The confidence vote is live now. Click here to vote

The technical parts behind Zcash

The technical parts behind Zcash

So after all this talk about Zcash’s history and governance, let’s get into what it can actually do from a technical perspective!

Selective privacy

An important aspect of Zcash is that it offers its users selective privacy. This is different from how a coin like Monero works, which sends private transactions by default.

With Zcash, you have two types of addresses, the private z-addresses start with a ‘z’, while the transparent t-addresses start with a ‘t’. With (private) z-to-z transactions, transactions do appear on the blockchain, showing that they have occurred and that the fees have been paid. However, the addresses that were involved, the transaction amount and the memo field are all encrypted and not publicly visible. This encryption on a public blockchain is only possible through the use of zero-knowledge proofs, a piece of technology that we will get into a bit later.

Transactions between two transparent addresses work just like transactions with Bitcoin: the sender, the receiver and the transaction amount are all publicly visible. Currently, most users and exchanges tend to use these transparent transactions, as they tend to have (much) lower fees. Yet, it is said that many are now moving to shielded addresses to better protect privacy and since Zcash has recently undergone a protocol update.

Since both types of addresses are on the same chain, the two Zcash address types are interoperable. Transactions can be made from z-addresses to t-addresses, and the other way around. Furthermore, the owner of an address may choose to disclose his z-address and transaction details with trusted third parties through the use of view keys and payment disclosure.

zk-SNARKs

As we previously mentioned, the encryption of data on a public blockchain is only possible through the use of zero-knowledge proofs. This technology is at the core of Zcash and allows transaction data to be validated without revealing information about the amount and the parties involved. Zcash uses a specific type of zero-knowledge proofs, called zk-SNARKs (zero-knowledge Succinct Non-interactive Arguments of Knowledge).

As you might know, in Bitcoin transactions are validated by linking the sender address, receiver address, and input and output values on the public blockchain. Through zk-SNARKs, Zcash is able to prove that the conditions for a valid transaction have been satisfied without revealing any crucial information about the addresses or values involved. The sender of a shielded transaction constructs a proof to show that, with high probability:

  • the input values sum to the output values for each shielded transfer;
  • the sender proves that they have the private spending keys of the input notes, giving them the authority to spend;
  • the private spending keys of the input notes are cryptographically linked to a signature over the whole transaction, in such a way that the transaction cannot be modified by a party who did not know these private keys.

In addition, shielded transactions must satisfy some other conditions. Unfortunately, this guide would become too long and detailed if we would go into what these conditions are and how this process exactly works.

However, what is interesting to add to this section on zk-SNARKs is that they have significant improvements on previous zero-knowledge proofs. In the past, zero-knowledge proofs often involved multiple rounds of interaction between the prover and the verifier and could involve the exchange of a lot of information. However, with zk-SNARKs the proof consists of a single message sent from the prover to the verifier, and this ‘succinct’ message can be verified within a few milliseconds, with a proof length of only a few hundred bytes even for statements about programs that are very large.

Through these zk-SNARKs, users of Zcash have the option to shield their transactions. If they choose to shield their transactions, the transaction can be fully encrypted on the blockchain, yet still be verified as valid under the network’s consensus rules. If enough users make use of these shielded transactions, this could prevent transaction graph analysis of the Zcash blockchain and greatly improve the coin’s fungibility.

Selective vs. default privacy

Please keep in mind that this system of selective privacy in Zcash is very different from a system that is private by default. Arguments can be made for both of these options. There are those that believe that it is important that every transaction made on a blockchain be private, in order to maintain complete fungibility of the coins. On the other hand, the people behind Zcash reason that the (selective) transparency of Zcash will make it easier for Zcash to integrate into the existing financial system than for those that have total privacy.

At the time of writing (November 2018), only approximately 2.8% of ZEC is held in shielded addresses, whilst the rest is held in transparent addresses, indicating that most of its users do not use its privacy features.

1/7 Lessons
0/1 Quizzes
0/1 Badges
"