ZCash (ZEC)

From CryptoCurrency Wiki

Lua error: Cannot create process: proc_open is not available. Check PHP's "disable_functions" configuration directive.

Basics

History

"Originally launched as “Zerocoin” in 2014, Zcash has evolved into one of the leading privacy-protecting digital assets on the market today. The motivation behind Zcash originally derived from the inability of Bitcoin and other major digital assets to provide strong privacy guarantees. While Bitcoin is pseudo-anonymous by nature, many details surrounding the transactions on the ledger are completely public. Information such as the sending address, receiving address, amount sent and anything in the memo field is viewable to anyone. This information ultimately leaves digital crumbs for anyone to find every time you interact with the network."

"Zcash is based on the peer-reviewed Zerocash protocol, which was published in the IEEE Security & Privacy conference in 2014."

Audits & Exploits

"Zcash is based on the peer-reviewed Zerocash protocol, which was published in the IEEE Security & Privacy conference in 2014. The Zerocash paper provides a detailed technical overview of the specification. Changes to the protocol are not generally peer-reviewed, but they are described and justified comprehensively in the protocol specification. Those changes have been subjected to several independent security audits."

Bugs/Exploits

Governance

"In response to gentle but firm pressure from the Zcash community, the Electric Coin Company has been investigating the possibility of converting to a non-profit"

"Our fundamental philosophy is consensuality. Currently Electric Coin Company and the Zcash Foundation both contribute to research, the protocol, and the reference client, as well as public communications and many other important tasks. The Zcash Community Advisory Panel (ZCAP) votes on major community decisions such as establishing the Community Development Fund and electing the Major Grants Review committee. To better understand Zcash’s approach to governance, check out ECC's Reaching Consensus page."

Founders Reward turning into shared Mining Reward Fund

"Zcash has implemented a “founder’s reward” which has taken some criticism for the crypto community at large. Zcash’s founder's reward takes 20% of the newly issued ZEC in every block for the first 850,000 blocks (~4 years) and issues them to the owners and employees of the Electric Coin Company (formerly the Zcash Company). The Founder’s Reward ultimately results in 10% of the total supply going to the stakeholders of the development company. Following the first halving, the founder’s reward will cease and all block rewards will go to miners."

  • Then, half a year after the launch, a portion of the Founder’s Reward was donated (mainly by Zooko and his family) to create the non-profit Zcash Foundation. 

"The Zcash Community is in favor of continuing to fund Zcash development, and the proposals that have the most community support call for a development fund that is 20% of the issuance. The main differences between these proposals lie in how that 20% is allocated and controlled.

In the forum poll, both older and newer accounts showed the same preferences. The miners did not signal their preferences. The final ratification step will occur in October 2020, when all miners, users and coin holders who support the changes will choose to run software that implements the new rules."

"At least four independent entrepreneurs and venture capitalists submitted their own public proposals for the network’s October 2020 upgrade, when the original founders’ reward funding mechanism will expire.

“The unique governance model in zcash is that it’s community-driven and it’s self-funding,” Wilcox said. “Anything that’s not self-funding is at risk of capture.”"

The Self Funding remark could be taken with a grain of salt, since it is not a funding mechanism to a decentralised on chain governance system, but a hardcoded contract to the founders.

"Several proposals suggest the new developer fund should be managed by a new, third-party council with rotating members determined by democratic voting.

According to Zcash Foundation communications manager Sonya Mann, roughly 64 community members participated in electing the foundation’s board in 2018, which took considerable outreach and work on the nonprofit’s part."

"The development fund will be distributed to ECC (7 percent of mining rewards), the Zcash Foundation (5 percent of mining reward) and an additional fund to be used for grants to support third-party Zcash efforts (8 percent of mining rewards)."

DAO

Treasury

"As of the Canopy activation, 20% of the Zcash block reward is distributed to a Community Development Fund. For more information about distribution, see the Funding, Incentives, and Governance blog post."

