Over the last several years, the number of digital currencies has skyrocketed. While some of these have developed substantial market capitalizations and carved out their own unique niches, few have shown promise for offering users a high level of privacy and fungibility.
Bitcoin, which had its genesis block mined in 2009, was the first digital currency to scale. While many early adopters took interest in bitcoin because of its promise of privacy, the digital currency failed to provide this benefit, as interested parties can examine the transactions recorded on bitcoin’s blockchain to get a sense of exactly what a person or entity has purchased.
Dash leverages a technique called "CoinJoin", in which several users put funds into the same transaction in order to increase the chances of privacy. Alternatively, Monero harnesses ring signatures to reduce the chance of detection.
Both of these cryptocurrencies have made great progress toward realizing the goal of anonymous transactions, and Monero has received widespread adoption in the dark web.
However, Zcash’s technology seemingly gives users the ability to enjoy an even greater level of privacy. By allowing users to remain anonymous, Zcash can provide them with greater fungibility.
This is because many digital currency transactions rely on the use of private keys – strings of letters and numbers that identify a user. An address can become attached to several transactions over time, making it easy for friends, family, marketers or even government authorities to learn more about a person’s purchasing trends.
And if a user’s private key is attached to certain transactions, some parties may refuse to accept his or her money. This is where Zcash comes in.
What is Zcash?
Zcash leverages zero-knowledge proof constructions called zk-SNARKs, which allow two users to exchange information without revealing their identities. While the bitcoin blockchain contains records of the participants in a transaction, as well as the amount involved, Zcash’s blockchain shows only that a transaction took place, not who was involved or what the amount was.
The developers involved started the Zerocoin project to address the security limitations of bitcoin. The protocol they created allowed users to convert bitcoin to zerocoins, which provided a greater level of anonymity by concealing the origin of a payment. The protocol allowed users to split up or alternatively merge zerocoins, and also convert them back to bitcoins.
More recently, the aforementioned developers collaborated with cryptographers from MIT, Tel Aviv University and The Technion (Israel Institute of Technology) to create Zerocash – an improved protocol that provided payments with greater privacy than offered by Zerocoin and has since been developed into the cryptocurrency Zcash.
Zerocash offers zerocoins, which help users insure privacy, as well as basecoins, which do not have the extra privacy features.
Under the Zerocash protocol, users have the ability to conceal both the senders and recipients involved in transactions, as well as the amounts transmitted. The Zcash staff refrain from describing the new technology as anonymous, although in most cases, the technology has that quality.
One major benefit that has stemmed from this higher level of anonymity is greater fungibility.
Why fungibility matters
, the ease with which units of a certain asset can be substituted for one another, is important because it ensures that one person’s money is as good as another’s. When history exists for money, that money may not be accepted for all kinds of transactions.
For example, if a vendor accepts digital currency as payment for their goods, but can easily track the history of the currency it accepts, the vendor can simply reject payment from certain would-be customers based on their prior purchasing behavior.
Bitcoin users have already encountered challenges stemming from the public nature of the blockchain. Some bitcoin exchanges have “blacklisted” or refused to accept certain bitcoins after significant amounts of the cryptocurrency were stolen from wallets.
When certain coins are blacklisted in this manner, users are given an additional burden of confirming the origin of these coins. Past that, requiring users to verify a coin’s user history could produce additional problems, for example users finding themselves unable to use a specific coin because of someone else’s past actions.
While Zcash’s cryptography is bleeding-edge, it is “highly experimental” and “relatively weak,” Bitcoin Core developer Peter Todd wrote in a blog post. He further elaborated on his skepticism, writing:
Todd went into further detail:
“There appears to be uncertainty about the strength of the actual parameters chosen for Zcash’s crypto,” he said. “The threat here is that an attacker may be able to create fake zk-SNARK proofs by breaking the crypto directly, even without having access to the trusted setup backdoor.
Technologists have also pointed out that challenges could arise as a result of the 'ceremony' that was used to create SNARK public parameters. Developing these parameters, which are numbers with a “specific cryptographic structure that are known to all of the participants in the system,” essentially requires creating a public/private keypair and then destroying the private key.
The ceremony, which is formally called a multi-party computation protocol, involved six participants creating individual “shards” of the private/public keypair and then burning them to DVDs.
Participants, including Todd, followed instructions contained in a document called “Zcash Multi-party Computation Instructions” to create these individual shards. This document, which was acquired by CoinDesk, provides technical requirements for the hardware used, as well as instructions for downloading the needed software and burning the shards to DVDs.
After following this process, the six participants destroyed their shards of the private key and combined the shards of the public key to create the SNARK public parameters. ZCash referred to the private key shards as “toxic waste”.
In reference to the ceremony, Zcash stated that:
“If that process works – i.e. if at least one of the participants successfully destroys their private key shard — then the toxic waste byproduct never comes into existence at all.”
