The other Shielded Labs folks are doing family things this weekend, and I’m about to take off for family things, so we might not post more this weekend.
Let’s keep the conversation going! We’re iterating fast, which means lots of opportunities to refine these ideas. Our next milestone is launching a persistent public testnet of a very incomplete implementation (without rewards of any kind, for one thing) on October 1!
Thank you all so much for the good ideas and encouragement and support. 
Thanks I understand the proposal better now. I think the overview was updated from yesterday.
So as a thought experiment and for my better understanding, lets assume that 99% of the orchard pool decided to stake or delegate their funds and 1% were idle and used for spending. That 1% of funds that is being spent from still retains the protection of the full 100% of funds anonymity set (or close to it), since nobody knows who is staking and / or who has delegated. Is that correct? I just want to clarify that I understand that the staking / delegating set isn’t competing with the privacy set and they are complimentary.
I think investors are not going to see it that way. This new design introduces an opportunity cost for ZEC holders that’s not present with pure POW. In practise, everyone is aware of this new opportunity cost and it will influence ZEC holders decisions.
I think it’s important that there’s not a big conflict of interest between staking / delegating and the size of the anonymity set in the orchard pool.
I’m sorry to butt in on this conversation, but I just had an idea: staking could be based on the amount of time people have held coins in their wallets, something automatic. If I have 1 Zec in a wallet for more than a year (or x years), then that could be enough for my full node wallet to automatically yield based on the age of the coin held in the wallet, with the amount of time being the determining factor for a higher yield.
yields like a savings account, with a minimum yield for those with new coins and a maximum yield for those with old coins. However, the coin’s age would only be calculated from the POS launch date, leaving everyone on an equal footing, even if they purchased it at the very beginning of the project.
Two points on this I think are relevant:
That’s probably how it will be, but not for very long. Because market mechanisms always even things out.
Money to be useful needs to be open to everyone, easy to use and liquid.
Solana is the leader in PoS. The market is saying this is the winning programmable money. SOL ETFs and DATs coming online will have it flipping Ethereum because its just better money.
A primary reason is the security model which is liquid and therefore better money. Anyone can unlock in maximum 2.5 days . Today this model secures more value by far than any of the longer lockup L1s with cosmos type defaults.
If just adding finality to Zcash is uniquely dangerous as to require not the proven 2.5 days but 40 then its not safe and shouldnt be added.
Otherwise we shouldnt pay people to be holders with lock-up schemes.
Ultimately two models of money are proven by the market.
Either approach provably works because they are liquid, inclusive and secure the most value.
Having separate classes of paid lock-ups vs unpaid doesnt work. At least not if the goal is to be money, which is a 1T+ market cap.
Unstoppable, Private, Money lets not compromise the core mission trying to engineer pump mechanics.
Lets play the real game ZEC $50k then we take on fiat 
If staking has to originate from the shielded pool shouldn’t this mean that the act of staking or delegating is pseudonymous? In which case you aren’t really compromising privacy. Where is the tradeoff problem between ease-of-use / financial liquidity and privacy?
This is a really good question, and it goes to the heart of the funky multidimensional trade-off space here. Originally, the way we were thinking about it was just what you say in this quote — the staking positions can be transparent for accountability, but since the staking position comes from the Orchard pool, the staker’s identity and their other balances and transactions are private, so we get both accountability and privacy.
But, as we got further along in our prototyping of Crosslink, then at the most recent milestone 3 workshop we realized that this isn’t exactly right!
The reason why it isn’t exactly right is kind of nuanced/surprising to me. Imagine that bonding and unbonding is so fast and convenient that people can do it “on demand”. Whenever they receive ZEC they immediately stake it, and they just keep all of their ZEC in staking positions, and when they want to use any ZEC for anything they just unstake it. You can imagine that a sophisticated Zcash wallet could even do all this automatically without any user action at all.
The surprising facts are:
That individual who does that gets almost no effective privacy! Unbeknownst to them, the pattern of amounts and timings of their staking and unstaking reveals information. This revealed information is sufficient to link their future transactions to their past transactions, even though all of the transactions are in the Orchard pool.
If almost everyone did that, then even people who didn’t do that would have less privacy, because when almost everyone else reveals that information about their transactions, this narrows the anonymity set of those who don’t.
This is yet another example of the principle that “privacy comes from value at rest — not from value in motion”. Staking positions are value at rest, and they are public (for accountability).
Now fortunately it probably wouldn’t be that bad in practice. Plenty of people would just keep their ZEC unstaked (liquid) in the Orchard pool anyway, and some stakers would probably not strictly follow that “always stake everything, unstake-on-demand” pattern.
But, this was a wake-up call for us that the resulting information leakage can be surprising and that if we want to preserve Zcash’s brand as the strongest private money that we have to pay more attention to this trade-off.
That’s why we came up with the quantization parts of our initial tokenomics proposal: each staking position must be a power of 10 ZEC (1, 10, 100, 1000 ZEC etc), and all staking and unstaking actions have to occur on the same day as each other — every tenth day. This is an attempt to balance the accountability of the stakers and the finalizers with the privacy of the stakers.
A subtle but important part of this proposal is that in order to protect user privacy, it has to make it inconvenient or impossible to “unstake on demand”. Unstaking-on-demand leaks information about your actions in a way that difficult to understand but can reveal a lot more about you than you thought it would.
