Zcash is a cryptocurrency that offers anonymity by shielding sender and recipient addresses and transacted amounts. Shielded transactions are possible thanks to the power of innovative zero-knowledge cryptography, namely zk-SNARKs
What is Zcash?
Zcash (ZEC) is a peer-to-peer digital currency that offers an option of anonymous shielded transactions. It leverages recent advancements in cryptography to bring a privacy-centric alternative to Bitcoin.
At the core of Zcash is the Zerocash protocol which improves on the Zerocoin protocol proposed by Matthew D. Green back in the 1980s. Zerocoin employed a sophisticated mathematical technique called zero-knowledge proofs. Zerocash builds on its predecessor and introduces a new form of zero-knowledge cryptography called zk-snarks.
Zcash was launched on October 28, 2016. Its founder is an American computer security expert Zooko Wilcox-O’Hearn. Before launching Zcash, Zooko was a fan of Bitcoin but wished it offered a higher degree of privacy. He took the bitcoin code and integrated it with the Zerocash protocol developed by the Zerocoin team.
Zero-knowledge cryptography enables the prover to prove to the verifier the knowledge of certain information without disclosing it. In other words, you can prove to someone the fact you know a secret without actually telling it. To understand the intuition behind zero-knowledge cryptography, we will draw an analogy.
Imagine, you have a superpower that allows you to instantly know the number of leaves on a tree. Your friend does not believe you and you want to prove it to him without telling him the number of leaves. Besides, telling him the number of leaves will not do much, since your friend will have no way of verifying it other than counting the leaves himself.
You and your friend come up to a tree. You quickly count the number of leaves and close your eyes. Then you give your friend a choice of pulling a leaf off the tree. When you open your eyes, you count the leaves again and if there is one missing, you tell your friend that you know he did pull a leaf. Your friend says that there was a 50% chance that you simply guessed it. So you do it again. Now the chance was only 25%. You can repeat the procedure as many times as it takes to convince your friend. In the end, you prove to your friend that you do in fact have the superpower without telling him the number of leaves or how your superpower works. This, in principle, is how zero-knowledge proofs work. If you want a more thorough analogy, read How to Explain Zero-Knowledge Protocols to Your Children.
The acronym zk-SNARK stands for zero-knowledge succinct non-interactive argument of knowledge and is a variant of zero-knowledge cryptography. The zk-snark protocol does not need the prover and the verifier to interact, hence non-interactive. The word ‘succinct’ indicates that the process is fairly easy and short to perform.
To ensure the security of the Zcash network and prevent the creation of counterfeit ZEC, the Zcash team held the Ceremony of generating zk-snark public parameters (essentially ‘randomness’), which is similar to generating a public-private key pair. During the Ceremony, six trusted persons, including founder Zooko, each generated a piece of the key-pair. Then the pieces were assembled into the public key which enabled the secure operation of the Zcash network, while the pieces of the private key were destroyed.
Along with the multi-party generation of the pieces, the participants took a number of other precautions such as the use of air-gap computers, i.e. computers that were never connected to the Internet. The necessary data was passed to these computers by burning it to DVD discs from separate computers receiving the data over the Internet.
This was only the initial ceremony and, to reinforce the integrity of the network, subsequent ceremonies will include hundreds of participants.
Transactions in Zcash work much like they do in Bitcoin where one has to use their entire balance as an input of a transaction. So, making a transaction in ZEC means:
- referencing all past transaction outputs associated with the sender’s address;
- using them as an input of a new transaction;
- specifying the recipient’s address and the amount to be sent;
The rest of the balance then returns back to the sender as the second output. It is, however, advisable to use a new address, otherwise it would make easier for someone to build an identity behind the address by analysing transaction patterns.
There are two types of addresses in Zcash. Z-addresses (z-addrs) are private and start with a ‘z’, t-addresses (t-addrs) are transparent (public) and start with a ‘t’. Both address types are interoperable, meaning funds can be moved around between z-addrs and t-addrs. This means that there can be four types of transactions:
- Z-to-Z transactions, or private;
- Z-to-T transactions, or deshielding;
- T-to-Z transactions or shielding;
- and T-to-T transactions, or public.
A Z-to-Z transaction appears on the blockchain but no one besides the transacting parties can read the transaction details such as the sender address, the recipient address, the amount sent or the memo field. The owner of the z-addr can disclose the transaction details, if they wish so.
Unlike Bitcoin that uses SHA-256 which can only be brute-forced, Zcash uses Equihash, a proof-of-work mining algorithm based on the Generalized Birthday Problem. One of Equihash’s distinctive features is that it is not as computation-intensive as SHA-256 but it is quite demanding in terms of RAM. Designed to be ASIC-resistant and to democratize mining, Equihash was eventually cracked. Today Equihash ASICs are manufactured by Bitmain.
It is worth noting that 20% of all miner rewards are allocated to the Founders Reward as a way of supporting the ongoing development of Zcash. Starting from October 2020 the Founders Reward will be removed, and miners will be receiving 100% rewards. Block rewards are halved every four years, the current block reward is 12.5 ZEC with the average block time of 2.5 minutes. The total supply of ZEC is capped at 21 million coins.