"The Zcash Foundation will select five members to oversee a $36 million treasury. The CAP is a Zcash Foundation-vetted board of community members that helps drive governance decisions for Zcash. None of these decisions, however, are binding, and members cannot determine any major technical changes to the Zcash network (such as implementing a hard fork), the Foundation noted"

Token

Launch

"A set of public parameters is required in order to generate zk-SNARKs, the specific proof required for Zcash shielded transactions. In Zcash, generating these public parameters is known as the "trusted setup" because you have to trust the players involved in the process. Zcash has had two trusted setups, the Ceremony in 2016 just before the launch of Sprout and the Powers of Tau that concluded in early 2018, just before the launch of Sapling."

Token allocation

  • Had a founder reward built in, which you can read more about in the above Governance section. From their website (6-12-2021):

"Zcash's monetary base is the same as Bitcoin's — a fixed supply of 21 million Zcash currency units (ZEC). Every 75 seconds, a new block is mined to the Zcash blockchain and a block reward of 3.125 ZEC comes into circulation. The amount of the block reward cuts in half about every four years until all 21 million ZEC are in circulation. Zcash inflation almost precisely mimics that of Bitcoin. It’s important to note that as new coins are created inflation goes down, and at each halvening the rate drops significantly. As of the Canopy activation, 20% of the Zcash block reward is distributed to a Community Development Fund. For more information about distribution, see the Funding, Incentives, and Governance blog post."

Utility

Token Details

Stablecoin

Coin Distribution

Tech

Transaction Details

How it works

  • Uses the Equihash mining algorithm.
  • In Zcash, there are two types of addresses, "transparent" and "shielded." The transparent addresses and the amounts sent to and from them show up on the blockchain as they would in bitcoin. But if a user opts to use a shielded address, it will be obscured on the public ledger. And if both the sender and receiver of funds have opted to use shielded addresses, the amount sent will be encrypted as well.

Transaction types

"With Zcash, there are two types of addresses: z-addresses and t-addresses. Z-addresses are private addresses where as t-addresses are public addresses. These two address types are interoperable and create four main types of possible transactions on the network. 

Private (Z-address to z-address): Appears on a public blockchain, so the transaction is known to occur and fees are paid.  However, the addresses, the transaction amount and the memo field are all encrypted and not publicly visible.

Deshielding (z-address to t-address): The sending address is shielded and cannot be seen by the public. However, the amount received (which is the amount sent) and the address of the recipient becomes viewable by the public. 

Shielding (t-address to z-address):  The amount sent and the sending address is publicly available. However, the recipient and their account information has a high degree of privacy guarantees. 

Public (t -address to t-address): This is identical to a normal Bitcoin transaction where both the sender and recipient addresses, the amount transacted, and anything in the memo field is known."

Fees

Upgrades

"The Zcash development team has released the 5.0.0 codebase which supports the NU5 upgrade that will occur on or around May 31, at block height 1,687,104. “NU5 is the largest network upgrade in Zcash history. By utilizing the Halo proving system and Orchard shielded payment protocol, complex trusted setup ceremonies are now a thing of the past, and users can make private, trustless digital cash payments on mobile phones,” Swihart said in a note sent to Bitcoin.com News."

  • From this thread (17-3-2022), explaining the NU5 upgrade:

"The most significant change is moving to the Halo 2 proving system, eliminating the need for a trusted setup, and bringing recursive proof composition to Zcash."

  • Zcashd will have (30-1-2020) new releases approximately every six weeks and there will be roughly two network upgrades per year. Update (19-3-2022), there was no big upgrade until early 2022.
  • From CoinDesk (16-7-2020):

"Has successfully hard forked in the planned network update “Heartwood.” With the update, miners can receive coinbase transactions right to a private address, in addition to other new features. The update includes two Zcash Improvement Proposals (ZIPs). The first, “Shielded Coinbase” (ZIP 213) brings long-sought privacy solutions for Zcash (ZEC) mining while ZIP 221 “Flyclient” adds support for lightweight clients that verify transactions, the ECC said in a March blog. Heartwood is the privacy coin’s fourth hard fork since the network launched in late 2016. Zcash last hard forked in December 2019 with “Blossom.”"

  • From this article (23-10-2020):

"The ZEC protocol underwent two upgrades in 2018, “Overwinter” on June 26th, and “Sapling” on October 29th. Both upgrades were enacted through hard forks, and both enhanced transaction efficiency and scalability for shielded addresses.