Following the ceremony, the participants proceeded to destroy the computers used to create the shards with the intention of preventing anyone from using the keystrokes entered into those computers to create counterfeit Zcash currency (which goes by the token symbol ZEC) that users cannot identify as being fake.
This approach comes with a few drawbacks. For starters, there is no way to prove that the six participants did not conspire together to keep the public key. Past that, they could have been compromised somehow, resulting in an outside party receiving the information needed to create another public key.
Individuals interested in creating counterfeit Zcash tokens could potentially recover the keystrokes from the computers used in the ceremony through traditional cameras, radio signals, satellites and other methods, said Todd.
If they could recreate the aforementioned ceremony without missing anything, it would give them the ability to create counterfeit currency. Because all Zcash transactions involve zero-knowledge transfers, users would be unable to distinguish between counterfeit Zcash coins and ones created through legitimate mining.
How the market works
While ZEC is far newer to the scene than some digital currencies like bitcoin, its market functions in a similar fashion. Traders can buy and sell it outright through exchanges like Poloniex and Kraken.
Before futures trading became available, interested parties could gain exposure to Zcash tokens by mining them.
Like many other digital currencies, Zcash offers interested parties the ability to mine blocks. The Zerocash protocol harnesses a proof-of-work algorithm which relies on how much RAM a miner owns.
On 9th September, Zcash announced the first beta release of the Zcash reference implementation (v1.0.0-beta1), which it deployed to the testnet. All coins mined using this software remained testnet coins, and therefore had no monetary value, until Zcash’s official launch in October.
Following this release, the digital currency attracted a tight-knit group of developers. On 27th September, Zcash announced that it was hosting a challenge whereby competitors could submit new methods for mining the currency. These participants were given until 27th October to provide new potential methods.
On 5th October, hosted mining firm Genesis Mining showed its support for the privacy-focused digital currency when it announced that it would soon allow customers to purchase miners operated by Genesis for the sake of mining Zcash.
Unique mining model
Zcash’s supply model is rather similar to that of bitcoin, although it has some key differences. Like bitcoin, the Zcash protocol caps the total number of tokens at 21 million. In addition, its mining reward is cut in half roughly every four years, just like bitcoin.
One major difference that sets Zcash mining apart is that 10% of the 21m units mined using the Zerocash protocol will go to Zcash’s stakeholders, ie: its founders, employees, investors and advisors. This is called the "Founder’s Reward".
The stakeholders will not receive this reward in a linear fashion. In the beginning, the protocol results in the creation of 50 ZEC every 10 minutes, with 20% going to the founders and the remainder going to the miners. Every four years, this mining incentive will be cut in half, but 100% of this reward will go the miners after the first four years.
Another important difference is that the Zerocash protocol harnessed a slow-start mechanism, which impacted the incentive provided for the first 20,000 blocks (mined over approximately 34 days). The rationale behind taking this approach was managing the risk of the protocol having a “major bug or security vulnerability.” If such a problem was discovered, the slow-start mechanism would help reduce its impact.
Pursuant to this mechanism, the mining incentive slowly increased until it reached 12.5 BTC at the 20,000th block. The rate of increase was such as the first 20,000 blocks would create a total mining reward of 125,000, half as much as the 250,000 it would be if they all provided an incentive of 12.5 ZEC each.
The Zerocash protocol scheduled the next halving for the 850,000th block, at which point the reward would decrease to 6.25 ZEC.
Several factors have combined to help fuel price volatility in ZEC. The cryptocurrency enjoyed very strong demand shortly after its release, resulting in its price surging to roughly 3,300 BTC (more than $2 million) on its first day of trading, according to Poloniex. However, ZEC quickly moved in the other direction, falling to 48 BTC the same day.
By 20:15 UTC on 23rd November, ZEC was trading at 0.097 BTC ($71.82), less than one-tenth of a bitcoin, according to additional Poloniex data.
These sharp price fluctuations took place after BitMEX Zcash futures experienced sharp appreciation leading up to the digital currency’s 28th October release, which surged from as little as 0.027 BTC ($18.50) on 15th September to 0.78 BTC ($535) on 28th October, BitMEX figures reveal. However, the futures had plunged to 0.049 BTC ($36.17) as of 15:00 UTC.
In addition to the Zerocash protocol’s zk-SNARKS being largely untested, the digital currency had yet to be adopted by any platforms that might use it as a currency. As a result, its value was purely speculative at the time.
Going forward, Zcash prices will depend on supply and demand, with the former steadily increasing and the latter uncertain. Fortunately, the volatility that goes along with speculation has created opportunities for traders, who might invest in Zcash in an attempt to turn a profit.
Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Zcash.
This article is not intended to provide, and should not be taken as, investment advice.
Coins image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.