Electric Coin Company 2019 Q1 Livestream

The Zcash Foundation has funded ongoing research into BOLT private payment channels. BOLT is similar to the Lightning Network but with privacy:

Also @nathan-at-least is BOLT integration anywhere on the Blossom or NU3 roadmaps?


I think it’s too late for NU2-Blossom. For NU3, if there’s a workable ZIP proposed by the end of April, there’s a fair chance it could get into NU3. Nobody at ECC is working on BOLT for NU3, though.

1 Like

I see this as a possibility. I think internally to the company we don’t have a unanimous stance on PoS.

For my part, I’m less familiar with PoS, and also I’m a bit wary of both the economic implications (is it better/worse than PoW for economies of scale?) and security. The combination of both is even more worrisome to me, where I keep seeing claims that various existing systems are leading to oligopolies.

OTOH, I see a lot of potential benefits: lower energy consumption, faster / higher throughput consensus, an explicit roster of the players involved (unlike PoW’s potential for hidden miners).

Also, I clearly see how hybrid PoS/PoW schemes can potentially have stronger security than pure PoS against rollback attacks, so I’m much more comfortable with that class of designs.


Still working on Coda? If so, how is that going?


My current thinking is to head toward hybrid PoW/PoS. I think a hybrid of the two is likely to be better and stronger then either one alone, and it allows both miners and stakers to participate and to earn ZEC for supporting the network.


We don’t develop the Coda protocol. You mean this one, right?

However, it relies on zkSNARKs also, but for a different purpose, so we’re familiar with the tech behind it, and the overall design. That’s definitely an area we’re paying attention to that can potentially apply to the kinds of horizontal scalability improvments I mentioned in the live stream.

@daira specifically has spent some time understanding Coda and then also researching similar technological components for potential Zcash scaling, so ze could probably give you deeper and more thorough details.


Teaser: I’ll be doing a presentation about Coda-style scaling at Zcon1.


Thank you all for participating! I’ve got to run now, but I’ll keep an eye on these threads over the next week.

It’s also worth pointing out that in a sense, our auditing did find the BCTV14 flaw, since Ariel Gabizon was working for Zcash at the time. We just didn’t find it in time for the Zcash/Sprout launch.


Tatanka nass​ asked:

what is the difference between mimble wimble and z snarks ?

Mimblewimble uses Pedersen commitments (the same primitive we use to chain Sapling inputs and outputs together, but used in a slightly different way) so that transactions do not reveal values, leverage a really neat trick for addresses which I won’t go into, and can be “merged” in a block (so if Alice pays Bob, and then Bob pays Charlie before the next block is mined, the block would show Alice’s coin being spent and Charlie’s coin being created, with Bob’s actions dropped completely). This provides some scalability and privacy benefits, but it does not hide the transaction graph. The graph visible in the block chain is certainly a reduced view, so some information will not be visible to a lazy adversary, but a global passive adversary will collect every transaction that is broadcast over the network and see the full transaction graph pre-merge.

zk-SNARKs OTOH enable the transaction graph to be completely hidden, because transactions do not refer specifically to any earlier transaction. All you learn is that the input to a transaction is some note created in the past. Thus another way to think about this is that the traceability set for a zk-SNARK-based block chain like Zcash is larger than for a Mimblewimble-based block chain.

The flipside is that Mimblewimble-based transactions are significantly cheaper to create and verify than zk-SNARK-based transactions.


There have been a couple of papers on block chain analysis that have heavily influenced my thinking and raised the priority of removing t-addresses; in particular one by George Kappos, Haaroon Yousaf, Mary Maller, and Sarah Meiklejohn. I don’t think there’s any significant disagreement within ECC at this point that they need to be removed. The obstacles to removing them are described in one of my previous forum posts. Since then we’ve made some progress on designing shielded multisig, but otherwise the issues are roughly the same.



1 Like

Is this topic some kind of AMA?

There was an AMA in the livestream; this thread is answering the questions asked on the YouTube chat that we didn’t have time for, or that required longer-form responses.

1 Like

Got it, when is the next AMA here on the forum? Isn’t it time allready for one? Every 3 months if i remember right, or?

1 Like

It’s every 6 months. Next one is scheduled for June 14th. You’re welcome to ask questions in the meantime, though. Lots of us hang out in the community chat, for example.


could you explain how a pow/pos hybrid might work? would nodes require both a stake of coins and electricity to participate?

1 Like

Any form of POS (include POW+POS) implies the network need to “trust” someone (individuals or organizations). I really believe that the “trust” should be eliminated in a point to point electric coin network. The network need “verify”, instead of “trust”. I hope Zcash would be a point to point electric coin, instead of “stake”.

I’m closing this thread since there’s a lot of wide ranging topics in the AMA that are already being discussed in other topics. Please find relevant existing threads or create a new post if there isn’t one, yet.

Thanks for participating!

1 Like