The “Blossom” upgrade, v2.1.0, went live in December 2019 and included; shortening the target block times from 150 seconds to 75 seconds, a mempool size limit to prevent denial of service attacks, and discontinued backward compatibility with Sprout proofs to decrease the attack surface of the ZEC Codebase. Zcashd v.2.1.1-1 was also released in February, which changed how nodes enforce timestamp requirements on block headers.

Zcash v3.0.0 was released in May bringing the “Heartwood” update, which allows mining to Sapling shielded addresses. Mainnet activation of Heartwood occurred at a block height of 903,000 in mid-July. Zcash v3.1.0, released earlier this year, deployed the following ZIPS; 207: Funding Streams, 211: Disabling Addition of New Value to the Sprout Value Pool, 212: Allow Recipient to Derive Sapling Ephemeral Secret from Note Plaintext, 214: Consensus rules for a Zcash Development Fund, 215: Explicitly Defining and Modifying Ed25519 Validation Rules.

The fifth major network upgrade, Zcash v4.0.0, was released earlier this year and supports the next upgrade, “Canopy”, which will occur at a block height of 1,046,400 (November 18th). This upgrade will also finalize the ZIPS released in v3.1.0."

Mining

  • Started out as PoW.

"Zcash currently uses Equihash as the proof-of-work for block mining in Zcash. Equihash is a proof-of-work algorithm devised by Alex Biryukov and Dmitry Khovratovich. It is based on a computer science and cryptography concept called the Generalized Birthday Problem. As of May 2018, Zcash's Equihash parameters have been implemented in custom hardware ("ASIC") miners. ECC is closely monitoring the effectiveness of alternative consensus algorithms such as PoS and will continue to evaluate as part of our long-term roadmap to increase scalability and sustainability."

Staking

Scaling

  • From their docs (6-12-2021):

"Scalability work is in progress. There are several approaches to making blockchains scalable, both at the protocol layer (layer 1) and at the application layer (layer 2). In September 2019, Sean Bowe, researcher at Electric Coin Co., proposed Halo, a novel technique for practical recursive zero-knowledge proofs. ECC researcher Daira Hopwood presented a research proposal for sharding architecture. This proposal calls for the use of sharding, a technique that partitions a database into sections or “shards” to improve the throughput limit, in order to scale to high transaction volumes."

Different Implementations

Interoperability

Other Details

Oracle Method

Privacy Method

  • By default, transactions are public. If a user wants to make a shielded transaction, they must do so through the wallet interface and pay the associated transaction fee. More bellow.
  • Had flaws in their anonymity that have since been fixed — researchers were able to associate 69% of Zcash shielded transactions with founders/miners.
  • Again someone found flaws. This time by researchers at Stanford who according to Proof of Work #77 (23-10-2019):

"Presented two types of active side-channel attacks against private (a.k.a. shielded) transactions in Zcash. This Security announcement has been shared earlier this month in the Zcash community forum. Be sure to upgrade your nodes to Version 2.0.7-3 immediately and discontinue use of older versions. Please note that the issue does not put funds at risk of theft or counterfeiting."

"Zcash’s supply can be broken down into two types: shielded and transparent. The transparent supply is similar to Bitcoin’s and is fully auditable. Zcash held in the shielded supply can be exchanged privately using zk-SNARKs. As of writing, only around 5% of all issued ZEC is currently shielded.

Zcash’s transactions can be further divided into three categories:

  1. Transparent transactions which only interact with transparent supply
  2. Partially-private transactions which exchange ZEC between the shielded and transparent supplies
  3. Fully-private transactions which only interact with the shielded supply
  1. Less than 2% of transactions belong to the last category, despite a recent surge in activity."

Compliance

  • Got delisted on many exchanges including from OKEx as it violates new FATF regulations.
  • From their website (6-12-2021):

"ECC commissioned the RAND Institute to conduct research into Zcash usage for illicit purposes. The research revealed no evidence of any substantive use of Zcash for money laundering, terrorism financing or trade in illicit goods and services. The report also found, "the governance of Zcash and its branding by ECC as compliant with the relevant AML/CFT regulations may make it less susceptible to exploitation for illicit or criminal purposes."

Their Other Projects

Roadmap

  • Can be found [Insert link here].

"In this period, the foundation utilized its blockchain network to develop a privacy-preserving contact tracing app in partnership with TCN Coalition, a global group of collaborators working towards a similar purpose.

