Zcash: The Crazy Launch Obfuscates an Interesting Technology
Accompanied by a strong media campaign, the privacy-centric cryptocurrency Zcash launched recently on October 28. The crazy price jumps and crashes drowned out the fact that the launch of Zcash could mark the start of an interesting experiment in cryptocurrencies.
After more than three years of talk, research, and development Zcash launched last week on October 28. As the first implementation of the privacy-centric Zerocoin protocol reached the markets, it experienced crazy price swings.
Shortly after entering the exchanges, Zcash peaked on Poloniex with a value of 3,299 bitcoin. Yes, three thousand two hundred and ninety nine bitcoin. Or, roughly calculated, $2.3 million. For a single unit of Zcash. Madness. Unsurprisingly, this did not hold on for a long time and Zcash crashed like no coin has done before. Toward the end of October 30, it landed at about 0.7 bitcoin, losing more than 99 percent from its peak.
What is going on? What is behind this coin that has precipitated the craziest hysteria in crypto-land for all time?
An All-Star Cryptocurrency Venture
Zcash is based on the zerocoin protocol, a cryptographic concept to enable complete anonymity in a cryptocurrency. It basically does something that feels like magic; it encrypts every part of a transaction which leaks privacy, like the addresses of sender and receiver and the amount to be sent. But with the help of so-called ‘zero knowledge proof,’ it is still possible to validate the transaction and prevent ‘double spending’. It is like validating your tax declaration without knowing who you are and what you earned.
This might sound crazy, but it can be mathematically proven that it works. After it became clear that this amazing concept will not find its way into the Bitcoin protocol, a group led by long-term cryptographer and cypherpunk, Zooko Wilcox, started to develop an altcoin using the zerocoin concept; Zcash.
To develop Zcash, Wilcox started an US-based company. He partnered with some scientists, mostly from Israel and the US, and hired some developers. Later his enterprise was funded by some well-known investors in the cryptocurrency industry, including Pantera, Barry Silbert’s Digital Currency Group, Roger Ver, Eric Vorhees, and Coinbase’s Fred Ehrsam. Additionally, he engaged prominent advisors like Gavin Andresen and Vitalik Buterin.
Sounds like an all-star team that developed the digital currency Bitcoin should have become. More capacity, more fungibility, and better privacy. A nobrainer, right?
The launch of Zcash was accompanied by an ostentatious media campaign, in which several not-so-independent outlets and experts promoted the newly born cryptocurrency.
For example, Gavin Andresen, burned-out Bitcoin developer and advisor of Zcash, tweeted:
Oh yeah! But this is just the beginning. Bitcoin.com, the media outlet of Roger Ver, investor in Zcash, titled, “Snowden: Anonymous ‘Zcash’ Could Solve Bitcoin Surveillance Risks.” Also, Coindesk, a magazine Zcash’s investor Barry Silbert has a stake in, splashed out and released three stories about Zcash.
When reading all this, you could either think that Zcash has reinvented cryptocurrencies and is the missing piece the world waited for. Or you could think it as a coordinated pump and dump, which happens so often in the altcoin markets.
The truth is, that Zcash is characterized by some amazing technologies but also has some fallacies that set the whole venture at risk. Let us have deeper look at it.
The Technology of Zcash
The major part of Zcash can be understood if you take Bitcoin and implement zerocoin. The developers followed a principle they call “conservative innovation,” like the FAQ on Zcash’s website explains, “Avoid changes from Bitcoin’s design without a strong rationale.”
While most of Bitcoin’s properties, including the halving every four years and the total supply of 21 million coins, remain unchanged, there are some significant changes:
- The introduction of a “Slow Start Mining”, increasing the mining reward slowly over a period of 34 days until it reaches the amount it will keep for the next 4 years
- The increasing of the block size to 2 MB and the reduction of the time-span between blocks to two and a half minutes, giving the eightfold capacity of Bitcoin.
- The smoother adjustment of the mining difficulty.
- The implementation of the zk-SNARK, a zero-knowledge-proof, enabling a second transaction format for complete anonymity.
- The replacement of Bitcoin’s Proof-of-Work with the Equihash Proof-of-Work that is more resistant against ASIC mining.
- A “tax” giving 10 percent of every mining award to the founders.
Those are the most significant changes. A complete overview over the design can be found on the github page of the project. While some properties like the increased capacity and the option to transact anonymous might be seen as clear improvements over Bitcoin, some other innovations of Zcash have been welcomed with devastating critiques.
