “zc” and the new shielded addresses of Sapling begin with a “zs”.

The motivation behind the sapling upgrade was that shielded addresses found little acceptance among wallet providers (you can find the best Zcash Wallet in our Zcash review) and exchanges. One reason for this was that the anonymous transactions before the introduction of Sapling required considerable computer resources.

Sapling has therefore reduced memory requirements by over 97 percent, from around 1.5 GB to 40 MB. This also reduced the processing time for the Zero Knowledge Proof by 90 percent, from 37 seconds to 2.3 seconds.

Source: https://electriccoin.co/blog/reducing-shielded-proving-time-in-sapling/

Who finances the further development of Zcash?

The Electric Coin Company is responsible for the further development of Zcash, which benefits from part of the “Founder Reward” and plans two network upgrades per year. The team consists of scientists and developers who invented the Zcash protocol. Lead figure and best-known developer is Zooko Wilcox, who co-founded Zcash in 2016.

The Electric Coin Company writes about its mission on the official website:

We believe that personal privacy is essential for core human values like dignity, intimacy, and ethics. […]

We are not the ultimate controllers of the network — that power lies in the hands of the users. We believe in decentralization, which promotes security and fairness. Every user of Zcash is a part of the network, and helps protect it against failure and corruption.

One controversy that has been more frequently criticized by the crypto community in the past is the “Founders Rewards”. Since Zcash did not conduct an Initial Coin Offering (ICO) and there was no pre-mining, the 20 percent Block Reward is intended to secure Zcash’s future development. A total of 5.72 percent of all Zcash go to the founders, employees and consultants of Zcash. In addition, 1.65 percent will go to the investors who financed the establishment of Zcash.

The largest individual beneficiaries are the Electric Coin Company with 1.19 percent and the non-profit Zcash Foundation with 1.44 percent. Both institutions are responsible for the promotion, maintenance and further development of the Zcash protocol in the interest of all users.

Zcash Mining

Like Bitcoin, Zcash is a cryptocurrency that is mined. As explained earlier, Zcash uses the Equihash algorithm as the basis for his proof of work. This means that each time a block is added to the Zcash block chain, new ZECs are created. New blocks are created approximately every 150 seconds (2.5 minutes), with currently 12.5 ZEC generated per block.

Every 4 years, or more precisely every 840,000 blocks, a halving is carried out, with the exception of the first period, which is 850,000 blocks due to slow-start mining. The next Zcash Halving is expected to take place in October 2020. The block reward is halved from 12.5 to 6.25 ZEC (and then to 3.125 to 1.5625 and so on).

An important reason why Equihash was originally used by the inventors of Zcash was that Equihash was initially considered ASIC unfriendly. This should prevent a centralization of the Zcash network. In June 2018, however, the Chinese mining giant Bitmain announced the delivery of the first ASIC miners for Equihash.

In contrast to Monero (XMR), the Zcash developers did not modify the mining algorithm to prevent the ASICs from entering the ZEC network. Since then, the previously used graphics card miners are no longer competitive and the ZCash network is dominated by ASICs.

The ZCash Controversy

In particular, the first “Genesis Ceremony” caused an outcry within the crypto community because there was a lack of transparency and many observers saw the danger that an infinite number of ZCash could be created by the ceremony participants without anyone noticing.

The ceremony was then performed by Zooko Wilcox and five other people whom he considered to be “ethically sound”. Everyone was asked to generate a shard of the public-private key set. The basic idea of the ceremony was that only one “honest” participant was needed to destroy his part of the key so that the “toxic waste” would not be usable.

The only way to reconstruct the parameters would have been for all six participants to coordinate. If this had been the case, the persons would have been able to make a copy of the private key and thus fake Zcash. Due to the anonymity of Zcash, it would never have been noticed that ZEC had been created beyond the measure of 21 million.

That’s why the criticism from the community was so strong. Even though five participants are now known, including the renowned Bitcoin developer Peter Todd, the Genesis ceremony is still considered a weak point for Zcash.

Since the Genesis Block Ceremony, however, ZCash has performed other improved ceremonies (with every hard fork). To increase security, the Multi-Party Computing Protocol (MPC) has been extended to more people. The “Power of Tau Ceremony” as part of the sapling upgrade included around 90 different people who were affected by the SNARK public parameters. At this point at the latest, the ceremony should no longer be regarded as a weak point from our point of view.

Conclusion: Is ZCash worth an investment?

Although the ZEC price has fallen steadily since 2018, Zcash can be an interesting investment. The fall in the ZEC price should be seen in the context of the 2018 bear market and the Bitcoin dominance in 2019. From a purely technical point of view, Zcash has made significant progress during this time with both the Overwinter and the Sapling upgrade.

This allows shielded transactions to be sent in a few seconds with a fraction of the RAM previously required. This is another reason why ZCash, along with Monero and Dash, is one of the most popular privacy coins on the crypto market.

Despite the fact that Privacy Coin has a bad reputation in the mainstream media, Zcash, ahead of Monero and Dash, was listed on Gemini in May 2018 and on Coinbase in November 2018. As both platforms belong to the stricter cryptocurrency exchanges in the USA, Zcash (ZEC) received strong recognition as a result. The price reacted accordingly at the time. Nevertheless, a ban on anonymous crypt currencies has already been discussed in various countries around the world. Delistings might as well push the price down again.

On the other hand, following the example of Bitcoin, the next Zcash Halving could be a reason for a rising price of Zcash. Buying Zcash (click here to come to our tutorial!) is risky in any case, as with other cryptocurrencies.

A nice summary of what Zcash is and what it stands for can be found in the following Electric Coin Company video.