Zcash is a privacy-focused cryptocurrency that launched on October 28th of 2016 by Zooko Wilcox-O’Hearn as a fork of the Bitcoin codebase. Also like Bitcoin, it has support for transparent transactions viewable by anyone on the public blockchain. But its key differentiator is that it allows users to transact privately, and if need be, selectively disclose information.
Zcash offers its users two types of addresses to transact with. There are t-addresses that start with the letter ‘t’. Transactions between two t-addresses work like public Bitcoin transactions where sender, receiver, and transaction value are all publicly visible.
And there are z-addresses that start with the letter ‘z’. Transactions between two z-addresses are private. A private transaction’s record is also immutably entered into the Zcash blockchain, so the network knows it has happened and that transaction fees were paid. But with z-addresses, the transaction amount and the addresses are encrypted, and thus, publicly invisible. Encrypted memos are also available for z-address transactions, allowing the sender to include extra information to the receiver, which can be useful for passing messages and instructions along.
The two Zcash address types are also interoperable, so you can transfer from a z-address to a t-address and vice versa. If you send a transaction from a t-address to a z-address, it shields the address of the receiver of the transaction. But if a z-address sends tokens to a t-address, that amount will be recorded as the output of the transaction, consequently ‘deshielding’ the transaction.
Although many wallets and exchanges exclusively use t-addresses as of now, many are beginning to support private z-addresses in order to protect their users’ privacy. As commerce continually moves online, more people will want to transact in secret, without third-parties snooping on their transactions.
What is Zcash? A Privacy Token
How does Zcash achieve this ability to add privacy to certain transactions selectively? Through a breakthrough cryptographic technique termed zk-SNARKS. The acronym is short for zero-knowledge succinct non-interactive arguments of knowledge. Zcash is the first widespread application of this technique.
While zk-SNARKS may seem hard to understand—sure enough, the underlying cryptography is highly complex—they are actually quite simple when you abstract away the details of how they work. With zk-SNARKS, instead of submitting the plain text addresses and transaction amount on the blockchain, the protocol submits a fully encrypted message that hides the actual addresses and amounts but offers the ability to verify that the addresses and amount are legitimate.
The zk-SNARK proof construction allows one to prove possession of certain information like a secret key without revealing the contents of the information, all without any interaction between the prover and the verifier. More generally, zero-knowledge proofs give one the ability to prove to another that a statement is true without revealing any information about the statement beyond the fact that it is, in fact, true.
In earlier versions of zero-knowledge protocols, the prover and the verifier were forced to communicate back and forth several times to confirm the validity of the statement. But with non-interactive constructions like zk-SNARKS, the proof consists of a single message sent from the prover to the verifier. And the succinct part refers to the fact that the proofs can be verified in just milliseconds with a proof that spans only a few hundred bytes. This remains the case even for statements for very long messages.
Right now, the most efficient known method to produce non-interactive zero-knowledge proofs short enough to publish to a blockchain is to have an initial setup phase that creates a common reference string, known as the public parameters, that is shared between the prover and the verifier.
If someone gained access to the secret source of randomness used to generate these parameters, they could create false proofs. This is very dangerous, as a malicious actor could create counterfeit coins and spend them as much as they wanted. To prevent this from happening, Zcash has generated two distinct sets of public parameters through an elaborate, multi-party ceremony. The first ceremony occurred before the original launch of the protocol, and the second one happened in 2018 over two phases in anticipation of a network upgrade.
As part of the protocol, Zcash allows owners of an address to disclose their z-address, transaction amounts, and memo fields with trusted third parties like auditors and authorities through the use of view keys and payment disclosure.
View keys give z-address owners the option to disclose all incoming transactions and the memo field, however, it does not provide the user access to the sender address unless identifying information is included in the memo field. Zcash plans on supporting full viewing keys soon that would reveal all transaction values in and out of the address.
In addition to these privacy features, Zcash has a transaction expiration date builtin to the protocol. So by default, a transaction will expire, and its funds returned to the sender if the transaction is not mined after 50 minutes. This minimizes the impact of any non-mined transactions.
Like many other cryptocurrencies, Zcash supports multisignature transactions where a transaction could require two or more users to agree to the transaction before funds are allowed to be sent out of the address. Multisignature transactions are only available, however, for transparent transactions, and cannot be made private.
Zcash’s token, ZEC, has a fixed total supply of 21 million coins, just like Bitcoin before it. As of April 2020, there are ~9.7 million ZEC in circulation. ZEC offers fast transaction times with a short block time of 1.25 minutes.
The Equihash proof-of-work algorithm secures Zcash’s blockchain. It is different from Bitcoin’s SHA256 hash function because it is ASIC-resistant. So miners do not gain a considerable advantage from buying expensive specialized hardware for mining ZEC like they would with BTC.
Blocks have a 2 MB size limit, and each one mined results in a 6.25 ZEC reward for the miner. Miners also collect a transaction fee; however, unlike Bitcoin and Ethereum, Zcash’s fee is fixed. Moreover, the fee for a transaction is set at a low rate of 0.0001 ZEC to increase usage. Zcash also has high support among universal wallets and exchanges.