Created in 2013, Zcash, previously known as “Zerocoin”, was initially suggested as an experimental privacy extension to Bitcoin using advanced mathematical techniques called “zero-knowledge proofs”. Due to the Zerocoin protocol’s novelty and computational intensity, however, Bitcoin core developers deemed it impractical for implementation into the Bitcoin protocol. Subsequently, with additional improvements to the protocol that resulted in substantially more efficient zero knowledge proofs, Zerocoin’s founding scientists from John Hopkins in collaboration with researchers from MIT and Tel Aviv University created a new protocol called “Zerocash” (Zcash). Upon recruiting it’s CEO, Zooko Wilcox, to head the project and raising over $3mm in venture funding through two fundraises, the Zcash protocol began development under the Zcash Company, with the objective of building the Zcash protocol into a full-fledged cryptocurrency. In 2017, a separate entity, the Zcash Foundation was incorporated as a 501(c)3 nonprofit with the mission to build internet payment and privacy infrastructure for the public good, primarily serving the users of the Zcash protocol and blockchain In 2019, the Zcash Company rebranded to the Electric Coin Company.
Zcash was conceived from the observation that Bitcoin could not offer strong privacy guarantees, with transactions recorded in a public decentralized ledger, from which significant information can be deduced. At the core of Zcash technology are zero-knowledge proofs, which allow transaction data to be validated without revealing information about the amount and the parties involved. With Zcash users can selectively share address and transaction information for auditing or regulatory compliance through the use of view keys and payment disclosure. Through the use of zero-knowledge proofs, Zcash aims to create a truly fungible, privacy preserving cryptocurrency.
Zcash is built on strong science and audited by third parties. It is an open-source protocol, built by a security-specialized engineering team, and originally based on Bitcoin Core’s codebase.
ZEC is used as a native currency within the Zcash network. Transactions in Zcash can either be transparent or shielded . Transparent transactions operate similar to Bitcoin with visible addresses and transaction amounts while shielded transactions operate with hidden addresses and transaction amounts. Parties using shielded transactions have the ability to selectively disclose transaction metadata for the purposes of auditing or regulatory compliance.
Zcash uses Nakamoto Consensus whereby the valid chain is the longest chain with the most accumulated proof-of-work. Consensus in Zcash, and other systems using Nakamoto Conensus, is probabilistic because there is always a chance that a new, longer competing chain could emerge with more accumulated proof-of-work, that would invalidate the current chain.
Miners solve computational puzzles to generate new blocks using a Equihash algorithm. In this process, miners compete to generate a hash less than the target number set by Zcashs difficulty adjustment algorithm. The target difficulty level is adjusted every block.
Zcash originally implemented the Equihash algorithm for its memory intensive properties, which made it more resistant to ASICs; however, over time Zcash’s ASIC resistant properties have eroded with Equihash-capable ASICs having been developed. Furthermore, in order to smooth individual miner revenue as mining has become more competitive, mining is now done in pools where participants contribute hash power to the pool and receive a proportional share of the profits if the pool finds a valid block.
Zcash, the protocol, is a distributed, time-stamped ledger of unspent transaction output (UTXO) transfers stored in an append-only chain of 2MB data blocks. A network of mining and economic nodes maintains this blockchain by validating, propagating, and competing to include pending transactions (mempool) in new blocks. Economic nodes (aka “full nodes”) receive transactions from other network participants, validate them against network consensus rules and double-spend vectors, and propagate the transactions to other full nodes that also validate and propagate. Valid transactions are sent to the network’s mempool waiting for mining nodes to confirm them via inclusion in the next block.
Mining nodes work to empty the mempool usually in a highest-to-lowest fee order by picking transactions to include in the next block and racing against each other to generate a hash less than the target number set by Zcash’s difficulty adjustment algorithm. Zcash uses a Proof-of-Work (PoW) consensus mechanism to establish the chain of blocks with the most accumulated “work” (a.k.a., energy spent on solved hashes) as the valid chain. Other network peers can cheaply verify the chain’s work
In order to have zero-knowledge privacy in Zcash, the function determining the validity of a transaction according to the network’s consensus rules must return the answer of whether the transaction is valid or not, without revealing any of the information it performed the calculations on. This is done by encoding some of the network’s consensus rules in zk-SNARKs (zero-knowledge succinct non-interactive arguments of knowledge). Zk-SNARKs are specific zero-knowledge proofs whereby one can prove possession of certain information, e.g. a secret key, without revealing that information, and without any interaction between the prover and verifier.
Zcash addresses are either private (z-addresses) or transparent (t-addresses). Z-addresses start with a “z,” and t-addresses start with a “t.” The two Zcash address types are interoperable, and funds can be transferred between z-addresses and t-addresses. A Z-to-Z transaction appears on the public blockchain, so it is known to have occurred and that the fees were paid. But the addresses, transaction amount and the memo field are all encrypted and not publicly visible. Transactions between two transparent addresses (t-addresses) work just like Bitcoin: The sender, receiver and transaction value are publicly visible. The owner of an address may choose to disclose z-address and transaction details with trusted third parties using view keys and payment disclosure.
Zcash is an open source community; historically most protocol development is largely handled by The Electric Coin Company. The Electric Coin Company maintains “zcashd,” the only production-ready node implementation. Protocol development is governed by the Zcash Improvement Proposal process (ZIP) whereby anyone in the open source Zcash community can submit draft ZIPs. After discussion by the Zcash community, the ZIP editors, features are selected for the upcoming network upgrade. Daira Hopwood, Principal Engineer of the Electric Coin Company and George Tankersley, Director of Engineering of the Zcash Foundation, accept or reject the ZIPs. Decisions from the ZIP process are written into the Zcash specification, as well as the software that runs the network. Finally, protocol changes are “ratified” on-chain when the majority of the network adopts the upgrade and doesn’t break consensus.
The Electric Coin Company and the Zcash Foundation are the two organizations who receive an allocation of the founder’s reward every block until the 850,000th block is mined at which point they will have cumulatively received 10% of the 21 million ZEC that will ever be mined. The Electric Coin Company is a for-profit organization that launched and supports the Zcash protocol. The Zcash foundation is a 501(c)3 public charity, dedicated to building internet payment and privacy infrastructure for the public good. Moving forward the Zcash foundation plans further decentralize the Zcash project through promoting competing node implementations, increasing community involvement, and ultimately reducing the influence of both itself and the Electric Coin Company on the Zcash protocol. Meaningful steps to this end include the Electric Coin Company donating the Zcash trademark to Zcash Foundation and the Development Fund discussion that is currently underway and will go into effect in October 2020