The Future of Anonymity Feature for Zcash
There\'s been plenty to gawk at since Zcash\'s October launch.
Heralded as the world\'s most anonymous cryptocurrency, Zcash rode a wave of hype with its cypherpunk origin story (complete with its own secretive "ceremony") and an initial frenzy where speculators drove the price of its tokens over $1,000 before they were even released.
But perhaps above all, the technology has become synonymous with the promise of its bleeding-edge cryptography, zk-SNARKS, which shield senders and receivers, as well as the balances of each zcash address. Only users with the correct "key" can reveal the contents.
But Zcash isn\'t always anonymous. Today, users have a choice between two types of Zcash addresses, and the thing is, three months in, not many people appear to be using the ones with its signature anonymity feature.
Just like bitcoin addresses, Zcash features "transparent addresses" which show account balances where coins are sent or received. But these are the kind of public transaction that Zcash has been fighting to eradicate with "shielded addresses", its primary innovation that utilizes zk-SNARKS.
But for now, the two types exist side by side, and users seem to be choosing transparent addresses for the most part.
While it\'s hard to come up with precise figures for usage, shielded address hold only a small percentage, roughly 0.8%, of Zcash value right now. Browsing the most recent Zcash transactions, you can see that many of the "transparent value" spots are filled in, and the rate of shielded transactions looks to be above 0.8%.
Oddly enough, this data might actually be a display of how uniquely powerful Zcash\'s cryptography is.
Even this early on, project founder Zooko Wilcox pointed out that most of the 400,000 ZEC in circulation have already been filtered through a shielded address. And those that haven\'t yet, need to be.
One consensus protocol rule says that miners must move their tokens through a shielded address before they can use them.
Think of a mysterious pool into which every shielded address ever used is dropped. As miners process more transactions, and people continue to create and use shielded addresses, this pool will continue to grow.
When someone makes a transaction coming from a shielded address, you wouldn\'t be able to determine where the transaction came from – it could be coming from any address in that pool.
"They can\'t tell if it’s from a recent shielded transaction or an old shielded transaction from years ago," Wilcox said.
So, if coins pass ever pass through a shielded address, they will feature some level of privacy.
At the very least, even if one set of coins later continues to be passed from transparent address to transparent address, its origins will be mysterious – it could have come from one of the original miners or any of the other shielded addresses in the history of Zcash.
If more people using shielded addresses is good for privacy, it begs the question, why is the Zcash feature opt-in?
Privacy would be better for everyone on the network, Wilcox conceded, but he described the decision to make Zcash backwards-compatible with bitcoin as a sort of Trojan Horse.
It\'s easier for companies to add support for the type of address that bitcoin supports (and has now done so for eight years) than for novel shielded addresses.
There\'s some evidence that this strategy is bearing fruit. Blockstack, which recently raised a $4m investment, aims to roll out support for Zcash in the future.
While Blockstack is "blockchain-agnostic", the company is working to support ethereum and Zcash because of the massive interest shown for each, explained Blockstack co-founder Ryan Shea.
"Zcash would be the easiest to support by far," he added, citing transparent addresses as the reason. "The interface is almost exactly the same."
Support for shielded addresses, though, would take more time.
However, Blockstack isn\'t the only company to ponder adding Zcash for the sake of convenience. On launch day, Zcash announced a long list of third-party support, including two wallets specifically made for Zcash, and popular companies like Kraken, ShapeShift, and Jaxx. Keybase and OpenBazaar also recently announced support.
Notably, many of these third parties support only transparent addresses so far.
\'Advancement of science\'
But while Zcash is now a live network, there\'s the feeling that the user experience needs polishing.
For one, making shielded addresses easier to use will be big focus in 2017 for the Zcash Company, of which Wilcox is CEO. For example, the firm intends to streamline the memory-intensive shielded transactions so that they take less time to use. (Right now, it takes a minute or two with 4 GB of RAM to generate the proof that provides transactions with such high anonymity.)
Not to mention, zk-SNARKS are only understood by a few.
Wilcox noted that precise information about how transparent and shielded addresses mix is not well-known or public, as Zcash is trying the anonymizing proofs on the blockchain for the first time.
"That part is really confusing to me and to everyone. I hope we\'ll get some clarity into how to understand and analyze this stuff," he said.
All that said, these are small steps to a much bigger goal of an anonymous payment network that people can use, and analysts and observers aren\'t quite ringing alarm bells just yet.
”Overall, I think Zcash is doing very well, but is still in an early stage," cryptographer and Zcash advisor Andrew Miller, who participated in Zcash\'s opening ceremony, told CoinDesk.
Further, there seems to be some demand for private online money.
Two-year-old Monero, which uses different privacy technology called \'ring signatures\' to shield transaction information, is now supported by the exchange Kraken, and it recently rose to fourth or fifth biggest cryptocurrency in terms of market cap. Meanwhile, bitcoin and ethereum developers are also working on a range of privacy projects.
Zcash even spawned a copycat, Zclassic, which uses much the same codebase as Zcash except that, much like bitcoin classic and ethereum classic, it changes the protocol to align with an ideological difference.
In Zclassic’s case, supporters disagreed with the decision to award Zcash founders with 20% of the mining proceeds for the first four years (the website refers to it as a "tax"). The blockchain\'s creator, Rhett Creighton, told CoinDesk that he launched the competing version partially because he thinks it holds long-term promise.
"At the launch, I was sitting there thinking, \'What if this is the point in history where the money people use in the next 100 years is created, and we just let 20% of it go to a handful of people?\'" Creighton said, adding that removing the reward was an easy tweak to the code.
Yet, it\'s been two months since the split and there still hasn\'t been much vendor adoption (for either project, in truth).
As Zcash launched less than three months ago, bitcoin and ethereum have the advantage of an ecosystem that’s been built up over eight years (as of last Tuesday) and two years, respectively. Still, arguably, insufficiant time for large numbers of vendors to pick up the currencies.
However, Miller is optimistic, concluding:
"I am most looking forward to seeing businesses or merchants adopting Zcash and that hasn\'t happened yet, but that naturally seems to come after more of the infrastructure is in place, like more exchange volume and wallet support."