In the review period, Zcash Foundation continued to work on Zebra – the Zcash consensus-compatible node client. The NU3 hard activation was rolled back to July from April, says the report, as work with Zecwallet for the release of the “light wallet version” is ongoing. This version of the wallet enables new Zcash users to shield their ZEC tokens immediately.

The Foundation plans to “deliver a simplified threshold scheme for multi-signature spends of shielded funds” called Flexible Round-Optimized Schnorr Threshold (Frost). The scheme can be integrated into the Zcash Sapling protocol for private threshold payments, it said, all towards the goal of resisting surveillance.

The Q1 2020 report provided an update on designing a Zcash-Cosmos pegzone. After reviewing the cross-chain integration concept with the members of the Cosmos ecosystem, the partners will publish a concrete roadmap during the second quarter of this year."

Move to PoS

"1. Would ECC and ZF run Validators with their relatively large allotment of tokens?
2. What degree of token distribution do you think is needed to create a smoothly operating PoS network?
3. Has anyone figured out a method to use Zaddrs for Validators?
4. Would issuance decrease?

@fubuloubu"

Usage

Projects that use or built on it

Competition

Compared to Monero

"Other projects, such as Monero, use ring signatures that obscure the sender and recipient. Monero’s use of Bulletproofs hides the transaction amount but not the transaction graph (the latter relies instead on their ring signatures and mixins). Advanced forensics and analytics companies claim to be able to trace these types of transactions. Zcash’s use of Groth 16 proofs hides both the transaction amount and the transaction graph (the latter by proving that the note being spent exists in the global note commitment tree)."

Difference with Bitcoin

"Given that Zcash was a fork of Bitcoin, it has very similar network economic properties. Like Bitcoin, Zcash has a total supply of 21,000,000 ZEC where block rewards are halved every 4 years. However, ZEC has a few differentiating properties from BTC.

Rather than 10 minute block times that begin with 50 BTC block reward, Zcash leverages 2.5-minute blocks with 12.5 ZEC per block. This ultimately allows Zcash to have a higher throughput capacity than BTC at the cost of security. In addition, Zcash has implemented a “founder’s reward” which has taken some criticism for the crypto community at large.

Trademark Issues

  • From this article (3-9-2019):

“There is a legal battle for the use of the trademark. The Electric Coin Company (ECC) has, in fact, discontinued negotiations for brand sharing with the ZCash Foundation (Zfnd)
The ECC, as confirmed by Wilcox in an official note, is currently the only trademark holder that has been registered in several countries.
Discussions concerned the introduction of a double veto on the use of the trademark by ECC and Zfnd, but no agreement was reached and negotiations were suspended, so to date, ECC remains the sole owner.
The ZCash Foundation did not hide its disappointment and said it was surprised and dismayed by this decision. They then announced that the NU4 upgrade would be postponed until an agreement was reached.”

And of course Fluffypony responded on the situation:

“The Electric Scam Company decides not to hand the ZCash trademark over to the ZCash Floundation, which means that if they aren’t given a new Founders Reward they can just decide to fork ZCash and prevent the original chain from calling itself ZCash. Hashtag decentralised

  • On 7-11-2019 it got resolved with ZCC handing over the trademark to the Foundation.

"In the spirit of transparency, you can read the full agreement here. Some items of interest and import are summarized below.

Rights to the trademark: The foundation grants non-exclusive trademark rights back to ECC, and both parties will be required to sign off on any other party’s request to license or use the trademark.

Network upgrades: Under this new agreement, as mentioned above, both parties must agree on any network upgrade that is intended to create the new consensus protocol of Zcash. If the parties disagree, and the disagreement cannot be resolved before activation of the network upgrade, the chain splits and neither implementation — neither the new one nor the existing one — can be called Zcash.

If this happens, both the Zcash Foundation and ECC could lose trademark rights related to the Zcash name. And while each party would have the right to advocate for the adoption of its preferred implementation of the blockchain, they will have to do so using different currency names, ticker symbols and logos.

Stewardship: The Zcash Foundation is responsible for the upkeep and protection of the Zcash trademark. If it neglects this duty (e.g., if applications are not filed, if records are not properly maintained, or if infringements are not pursued), ECC, with proper notice, has the right to step in and assume these responsibilities. Even so, the trademark would remain with the foundation, unless breach of contract could be proven.

