Zcash's core differentiator, shielded transactions, are computationally heavy – so much so that most users and exchanges can't support it.
Heralded as a privacy breakthrough in the crypto community, shielded transactions run a type of cryptography named zk-snarks in order to obscure transaction data. But a new upgrade, predicted to activate on October 29, is being touted as a significant improvement of the usability of the protocol overall, but specifically for the use of these privacy-enabling transactions.
Dubbed Sapling, the hard fork upgrade has been the primary focus of the Zcash Company, the for-profit responsible for developing on the cryptocurrency, since its launch in 2016.
Due to the technical changes included in Sapling, exchanges and wallets will be more readily able to accept shielded transactions. Light and mobile wallets will also be a possibility – meaning that users can send anonymized transactions straight from their mobile devices.
Speaking to the gains, CTO of the Zcash Company Nathan Wilcox, told CoinDesk: "The Sapling protocol will allow shielded transfers to be completed with about 100 times less memory and probably six or more times faster."
It's a notable step given currently, shielded transactions are only possible for users running a full node. And with the upgrade, the team at the Zcash Company hopes it can ultimately remove transparent transactions, the non-private zcash transactions that can be damaging to zcash anonymity when used together with shielded transactions.
Eventually, this will usher in an era of "privacy-by-default," according to developers.
"We hope to see a migration toward shielded Sapling adoption, and as that migration continues we hope to transition to privacy-by-default when the time is right," Wilcox said.
Continuing, Wilcox said:
Light and diversified
Saying zcash without the Sapling code changes "is just too inefficient and too cumbersome," Wilcox said that the ability to support light clients will be huge for the cryptocurrency.
Light clients are those that don't store the full data from the blockchain but still have the assurance of being secure. These are typically clients working on a mobile device, which doesn't have as much storage space or computing power as laptop or desktop computers.
Still, these clients "won't just appear during the activation day," Wilcox said.
Instead, this will require some development work. For example, if not coded carefully, light clients can reveal transaction information to its wallet host.
Describing that as "dangerous," Wilcox said the Zcash Company is working on a proof-of-concept Sapling wallet that demonstrates how the code can be trustless.
"Our goal is to make a light wallet that has privacy protections even against a service provider," he told CoinDesk. "The goal is for us to design a whole [user experience] all around Sapling specifically and make sure that we can have the usability and the privacy work really well together."
This wallet though might not be released to end users, but instead only serve as a guide for third-party implementations by developers.
Another feature Sapling includes that will encourage more use of shielded transactions is so-called "diversified addresses," which make it easier for exchanges to support more users utilizing the transaction type. Simply put, diversified addresses allow exchanges to issue multiple addresses for the same wallet.
In the future, the upgrade may have positive implications for privacy, Wilcox said, as wallets may deploy the feature to allow users to generate multiple addresses for the same account.
"It's the same amount of work [as one wallet], but the exchange will be supporting a million users while doing that," he said.
Finally, Sapling will introduce a feature named a viewing key to selectively reveal transactions. According to Wilcox, that allows users to benefit from optional transparency, but do so in a way that comes with less inherent risk.
"If we have a privacy-by-default chain and you want to have an account that's public you can just publish the viewing key to the world," Wilcox said,
A turnstile audit
There is some subtlety involving the Sapling release, though.
In order to take advantage of the upgrade, users need to migrate funds from the earlier version of zcash, dubbed Sprout, into a new Sapling address – a move which will reveal user funds.
While the exposure of funds could come across as "surprising" to users, Wilcox said, it was done intentionally, in what he called a "turnstile audit."
"It's actually done intentionally because there's always the possibility that the Sprout ceremony was compromised," Wilcox said.
Stepping back, when zcash launched Sprout in 2016, it underwent a ceremony called a "trusted setup," where the zk-snarks underlying its private blockchain were generated. This has been criticized for being vulnerable to attack. The concern is, if the ceremony had been compromised, it would allow users to print nonexistent zcash tokens.
As such, the company is running this turnstile audit during the Sapling migration. Wilcox said, "as sort of a check on that risk we want to do a sort of global audit to make sure that no counterfeiting has occurred."
Towards this goal, the Zcash Company is releasing a migration tool and urging users to wait until this tool has been completed before migrating their funds. If users all migrate using the tool, the overall privacy will be better, because the actions of individual users are merged into one flow.
The tool won't be completed for a number of months, meaning that for now, Sapling and Sprout addresses will continue to be supported by the zcash protocol.
Sprout addresses will be retired at some point in the future.
Yet, Wilcox stressed that the eventual retirement will not impact user funds. Once retired, users will be no longer able to receive transactions on Sprout addresses – but sending outward transactions to a Sapling address will function perfectly.
Still, this doesn't mean that there are two different networks running concurrently. Users are still expected to upgrade their software to Sapling, and because of the new code's superiority, Wilcox doesn't expect there to be any problems here.
Speaking to that, Wilcox concluded:
Light trails in tunnel image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.