However, if you keep some ZEC liquid in the shielded pool (because you know that you won’t be able to unstake-on-demand), then you don’t need to try to think through those confusing consequences, you can just use Zcash in peace.
On a more general note, our strategy is very much iterative, not “one shot perfection”. We think it is okay to deploy Crosslink 1.0 as soon as possible, learn from how it works and how the users and investors use it, and then deploy an improved Crosslink 2.0 as soon as possible.
It’s okay, in my view, if Crosslink 1.0 has limitations and trade-offs in usability, financial appeal, and even in privacy, as long as the users have a reasonable mental model of what kind of privacy they are getting so that they don’t get burned and thus tarnish Zcash’s brand as the money with the best privacy.
Iterating is the best/only way to achieve a great end result. Notice that we at Shielded Labs didn’t even understand this issue until we reached Milestone 3 of our Roadmap! That’s because, for me at least, I learn a lot by iterating.
I would like something to do with my long term zcash. I’ll do this. Gives those here for the mission a way to earn passive. 40 days is fine. Well done and thank you.
Okay, I figured that it was a lot more complex than I had assumed. Your answer was great at explaining the issue. I know many are calling for drastically lower unbonding times, but privacy is a unique consideration other POS blockchains don’t have.
The way I look at Zcash is like this - There are 3 main stakeholders using the zcash network to consider:
Most ZEC will be used purely as a store of value / unit of account
Many ZEC will use be used to anonymise between other crypto assets (provide liquidity for such action)
Some ZEC will be used for spending preserving privacy (micro transactions).
The bonding period should only concern group 1. Investors won’t mind quite long unbonding periods if that’s what it takes to preserve privacy properties; since they’re holding ZEC as a store of value anyway.
I don’t understand the leakage stuff much; I’m sure most of us here don’t either. But I think you are saying you want to minimise to eradicate mass unbonding events occurring, which would happen if there was a sudden rise (or fall I guess) in the ZEC price (like how nearly 1mm ETH unstaked once the price rallied abruptly). The shorter the unbonding period the more this behaviour is allowed and the longer the unbonding period the more it is discouraged. In my opinion, 40 days is not enough to discourage price sensitive stakers / delegators from this behaviour.
I agree, and think more options should be considered. The longest most can stomach imho.
Just adding to this; I think you want to even discourage “swing staking / delegating” for lack of a better term. You want to avoid even tempting short to medium term users of Zcash from delegating their ZEC and you do that by having a draconian unbonding time attached to delegating.
For ref ICP has some pretty wild options I’m not saying we go this far, but I am game to try something completely different.
As an aside, I reallllly like they use yubikeys to identify, and have long before most have.
Hm, I don’t know about that. We got a lot of pushback from a lot of different people about the unbonding period. Many of them have roots in Solana (brand: “Internet Capital Markets”). Like Mert. He’s a Solana native, a Zcasher, and he’s expressed a bunch of strong and thoughtful opinions about the unbonding period on Twitter.
The sheer number and the diverse backgrounds of the people engaging on this topic is super encouraging to me. It means Crosslink, and Zcash, are important to them. Also it means we’re getting valuable ideas from very different cultures.
But anyway, a lot of them are saying that a long unbonding period (some of them use the financial industry terminology “lockup period”) would deter new investors from entering a ZEC position more than it would prevent current investors from selling abruptly. At least I think that’s what they’re saying.
I don’t know about that. I figure they know a lot more about that stuff than I do. I wouldn’t be surprised if shorter lockups could appeal to more new investors, but I also wouldn’t be surprised if better privacy and security of the underlying asset could also appeal to more new investors.
What I know more about is privacy and security. Namely, the unexpected information leakages from unstaking-on-demand, and the way that a credible threat of social slashing can deter real-world attackers. What we’re currently thinking about at Shielded Labs is possible ways to “soften the trade-off curve”, i.e. gain more appeal-to-investors without giving up very much privacy or security.
We’ll let you know what we’re coming up with as we execute on our current iteration (Milestone 4 of our roadmap).
Again, though, it’s ultimately not going to be up to us! We can try to invent win/win tech that softens the tradeoff curves, and we can make recommendations to the Zcash community and explain our reasons, but it is ultimately up to the Zcash community what balance of trade-offs they prefer.
Are they pushing back against it before or after the privacy dilemma has been explained to them like you did in your comment above? At the beginning of this thread I was also pushing back against it.
Just to add onto this. From an investment perspective don’t make any compromises on privacy; that’s actually the number one way you could deter investment. There’s going to be no shortage of money buying ZEC over time if its private money.
SOL competes with ETH, but ZEC competes with BTC. Microstrategy has just been buying and holding since the inception of it’s strategy. Ironically, Sailor would love if there was a real draconian unbonding period preventing the sale of the acquired BTC.
I am not familiar with the technical stuff of Liquid Staking. Liquid staking allows you to “hold stake” without losing liquidity, but perhaps this would only work with ZSA? Or is it impossible? aka: sZEC
Other feedback:
The only thing that can compete with BTC is YEC, because ZEC is too complicated.
Eth staking rewards being paid out every 3 days has wreak havoc on my buddies taxes. He now has to pay quarterly estimated tax payments on the untaxed income.
It would be beneficial to some if ZEC rewards were paid out yearly IMO.
