Zeroing In: Zcash Sets 2-Year Course for Better Crypto Privacy

tunnel-speed-e1530105410112
27 June 2018

Nearly two years after launch, Zcash is entering what could be a crucial period of iteration.

Speaking at Zcon0, zcash’s first ever conference in Montreal, Tuesday, project founder and the CEO of the Zcash Company Zooko Wilcox discussed the company’s informal roadmap for the next two-year period.

Presented mere hours after the first mandatory upgrade of the software powering the cryptocurrency, the keynote set a precedent for the day’s discussion, in which, through a series of lectures and workshops, the community sought to define the values and challenges that would guide the privacy-focussed blockchain into the future.

“We have already succeeded on a technical level, but we have not succeeded on a usability and adoption level, so that’s the priority you’ll see,” Wilcox said.

Dealing with topics such as increased privacy, security, usability and decentralization, the roadmap was published on the company’s official blog Tuesday. However, speaking at the conference, Wilcox emphasized that the plan is not yet final, but is due to be published as a more formal commitment in August.

“This roadmap that we published for the company is an invitation to conversation,” Wilcox said, “If you believe that the company should prioritize something else instead, or if you feel you can contribute in a specific way, this is the time to begin that conversation.”

With presentations from cryptography researcher Mary Maller on traceability concerns in zcash, and discussion of zcash’s usability challenges by UX researcher Linda Naeun Lee, several topics of the day touched on a critical note.

But as research builds toward scalability and transitioning the blockchain into privacy by default, zcash is reaching the stage where it can fully confront these issues.

“I think so far we focused a lot on base-level safety, but if it’s not usable and low adoption that has limited impact, and we are starting to turn our attention to usability and adoption,” Nathan Wilcox, CTO of the Zcash Company, said.

Speaking to the audience, Wilcox concluded:

“We want to have a clear feedback loop between innovation and protocol design so that the two evolve together.”

Privacy and usability

Toward that end, several presentations broke down what Sapling, the network’s upcoming hard fork, will do for the network.

Currently planned for October this year, the protocol upgrade is said to substantially improve the scalability of private transactions on the blockchain, to the point where the anonymous transactions that comprise the protocol will be ubiquitous.

“Sapling is effectively the same construction [as before] but much more efficient, bring proving times down to a second or two,” Matthew Green, a founding scientist at zcash, said.

In an in-depth presentation on the upgrade, zcash engineer Sean Bowe outlined these performance enhancements. Following the upgrade, shielded transactions are small enough that they can be performed on a mobile phone, Bowe said, and there’s ways to make them function on hardware wallets as well.

It’s notable because at the time of writing, zcash is lacking in wallet software, consisting only of Linux or Windows tooling that is capable of sending shielded transactions.

“It requires a very highly motivated person with specific needs to be motivated to use zcash,” UX researcher Linda Naeun Lee told the audience, “I have a MA in computer security from Berkley and I was still confused.”

Lee also warned that users need to be better informed about the difference between the transparent and shielded transactions on zcash. “Hey you know what thing that zcash does that do other coin does?” she quipped, “You think you’re using it, but you’re not.”

And it’s notable considering, as detailed by Maller, transparent transactions on the zcash blockchain can damage the privacy of shielded addresses as well.

As such, much of the discussion circulated on the necessity, and challenges, involved in removing the possibility of transparent transactions from the network, or “privacy by default”.

While there’s challenges to transitioning to a fully private system, and plenty of tooling that needs to be constructed as well, now that zcash has built the basis of the protocol developers have time to research these kinds of more substantial changes.

“I love fancy crypto, I also just want to take out my phone and make anonymous transactions,” Matthew Green summarized.

The question of mining

As the day broke up into workshop sessions, a group of stakeholders from the mining landscape sat together to discuss the cryptocurrency’s attitude to ASICs, a type of highly efficient mining hardware that has been the cause of tension in the community.

Featuring GPU miners, ASIC miners, representatives from ASIC manufacturers Bitmain, Innosilicon and Obelisk, as well as the Zcash Company and the Zcash Foundation, the workshop resolved to commit to a timeline for the issue.

“If you chose not to decide you still have made a choice. You can make this change, or you can publically state we have chosen not to make a change,” a workshop participant said.

For example, if the Zcash Company takes action to remove ASICs from the network, this would need to be decided quickly, participants collectively stated.

Depending on the complexity of the change, the soonest action that can be taking is “roughly April next year,” Wilcox said in the workshop.

Such a change would be a simple tweak to the proof-of-work algorithm in order to drive ASICs off the network. However, participants warned that by that point, ASICs are likely to comprise the majority, and zcash could risk damaging its security by changing the algorithm.

Wilcox also proposed longer term research into a hybrid proof-of-work algorithm, where the issuance would be split between both factions, GPU and ASIC miners, respectfully.

“The general idea is to appeal to both camps,” Wilcox said.

However, participants warned that such an endeavour could complexify the protocol and come with unknown security risks. Plus, as it is a substantial developer undertaking, it would extract from other priorities of the Zcash Company.

Other solutions, such as a longer term ASIC-resistant algorithm, trusted partnership with hardware manufacturers, and a push toward open-source hardware design, were discussed.

“We haven’t figured it out yet,” Wilcox said in the workshop.

However, members of the Zcash Company said that a decision needs to be reached prior to the Sapling upgrade in October, in order to allow developers ample time to prepare for changes, if any are required.

“Ideally, we need to reach a consensus before Sapling. We need an 8-month lead up,” zcash developer Daira Hopwood said.

Future facing

And other, more experimental discussion that was held throughout the day as well.

For example, speaking in a lecture, Matthew Green spoke about implementing novel scaling solutions, such as payment channels, and even transitioning to different zero-knowledge proof systems in the future.

Proof-of-stake, a more ecological form of consensus, was also discussed, as many participants in the mining workshop agreeing that proof-of-work is not sustainable long term.

Plus, there’s other ways in which zcash can self-articulate.

“Why are we using just cash? We could build smart contract systems, all kind of things that are well beyond what we’re doing today,” Green said.

Still, as well as the various technical challenges: easy-to-use wallets often come with privacy trade-offs, and there’s plenty of tooling that needs to be created before zcash can transition into a fully private system, shadowing the presentations was the challenges such changes pose for governance.

Led by the Zcash Foundation, an independent entity that offloads some of the decision-making power from the Zcash Company, zcon0 is the first steps toward a more decentralized governance structure. Day three of the conference, for example, is entirely devoting to community and governance questions.

And it’s notable considering the degree of change which zcash will endure in the years to come.

For example, Wilcox noted in his keynote, the “founders fee,” from which, he told the audience, he receives 0.9% of monthly ZEC issuances, is set to run dry in two years.

After this, the total of 20% allocated to zcash development will cease, and the community will need to coordinate on how to fund development going forward.

“Sustainability is a critical question that the community has to decide for itself,” Wilcox said, “The question is, how should the development of zcash be funded after the funding ends in two years?”

Wilcox also urged that while the Overwinter and Sapling upgrades were “no brainers,” going forward, other changes to the protocol are likely to be less well received.

Wilcox concluded:

“If zcash is to satisfy its mission, the community will have to make many decisions that are vigorously opposed by a faction, possibly by a large faction. That’s my belief. So the process of coordinating and deciding that is the most important question.”

High-speed tunnel via Shutterstock