Zcash, which is an implementation of the zerocash concept, is often referred to as the first form of truly anonymous digital cash. While Bitcoin been called a haven for criminals by many misinformed individuals, the reality is Satoshi Nakamoto’s creation is a mostly-transparent ledger.
Although Zcash enables the highest level of privacy currently allowed by cryptography, there are still some potential issues (mostly unrelated to privacy) for the financial-anonymity protocol to overcome. Zcash CEO Zooko Wilcox-O’Hearn recently discussed some of these issues on Epicenter Bitcoin.
Privacy Preserving Spends Take a Minute or Two to Generate
The main issue with Zcash right now is that generating a new privacy-preserving spend is somewhat inefficient. Zooko, as he is commonly known, explained this issue during his recent Epicenter Bitcoin appearance:
“The current alpha code that we have running on a testnet ‒ it takes like about a minute or two of CPU time to generate a new privacy-preserving spend and only like a few milliseconds, I think, to verify. The latter part is for the good for performance, and that’s really important because all the full nodes and the miners have to be doing verifications all the time. The former part is pretty bad because it takes a whole minute or two on like a high-powered, supercomputer 64-bit laptop CPU.”
Zooko also added that privacy-preserving spend generation likely requires more than 4 gigabytes of RAM, although he also mentioned that they don’t have precise measurements on RAM requirements quite yet.
In regard to the consequences of the current system requirements involved with privacy-preserving spends, Zooko stated:
“That is totally prohibitive for certain use cases like generating a new spend on your smartphone, for starters. Also, anything that’s got a real low-latency requirement where you get incoming money you receive and then like a millisecond later you need to spend that money to someone else right away ‒ that’s totally impossible with the current protocol.”
With the current version of Zcash, there are definitely efficiency and usability tradeoffs. Having said that, this system is also intended to give users the highest level of financial anonymity and privacy.
Getting Around Zcash’s Efficiency Issues
Although Zcash’s privacy-preserving transactions are somewhat inefficient, the digital currency’s users also have the ability to make traditional, transparent transactions, which are similar to Bitcoin transactions. Zooko explained that using a hybrid of privacy-preserving and transparent transactions on the Zcash blockchain can still offer many advantages over a traditional Bitcoin transaction.
“The existence of the privacy-preserving transactions means that they break the links of the chain of transaction history,” the Zcash CEO noted.
Zooko also explained how a combination of private and non-private transactions would work in greater detail:
“There might be ways around it because if you have a buffer of money you can spend it using a privacy-preserving payment, so there’s no linkage between where it came to you. Then, you can privately spend it to a new address. So, there’s no linkage in the blockchain between where you got it and that new address that currently controls it. Then, you could do a non-private spend of it directly from that address.”
Having said that, Zooko also stated this type of usage of the Zcash blockchain will not offer the greatest level of privacy for its users. He stated:
“Earlier I said, ‘Zcash offers the maximum possible privacy that cryptography can provide.’ And that is true ‒ if all you ever do with it is the privacy-preserving spends. Then, you’re putting as little information as possible into the blockchain.”
Missing Out on Some of Bitcoin’s Functionality
In addition to Zcash’s efficiency issues, the “HTTPS for money” also cannot enable many useful features of Bitcoin in its subset of privacy-preserving transactions. Zooko explained:
“There’s a bunch of functionality in the Bitcoin ‒ or the globally transparent protocol ‒ that we can’t do with a privacy-preserving spend ‒ like multisignature transactions. Those are really important in Bitcoin. There’s a lot of really cool things being built with multisignature transactions.”
He then clarified his point further:
“Zcash can do multisignature transactions using the globally transparent subset of the protocol, but when you want to do a privacy-preserving spend, you can’t do multisignature.”
Although there are still some issues with the Zcash protocol, it’s clear that the availability of a truly anonymous cash system is desired by the vast majority of the digital currency community. This sort of cryptographically-ensured privacy should become more usable over time. Perhaps the currently-available testnet version of Zcash should be viewed as an early preview of what’s to come in the future of privacy-conscious digital currencies.
Kyle Torpey is a freelance journalist who has been following Bitcoin since 2011. His work has been featured on VICE Motherboard, Business Insider, NASDAQ, RT’s Keiser Report and many other media outlets. You can follow @kyletorpeyon Twitter.