Zcash's Next Upgrade to Make Private Transactions 100x Lighter and 6x Faster

Zcash's upcoming Sapling hard fork, expected to execute on Oct. 29, makes substantial improvements to the efficiency of its private transactions.

AccessTimeIconOct 26, 2018 at 8:00 a.m. UTC
Updated Sep 13, 2021 at 8:31 a.m. UTC

Zcash's core differentiator, shielded transactions, are computationally heavy – so much so that most users and exchanges can't support it.

Heralded as a privacy breakthrough in the crypto community, shielded transactions run a type of cryptography named zk-snarks in order to obscure transaction data. But a new upgrade, predicted to activate on October 29, is being touted as a significant improvement of the usability of the protocol overall, but specifically for the use of these privacy-enabling transactions.

Dubbed Sapling, the hard fork upgrade has been the primary focus of the Zcash Company, the for-profit responsible for developing on the cryptocurrency, since its launch in 2016.

Due to the technical changes included in Sapling, exchanges and wallets will be more readily able to accept shielded transactions. Light and mobile wallets will also be a possibility – meaning that users can send anonymized transactions straight from their mobile devices.

Speaking to the gains, CTO of the Zcash Company Nathan Wilcox, told CoinDesk: "The Sapling protocol will allow shielded transfers to be completed with about 100 times less memory and probably six or more times faster."

It's a notable step given currently, shielded transactions are only possible for users running a full node.  And with the upgrade, the team at the Zcash Company hopes it can ultimately remove transparent transactions, the non-private zcash transactions that can be damaging to zcash anonymity when used together with shielded transactions.

Eventually, this will usher in an era of "privacy-by-default," according to developers.

"We hope to see a migration toward shielded Sapling adoption, and as that migration continues we hope to transition to privacy-by-default when the time is right," Wilcox said.

Continuing, Wilcox said:

"All [Sapling] is doing improving the performance and the security. Who wouldn't want that?"

Light and diversified

Saying zcash without the Sapling code changes "is just too inefficient and too cumbersome," Wilcox said that the ability to support light clients will be huge for the cryptocurrency.

Light clients are those that don't store the full data from the blockchain but still have the assurance of being secure. These are typically clients working on a mobile device, which doesn't have as much storage space or computing power as laptop or desktop computers.

Still, these clients "won't just appear during the activation day," Wilcox said.

Instead, this will require some development work. For example, if not coded carefully, light clients can reveal transaction information to its wallet host.

Describing that as "dangerous," Wilcox said the Zcash Company is working on a proof-of-concept Sapling wallet that demonstrates how the code can be trustless.

"Our goal is to make a light wallet that has privacy protections even against a service provider," he told CoinDesk. "The goal is for us to design a whole [user experience] all around Sapling specifically and make sure that we can have the usability and the privacy work really well together."

This wallet though might not be released to end users, but instead only serve as a guide for third-party implementations by developers.

Another feature Sapling includes that will encourage more use of shielded transactions is so-called "diversified addresses," which make it easier for exchanges to support more users utilizing the transaction type. Simply put, diversified addresses allow exchanges to issue multiple addresses for the same wallet.

In the future, the upgrade may have positive implications for privacy, Wilcox said, as wallets may deploy the feature to allow users to generate multiple addresses for the same account.

"It's the same amount of work [as one wallet], but the exchange will be supporting a million users while doing that," he said.

Finally, Sapling will introduce a feature named a viewing key to selectively reveal transactions. According to Wilcox, that allows users to benefit from optional transparency, but do so in a way that comes with less inherent risk.

"If we have a privacy-by-default chain and you want to have an account that's public you can just publish the viewing key to the world," Wilcox said,

"That's the world we want to move to."

A turnstile audit

There is some subtlety involving the Sapling release, though.

In order to take advantage of the upgrade, users need to migrate funds from the earlier version of zcash, dubbed Sprout, into a new Sapling address – a move which will reveal user funds.

While the exposure of funds could come across as "surprising" to users, Wilcox said, it was done intentionally, in what he called a "turnstile audit."

"It's actually done intentionally because there's always the possibility that the Sprout ceremony was compromised," Wilcox said.

Stepping back, when zcash launched Sprout in 2016, it underwent a ceremony called a "trusted setup," where the zk-snarks underlying its private blockchain were generated. This has been criticized for being vulnerable to attack. The concern is, if the ceremony had been compromised, it would allow users to print nonexistent zcash tokens.

As such, the company is running this turnstile audit during the Sapling migration. Wilcox said, "as sort of a check on that risk we want to do a sort of global audit to make sure that no counterfeiting has occurred."

Towards this goal, the Zcash Company is releasing a migration tool and urging users to wait until this tool has been completed before migrating their funds. If users all migrate using the tool, the overall privacy will be better, because the actions of individual users are merged into one flow.

The tool won't be completed for a number of months, meaning that for now, Sapling and Sprout addresses will continue to be supported by the zcash protocol.

Sprout addresses will be retired at some point in the future.

Yet, Wilcox stressed that the eventual retirement will not impact user funds. Once retired, users will be no longer able to receive transactions on Sprout addresses – but sending outward transactions to a Sapling address will function perfectly.

Still, this doesn't mean that there are two different networks running concurrently. Users are still expected to upgrade their software to Sapling, and because of the new code's superiority, Wilcox doesn't expect there to be any problems here.

Speaking to that, Wilcox concluded:

"It's not scalability of the base protocol, but it allows exchanges and wallets and things of that nature to support many users more efficiently."

Light trails in tunnel image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.