Kryptolesson #25

What is ZCash?

Besides Dash ↗ and Monero ↗, ZCash ↗ ranks among the three largest privacy coins on today´s cryptocurrency market by market capitalization. Privacy coins were invented to do what their name suggests – to ensure privacy of its users. Non-private cryptocurrencies, e.g. Bitcoin, are completely anonymous, however not private: the full transaction history and holdings of a public address can be publicly viewed on the blockchain. Although the public address does not reveal a person´s identity, one might link a wallet address with a person’s identity by other means. Once done, the entire history of wallet’s transaction history can be assigned to a real person. With privacy coins, the sender, receiver, and transaction amount are kept hidden i.e., fully encrypted on the blockchain.

What sounds easy comprises a major technical challenge: when data shall be kept encrypted on the blockchain, the blockchain network cannot directly validate the provided information (i.e. create consensus ↗). Privacy coins must utilize complex mathematic to attain verification through the network consensus without revealing the underlying data. The mechanism implemented in ZCash is called ZK-SNARKs.

To break down the concept of ZK-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge), one can utilize the so-called “Ali Baba Cave example”: Let´s say that Peter (the prover) claims to have the key to a door that connects the two ends of a cave with each other. He wants to prove) that he truly holds the key to Viktor (the validator), however he does not want to disclose the key. Peter now enters the cave through A or B – he chooses the entry randomly. Afterwards, Viktor asks Peter to leave the cave through, let´s say, exit B. (Viktor randomly chooses one exit where he wants Peter to exit the cave.) If Peter spuriously claims to have the key to the connecting door, he would have a 50% chance to leave the cage through exit B. If this scenario is repeated multiple times with Peter always leaving the cage through the exit that is chosen by Viktor, this proves that Peter actually possesses the key to the door. To transfer this analogy on the blockchain: the process of circling the cave is a likelihood proof that encrypted data is valid, without revealing the data to the network. Hence, it is possible for the data to become verified by the consensus mechanism and to occur encrypted on the public blockchain.

ZCash allows users to choose between private addresses (z-address) or transparent addresses (t-address). ZCash offers interoperability of z-addresses and t-addresses, so that in total four transaction types are possible: (1) private: from z to z; (2) deshielded: from z to t; (3) shielded: from t to z; (4) public: from t to t. A private transaction, i.e. from one z-address to another z-address, appears on the blockchain only in such a way that it is known to have occurred; the addresses or the transaction amount appear encrypted. Transaction type (4) works like any non-private cryptocurrency transaction, with the sender, receiver and transaction value publicly visible. A deshielded transaction reveals the respective t-address as well as the amount which that t-address received. Shielded transactions function the inverse way.

To build the technology of ZK-SNARKs, ZCash developers had to initially deploy a trusted setup. ZCash claims that the secrets associated with the trusted set up key were fully destroyed. There is even security footage of the destruction of the relevant RAM chips. Besides major advantages of address and transaction privacy, this has been one of the largest areas of concern for critics. In addition, there is a tradeoff between the increased level of privacy coins offer and the ability for authorities to track fraud and crime on the blockchain.

Photo by Martin Woortman