Zcash A privacy-protecting, digital currency built on strong science

Zcash is a privacy-preserving cryptocurrency providing anonymous value transfer using zero-knowledge cryptography. The protocol provides the option for transactions to be either shielded, in which case they will be completely anonymous, or transparent, in which case they will be visible on the Zcash blockchain. Zcash pays out a portion of its block rewards, called the "Founder's Reward", to fund protocol development. It currently allocates the Founder's Reward to the Electric Coin Company and the Zcash Foundation who develop and steward the Zcash protocol respectively.

Background

Created in 2013, Zcash, previously known as “Zerocoin”, was initially suggested as an experimental privacy extension to Bitcoin using advanced mathematical techniques called "zero-knowledge proofs". Due to the Zerocoin protocol's novelty and computational intensity, however, Bitcoin core developers deemed it impractical for implementation into the Bitcoin protocol. Subsequently, with additional improvements to the protocol that resulted in substantially more efficient zero knowledge proofs, Zerocoin's founding scientists from John Hopkins in collaboration with researchers from MIT and Tel Aviv University created a new protocol called "Zerocash" (Zcash). Upon recruiting it's CEO, Zooko Wilcox, to head the project and raising over $3mm in venture funding through two fundraises, the Zcash protocol began development under the Zcash Company, with the objective of building the Zcash protocol into a full-fledged cryptocurrency. In 2017, a separate entity, the Zcash Foundation was incorporated as a 501(c)3 nonprofit with the mission to build internet payment and privacy infrastructure for the public good, primarily serving the users of the Zcash protocol and blockchain In 2019, the Zcash Company rebranded to the Electric Coin Company.

Zcash was conceived from the observation that Bitcoin could not offer strong privacy guarantees, with transactions recorded in a public decentralized ledger, from which significant information can be deduced. At the core of Zcash technology are zero-knowledge proofs, which allow transaction data to be validated without revealing information about the amount and the parties involved. With Zcash users can selectively share address and transaction information for auditing or regulatory compliance through the use of view keys and payment disclosure. Through the use of zero-knowledge proofs, Zcash aims to create a truly fungible, privacy preserving cryptocurrency.

Zcash is built on strong science and audited by third parties. It is an open-source protocol, built by a security-specialized engineering team, and originally based on Bitcoin Core's codebase.

Technology

Zcash, the protocol, is a distributed, time-stamped ledger of unspent transaction output (UTXO) transfers stored in an append-only chain of 2MB data blocks. A network of mining and economic nodes maintains this blockchain by validating, propagating, and competing to include pending transactions (mempool) in new blocks. Economic nodes (aka "full nodes") receive transactions from other network participants, validate them against network consensus rules and double-spend vectors, and propagate the transactions to other full nodes that also validate and propagate. Valid transactions are sent to the network's mempool waiting for mining nodes to confirm them via inclusion in the next block.

Mining nodes work to empty the mempool usually in a highest-to-lowest fee order by picking transactions to include in the next block and racing against each other to generate a hash less than the target number set by Zcash's difficulty adjustment algorithm. Zcash uses a Proof-of-Work (PoW) consensus mechanism to establish the chain of blocks with the most accumulated “work” (a.k.a., energy spent on solved hashes) as the valid chain. Other network peers can cheaply verify the chain’s work

In order to have zero-knowledge privacy in Zcash, the function determining the validity of a transaction according to the network’s consensus rules must return the answer of whether the transaction is valid or not, without revealing any of the information it performed the calculations on. This is done by encoding some of the network’s consensus rules in zk-SNARKs (zero-knowledge succinct non-interactive arguments of knowledge). Zk-SNARKs are specific zero-knowledge proofs whereby one can prove possession of certain information, e.g. a secret key, without revealing that information, and without any interaction between the prover and verifier.

Zcash addresses are either private (z-addresses) or transparent (t-addresses). Z-addresses start with a “z,” and t-addresses start with a "t." The two Zcash address types are interoperable, and funds can be transferred between z-addresses and t-addresses. A Z-to-Z transaction appears on the public blockchain, so it is known to have occurred and that the fees were paid. But the addresses, transaction amount and the memo field are all encrypted and not publicly visible. Transactions between two transparent addresses (t-addresses) work just like Bitcoin: The sender, receiver and transaction value are publicly visible. The owner of an address may choose to disclose z-address and transaction details with trusted third parties using view keys and payment disclosure.