Zcash: Separating Fact from Fiction


I have been reading more and more misleading information about Zcash on various forums like Reddit, Github, Bitcointalk, etc… Some of it may be just misinformed but it seems that a large proportion of it is intentionally inaccurate in an attempt to discredit Zcash.

So with that in mind I have made this list of Zcash Fact vs Fiction points to address these misconceptions. The “Fictions” are the incorrect assumptions about Zcash or (more often) half-truths that are loosely based on fact but are still incorrect.  All opinions are my own and do not necessarily reflect those of Zcash Company.

Fiction: The Trusted Setup can be used to compromise Zcash users Privacy

Fact: If the Trusted Setup were somehow compromised the attacker would theoretically be able to forge coins but the privacy of all Zcash users transactions would still remain intact. There is no evidence whatsoever that the first Trusted setup was compromised. And since we are on the subject; I know the Trusted Setup has been a big source of distrust among Zcash detractors despite an elaborate ceremony which had reporters, videos, and many first hand accounts. So I have good news for those who don’t “trust” the “trusted” setup; the next major upgrade to Zcash will involve a new Multi-Party Computation (AKA Trusted Setup) with a randomness accumulator that will allow it to scale as large as hundreds or even thousands of individuals.

Fiction: Zcash is not private by default

Fact: As soon as a miner finds a Zcash block the first thing that must be done before the Block reward can be spent is the ZEC must be sent to a Private Zaddress. It is coded that way and cannot be bypassed, that is the very definition of “default”. If a miner then chooses to later de-anonymize their funds then that is their choice to make.  What opponents to Zcash really mean when they say “Zcash is not private by default” is that Zcash does not force users to use Private addresses which is somehow “not as good” as other coins that don’t give users choice. The problem I have with this logic is that it implies that you the user can’t figure out for yourself if you want to make a public or private transaction. Zcashs’ private transactions using zkSNARKS shield the Sender + Recipient + Amount sent as well as provide the largest anonymity set of any coin ever made. A quick look on the Z.cash website clearly explains the differences between public and private transactions and Zcash users are free to decide for themselves how they choose to use Zcash. Which brings us to our next fiction:

Fiction: Less than 10% of Zcash transactions are private so that compromises Zcashs total anonymity

Fact: Firstly, at the time of writing this 23% of all network transactions are shielded. Secondly, the fundamental flaw of other coins implementations of privacy such as CoinJoins/Mixers/RingCT/Tumblers/etc .. is the disconcertingly small anonymity set that they provide. These other coins and services have attempted to obscure your transactions by mixing your coins with other participants but those methods are still vulnerable to a number of privacy attacks.  With Zcash the anonymity set is every shielded (private) transaction ever made. Thereby Zcash private transactions still have a much larger anonymity set than any other coin despite private transactions being relatively less popular than transparent transactions. This makes Zcash shielded transactions much more resistant to privacy attacks than any other crypto-currency.

Fiction: Zcash is Taxed 20% for a few greedy developers to get rich quick

Fact: Instead of doing a hidden pre-mine or some sketchy ICO that seems popular these days the Zcash founders decided to allocate 10% of the 21 million Zcash that will ever be issued to go to a set of addresses dubbed the “Founders Reward” The funds will be allocated from the mining rewards 20% for the first 4 years of mining and then nothing after that. The term Founders Reward is a bad choice and misleading as to what it actually does; you can see the complete breakdown of where all the funds will be spent in this post. You can see in that post that it’s not funneling massive amounts of coins into Zookos pockets so he can sleep on piles of money as Zcash detractors would have you believe. The funds go to pay back the investors that helped get Zcash off the ground (no ICO remember) to pay the developers /engineers /staff salaries so they can have full time jobs improving Zcash and to start the non-profit Zcash Foundation. In my opinion this a far better way to fund a project because it provides a continual incentive for the team to make Zcash better because if Zcash does poorly their pay is directly affected.

Fiction: Zcash can be “de-anonymized” or “backdoored” at any moment

Fact: This is a straw man argument and is complete bullshit. Despite what the pundits say, regardless of Zookos tweets (that are often taken out of context), regardless of what country Zcash Company is based in; it is statistically impossible to retroactively de-anonymize Zcashs’ zero-knowledge transactions. zkSNARKS are true Zero-Knowledge cryptography so even if the team wanted to they couldn’t go back and link users to their transactions. If the core development team did somehow try and insert a backdoor into Zcash the code is open source and the team would immediately be called out on it by the public and other developers who maintain the many forks of Zcash like Zen, Hush and Komodo. Furthermore Zcash is just like Bitcoin in this regard, the node operators and miners ultimately decide what software to run. Just like the Bitcoin scaling debate, if miners and node operators don’t like the newest code put out by the development team they can refuse to run it.

Fiction: Since Zcash Company is based in USA the Zcash network can be shut down by request

Fact: Zcash is just like Bitcoin with a widely distributed network of nodes around the world and technically cannot be hacked or shut down by a single person/ government/ or organization including Zcash Company. Zooko has made it a priority to open source the code and decentralize management via the Zcash Foundation so that even if the Zcash Company were to be dismantled one day or somehow cease to exist, the network would still function without it.