Termination: Either party can voluntarily terminate the agreement, in which case trademark rights would be awarded to the other. In the case of ECC or Zcash Foundation bankruptcy, or failure of the foundation to maintain nonprofit status, or a validated breach of contract by one party, rights would be awarded to the other party.

Community voice: Neither party is permitted to take actions that are blatantly contrary to the clear consensus of the Zcash community. “Clear consensus” will be determined by evidence agreed to by both parties. If there is a disagreement, it will be handled according to dispute resolution requirements in the contract.

Digital assets: For the time being, ECC will continue to maintain and support the z.cash website, z.cash domain name, @zcash Twitter account, and other Zcash social media accounts and news distribution services."

"To (Zooko), the trademark agreement is a sign of the project “rapidly moving to a status where I don’t have the power to make something happen or stop it from happening.” However, it’s hard to imagine what the nonprofit would look like completely separated from ECC, since zcash founders are now its main source of funding."

Pros and Cons

Pro's

  • Its tech is widely respected and is being used in many other projects (Ethereum's zk-tech for L2 for instance), further showing the quality.

Con's

  • Is as of now (10-2019) a 'one-trick-pony'. Other more diverse projects are taking over the ZK-tech. Which means ZCash could get left behind.
  • "The majority of users are using the regular, public transaction between t-addresses to transact on the network. It is important to note that by default, transactions are public. If a user wants to make a shielded transaction, they must do so through the wallet interface and pay the associated transaction fee."
  • Had trouble between ECC and the Zcash Foundation over the trademark. Did get solved after months of negotiations.
  • study  published in August 2019 by Electric Capital found less than 40 developers were regularly contributing to zcash. (By comparison, the study found bitcoin routinely has more than 100 contributing developers and ethereum has roughly 1,200 developers.)
  • Had to pay off a developer to avoid a blockchain hardfork; this came after the sole windows client maintaner, D. Jane Mercer, effectively threatened to split the network if he was not paid in return; this sent some in the Zcash community into a frenzy. (25-6-2018)

Team, Funding, Partners

Team

  • Full team can be found [here].

Funding

  • "Back in 2014 at the very inception of what is known today as Zcash, the Zcash Company raised $1M in seed funding. In exchange for this funding, investors would receive a portion of the founder’s reward."
  • Zcash development got funded (15-2-2020) for another 4 years. From their website (6-12-2021):

"With the Canopy upgrade, a new community development fund is secured from 2020 to 2024. With Major Grants fund, at least $20 M is ear-marked for future zcash development, decentralizing the ecosystem."

"Electric Coin Company’s earliest investors include Pantera Capital, Digital Currency Group, Fenbushi Capital, London Trust Media, Evolve VC, Naval Ravikant, Niraj Mehta, David Dacus, Roger Ver, Alan Fairless, Ben Davenport, Brian Cartmell, James Nicholas, Jonathan Perlow, Charlie Songhurst, Adam Ludwin, Devon Gundry, Ryan Smith, and Rop Gonggrijp. In the summer of 2016 there was a private raise that included the following new and already established funders: Aaron Grieshaber, Branson Bollinger, Maple Ventures (Amir Chetrit and Steven Nerayoff), Brian Cartmell, Vlad Zamfir, Roger Ver, Digital Currency Group, Barry Silbert, Charles Songhurst, Fenbushi, Shapeshift, Erik Voorhees, David Lee Kuo Chuen, Fred Ehrsam, Sebastian Serrano, and Li Xiaolai. Prior to November 18, 2020, ECC received funding from a strategic reserve portion of the Founders' Reward. With the activation of Canopy, Zcash’s fifth network upgrade, ECC now receives a portion of the Community Development Fund."

Partnerships 

  • Is a sponsor of Coin Center
  • Has worked with Startup Studio (7-2019)
  • Works together with Ethereum to get ZK-Snarks implemented in Ether
  • Is a 'friend' of Polkadot (made by Parity)
  • The Zcash Foundation is partnering with Parity to create the first Zcash node software that isn't built or managed by the Zerocoin Electric Coin Company; the company will have two engineers devoted to building this new zcash node and hiring four more.
  • Plans to create a Peg with Cosmos (7-5-2020).