A step towards privacy and innovation - Zcash Full Guide
Privacy coins are a whole different subset of cryptocurrencies. The three of the most well-known privacy coins in the market are Monero, Dash, and Zcash. Today we will be telling you all about Zcash, one of the more exciting projects in the market. The coin was developed by the Electric Coin Company, which is headed by the enigmatic cypherpunk Zooko Wilcox-O’Hearn.
Zcash started as a fork of the Bitcoin protocol on October 28, 2016. Earlier it was called the Zerocoin protocol before it was transformed into the Zerocash system and then finally, Zcash. Wilcox describes the Zcash protocol like this:
“Zcash is another blockchain and cryptographic money which permits private exchanges (and by and large private information) in an open blockchain. This permits organizations, buyers, and new applications to control who gets the chance to see the points of interest of their exchanges, even while utilizing a worldwide, authorization less blockchain.”
The Need for Privacy Coins
One of the more interesting aspects of public blockchains like Bitcoin and Ethereum is its total transparency. Simply put, anyone who is part of the network can look at and trace every single transaction that has ever been made. So, if you have made your public address visible to the world (Eg. Through a donation link on your website), then anyone will be able to see every single transaction you have ever made. While there many amazing use cases of this transparency (like in the supply chain industry), it seriously compromises your privacy. Do you really want to adopt a financial system wherein every purchase you have ever made can be traced right to its very source?
How does Zcash Work?
First, let’s look at a standard bitcoin transaction. If Alice wants to send some bitcoins to Bob, she will send them to Bob while signing off the transaction with their unique signature. The miners then put the transaction details within their blocks and the transaction is deemed complete.
So, let’s look at how Zcash transactions work.
Image Credit: Fossbytes
So, how exactly do these shielded transactions work?
Both Alice and Bob interact with each other using their shielded addresses. By doing this, the following happens:
Zcash manages to achieve such a high level of privacy via the implementation of zk-SNARKS or Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge. So, to understand zk-SNARKs, you need to know what zero-knowledge proofs are.
What are Zero-Knowledge proofs?
Before we continue, there are two terms that you should familiarize yourself with:
The core idea behind ZKP is this – The prover convinces the verifier that they own a particular proof without actually telling them what that proof is. Eg. Proving that you are adult by just showing the last two digits of the birth date given in your driver’s license, without showing any of the other details.
Before Goldwasser, Micali, and Rackoff came along – proof systems were traditionally based on the “soundness” property, which assumed that the “prover” could be the malicious one in any scenario wherein they will try to fool the verifier. But this begs the question, how can we know for sure that the verifier is honest at all? What if they leak information surrounding the proof?
Let’s take a real-world example to illustrate this point. When you log in to your social media account, you use a password, right? When you send a password to a server to access a site, it hashes it and then compares it with the rest of the hashes that it has stored in its system. If there is a match, you will be allowed to log in.
The problem with this approach is that the server still knows your password. Anyone can hack into the server and get their hands on the password. This is where ZKPs can find immense utility.
The three cryptographers created ZKP based on the following premise:
Properties and Examples of Zero-Knowledge Proofs
A ZKP has the following properties:
Now that you have a brief idea about how ZKP works, let’s look at some examples.
#1 Color blindness and billiard balls
Consider this scenario – we have a prover and a verifier, but the latter is color-blind. Before we continue a quick lesson. This is the difference between healthy vision and color-blind vision.
Anyway, the prover has two billiard balls – red and green. The verifier believes that both the balls are of the same color while the prover wants him to think otherwise. How are they going to do this?
The verifier will first show the balls to the prover. Then he hides his hands behind his back and switches the balls or keeps them as is. Following that, he presents them to the prover. The prover can see the actual color of the balls and will know instantly whether the switch has been made or not.
The verifier can repeat the test as many times as they want to before he is satisfied. So, how does this experiment satisfy the three ZKP properties?
#2 Alibaba’s Cave
One of the most famous ZKP examples is the magical Alibaba’s cave.
So, what’s going on here?
We have a magical cave with a secret door in the back. The prover (P) wants to prove to the verifier (V) that they know the secret password to the door without telling them what the password actually is. How are they going to do that? Let’s take a look:
Let’s see how the three properties of zero-knowledge are satisfied in this example:
Can Zero-Knowledge Proofs be Non-Interactive?
