I’ve recently been thinking about the differences between Cash and Zcash. And one fundamental thing about cash is that it gets harder to trace the further along in transactions/time you go. People at some forget “oh I got that money to that person”. So with increasing time, it gets harder to deanonymise. Now with Zcash, correct me if I’m wrong, it seems like the opposite. Where the longer this thing is running, the higher the chance of new math being discovered that helps with denaonymising transactions, computers getting faster and in general I don’t see how the zcash blockchain has the property of the further along the chain is, the mathematically harder it would get to denanonymise transactions. So in a way, ZCash could be a risk of denanomisation that only grows whereas with real Cash, it seems like it’s the opposite.
A shielded transaction input can be any of the previously created notes (excluding notes that an attacker can eliminate because it created them, for example). The size of this set, and therefore the anonymity achieved, does increase over time.
The risk of a cryptographic vulnerability is an independent issue. Yes, it’s a disadvantage relative to cash. (Banknotes can be forged, but there’s a minimum cost to doing so and a risk incurred when passing the counterfeit notes, which in practice is sufficient to discourage it.) We try to mitigate that risk by use of well-established algorithms as components, by third-party auditing, and by careful code review of implementation changes.