Maybe Not a Good Store of Value
The most obvious thing many people do not like is the tax for the founders.
The FAQ explains: “10 percent of the mining reward will be distributed to the stakeholders in the Zcash Company — founders, investors, employees, and advisors. We call this the ‘Founders’ Reward’ … The Founders’ Reward is distributed incrementally over the first four years of mining, so that there is continued incentive and continued resources for the founders to improve the value of the coin.”
Sure, developers need some income. But if you do the math, you might realize how crazy a price of 3,299 bitcoin for one Zcash is: it would result in a founder’s reward worth 16 billion bitcoin. Even if you assume parity with bitcoin, the founders get more than a billion dollars. Not for inventing cryptocurrencies, but just for implementing a zero knowledge proof.
This might be the most expensive cryptographic innovation in history.
Even Barry Silber considered the price as somehow ridiculous.
As cryptocurrency-blogger Yo Banjo points out: “At the current price that is $4.2 million in value every single day. The devs take 20 percent of that, without mining themselves.”
The founder’s reward does not only seem somehow greedy. It violates the important principle of cryptocurrencies, that the network pays its peers for work than can be proven on-chain. The Zcash tax is paid for the developers regardless of the amount of work that they do. The blockchain cannot proof the effort of developers and thus should not pay for it.
Since the tax seems to be a really bad idea, some people already started to demand a fork that eliminates it. Rhett Creighton from Decentralized Today prompted the miners to just cooperate to just get rid of the tax.
Beside this problem, Zcash’s zero knowledge proof itself might seriously put its value at risk. Without going too much into detail, we should look at one specific aspect of Zcash’s zero knowledge proof; the obfuscation of the sent amount. You need to know that the amounts being sent do not exceed the monetary supply, while you do not know the amount.
Zcash solves this challenge by a basic setup that creates this proof. This can be compared with the creation of a public key by a private key. The private key itself is what Zcash calls “toxic waste;” if someone knows it, he can create a Zcash token out of thin air. Even worse; nobody will notice it because the amount of coins in anonymous addresses is hidden.
Weuse.cash called this an “untrusted setup” and concluded after a detailled critique of Zcash: “You shouldn’t trust ZCash.” While holding some truth this is not completely fair against the company. Zcash used a “ceremony” to create this proof and to distribute the “toxic waste” on six people. You need all six keys to manipulate the system and only one to destroy his key to keep the system safe.
But as tiny as the chance might be, it will always be bigger than zero. And it can never be proven that it did not happen already. This alone makes Zcash a bad store of value.
You could say that the whole “token” part of Zcash is not a serious attempt to create a new currency, like Bitcoin is, but a clever and somehow shady mechanism to make investors pay for the development of an anonymous payment network. Similarly, Ripple Labs uses XRP to fund the development of an IOU-processing network.
But even this part of Zcash, the anonymous payment network, is seriously criticized.
Making Privacy Optional Could Destroy Fungibility
No one seems to doubt the brilliance of Zcash’s zero knowledge proof. It seems to perfectly serve its mission; to protect the privacy of users.
The problem some people see with it is that the zero knowledge proof transaction is only optional. You can still send standard transactions which are as transparent as bitcoin transactions. To enjoy the anonymity Zcash offers, you have to opt-in.
As weuse.cash explains Zcash uses an “active form of mixing,” not the default setup. This could result in two variants of the Zcash token; some are clean and transparent, whereas some are dirty and anonymous. Exchanges can blacklist the anonymous token and may be forced to do so by regulators. As a consequence fungibility, the equality of all coins, is lost.
Even worse is that mixing coins with Zcash implies hard work for computers. It requires more than 8GB of memory, making it very unlikely that private users will participate. It may even be impossible for exchanges, markets, and online wallets to offer this feature to its users. Zcash anonymous transactions might not be able to scale to any meaningful economic activity because of the high-hardware requirements, and Zcash will be like any other transparent cryptocurrency. But this still has to play out.
Despite the Critique – an Interesting Technology
After all the critique raining on Zcash and after those crazy price swings you could consider the project dead in the water. But that would be a premature decision. Later, when the dust has settled, the first forks have emerged, and the price has found a floor, the cryptocurrency might become what it is meant to be; an interesting technology to protect the privacy of the users.