Look at the definition of zk-SNARKS once again – Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge. The non-interactive part is important, but interestingly enough, ZKPs were interactive when it started out. In other words, both the prover and the verifier needed to be online at the same time for this to work. Obviously, this isn’t a scalable technique.
Thankfully in 1986, the Fiat-Shamir heuristic was successful in changing ZKP from interactive to non-interactive. To understand how non-interactive ZKP works, let’s look at a pre-heuristic interactive ZKP via discrete logarithms.
The exchange above satisfies the properties of ZKP. However, for it to work, both Alice and Bob need to be present and online to exchange values.
However, how can the Fiat-Shamir principles be used to make ZKP non-interactive? Let’s take another interaction between Alice and Bob and see how a simple hash function can change everything.
This interaction is zero-knowledge as well, but this time the exchange is non-interactive. This is one of the key innovations that lays down the foundations for zk-SNARKs.
How does zk-SNARKs work?
A standard zk-SNARK consists of three algorithms – P, V, and G.
P is the prover. They are going to be using three items as input – The proving key pk, the publicly available random input x, and the statement that they want to prove “w.” The prover sends the proof of statement prf to the verifier.
V is the verifier function that returns a boolean variable – TRUE or FALSE. The function takes in the following parameters – the verifying key vk, the input x, and prf. If the prf is correct, the function returns TRUE, otherwise, it returns FALSE.
G is the key generator that takes an input lambda and a program C. The generator creates the proving and verifying keys pk and vk, which are used by the prover and verifier, respectively.
The importance of keeping lambda private
The value of “Lambda” must be kept confidential at all costs. It happens to be the backbone of Zcash’s entire architecture. If anyone gets their hands on lambda, they could generate counterfeit proofs, which undermines Zcash’s system. The developers believed that the best way to take care of this issue was by creating a public/private key pair. The public parameters were built into Zcash’s system for everyone to see. Following that, the developers proceeded to destroy the original private key via an elaborate “ceremony.”
This is what happened during the ceremony:
The primary issue with the ceremony was that if the computers weren’t fully destroyed or if someone records the ceremony, the entire network will be at risk. The Zcash community called these two possibilities “toxic waste.” Plus, any remnants of the original private key was considered a “toxic waste product.”
Radiolab did a fascinating podcast episode about the whole ceremony. We highly recommend that you give it a listen here.
Consensys’s Christian Lundkvist showed a simple demonstration of how zk-SNARKs may work in real-time. Consider the following example program:
function C(x, w)
return ( sha256(w) == x );
In the code above, we have a function C that takes in 2 input values:
If the SHA-256 hash value of w equals “x,” then the function returns TRUE, otherwise, it returns FALSE. (SHA-256 is the hash function that is used in Bitcoin).
Now, if Alice and Bob want to interact with each other through this program, wherein the former is the prover and the latter verifier, let’s see how it will work.
The Zcash Blockchain
Since Zcash is a hard fork of the original Bitcoin protocol, it has a total token supply of 21 million coins and also uses the proof-of-work consensus protocol to power its blockchain. However, unlike Bitcoin, Zcash utilizes several anti-ASIC protocols to prevent mining centralization.
Zcash’s block time is 2.5 mins as opposed to Bitoin’s 10 mins. Plus, the block reward is currently 6.25 ZEC. Of this, the miners receive 80% (5 ZEC). The remaining 20% is is divided like this:
Examples of Zcash’s Usecases
Zcash’s primary use case lies in creating a system where you can divulge necessary data without revealing any critical information that may compromise the user. As such, Zcash has already partnered up with several powerhouse companies. JPMorgan Inc. has partnered up with Zcash to boost Quorum, its enterprise-ready distributed ledger.
Zcash’s ZKPs can be used by users to prove the information related to the transaction without needing to reveal the transaction itself. Eg. Users can make tax payments without displaying details such as deductions and the actual amount paid.
So, there you have it. At the very heart of Zcash lies zk-SNARKs, one of the most innovative privacy techniques in the blockchain space. It’s backed by a really talented team and has already made several key partnerships. If you are interested to know more, then checkout their whitepaper and blog.