Fiction: Zcash is “Linux only” so most people can’t use it

Fact: If you look at the usage statistics on explorer.zcha.in you can see that 40% of the nodes are running “Bean Stalk” software which is the Windows full node and wallet developed by David Mercer. The Windows and Mac versions also have a GUI to make it easier for new users who want to run a full node. You can find a list of the many types of Zcash online, hardware and local wallets that run on Windows, Mac, iOS, and Android here. Of those listed wallets only three of them (Linux, Windows, Mac) can use Zcash private addresses. The Zcash team is small compared to many companies. Since they have limited resources to allocate to engineering tasks they support the community to port Zcash to different platforms like Mac and Windows. This approach has let the team concentrate on the primary goal of Zcash, which is to make the core cryptography and protocol as efficient and as strong as possible to ensure Zcash users privacy.

Fiction: Zcash takes “several minutes” and 8GB of RAM to process a private transaction

Fact: The time and computing power that it takes to process a T-address (non-private) transaction in Zcash is identical to Bitcoin. When you want to perform a Z-address (private) transaction it takes 3.1GB of RAM and an average of 40 seconds to perform the encryption (JoinSplit) operation and send the transaction to the network for confirmation. This is based on numbers from the current release tests at speed.z.cash.  The developers know that in order to enable the use of Z-addresses on low power devices they need to make the processing more efficient. They are working on two approaches:  LMP- Low Memory Proving, reducing the RAM required for z_addresses from 3.1GB to just 40MB and Time from 40 seconds to 7 seconds allowing for the average smartphone to be able to run them. (LMP will be ready with the Sapling Upgrade in 2018!!) and the second approach is DPT- Delegated Proving, allowing a separate server to validate private transactions allowing for very, very lite wallets to process private transactions (like browser-plugins, apps, raspberry pi, etc..)

Fiction: Zcash has a “slow network” since private transactions are “hard” to process

Fact: If we are going to compare network speeds we have to have a baseline, so let’s compare it to Bitcoin: The target block interval for Bitcoin is every 10 mins, where with Zcash the Block interval is 2.5 mins. And Zcash has 2MB blocks (compared to 1MB for Bitcoin) so that means that Zcash currently has roughly 8x the transaction capacity of Bitcoin. (4x as many blocks with double the capacity per Block) Next we know that Zcash has two types of Transactions, Transparent and Private. For an average transaction size of 2000 bytes in a Private Transaction (JoinSplits are at least 1.5 kB IIRC, larger for more than two inputs or outputs), that’s 6.67 tx/s for the targeted block interval of 150s. Keep in mind the team is working on reducing the JoinSplit size so that will only increase the max number of Shielded tx/s. Therefore since blocks currently contain a mix of Shielded and Transparent transactions the network limit is (currently) somewhere between 6.67 and 26.67 transactions per second which is much faster than Bitcoin. In fact if every single Bitcoin user were to switch to Zcash today, Zcash would still be faster and have capacity to spare.

Fiction: Zcash is not widely accepted on Darknet markets and somehow that’s a bad thing

Opinion:  This last one always leaves me saying WTF? Why would you want to promote the use of your favorite crypto-currency on dark marketplaces? The only reasons I can think of are self-centeredness, greed, and short-sightedness (or a combination of all those). You really have to have your head in the sand if you think that darknet markets “don’t harm real people” because they “just let people buy drugs”. From the poor and impoverished who are forced to grow, produce, or run as mules for cartels or the funding of egregious human rights violations like human trafficking, use on darknet markets is not something to be proud of. Zcash doesn’t need darknet markets to be successful and I hope that Zcash doesn’t ever get widely used on them.

Illegal use is often an unfortunate by-product of any advance in technology. From Apple encrypted cell phones to end-to-end encrypted chat like WhatsApp or Facebooks messenger one could argue that those all help the bad guys do their job easier but to stop the discussion there is missing the point. Privacy is a fundamental human right and is important to preserve despite potential drawbacks because without privacy you can’t truly have individual freedoms. The same goes for digital currencies, the fundamental flaw in Bitcoin and other public ledger technology is that they allow anyone to follow your transactions. If you are a true crypto-currency proponent (regardless of which coin you support) you have to think about the big picture: widespread adoption as a currency. What happens when we cross that threshold of major business, governments and countries accepting crypto-currencies? Do you want anyone seeing what you stores you shop in, how much you pay in taxes, how much you get paid, what charity, organization, or political party you support, what doctor you have paid a deductible to for healthcare or private consultations?

I can’t tell you what the future holds or if we will ever get to that point of mass adoption, but I can tell you I support Zcash because I can see that Zooko and the core team believes these same fundamental truths of the need and right of individual privacy. I believe Zcashs’ cutting edge cryptography holds the ability to make true financial privacy a reality for everyone.

I hope this list will help dispel some of the misinformation/ disinformation that has been making the rounds lately, thanks for listening.