This proposal from @daira looks really neat!

Problem statement:

A protocol is “horizontally scalable” if by adding compute power in
parallel, it is possible to support high (not unlimited) transaction
throughput that scales roughly with the number of nodes, and a large
number of users.
We don’t demand perfection – in any practical protocol there will be
bottlenecks. I still consider a protocol to be horizontally scalable “in
practice” if those bottlenecks only manifest at scales much higher than
anticipated usage.
Deploy a version of Zcash that is horizontally scalable in practice
without compromising on privacy:
– Amounts, senders, and receivers remain private (i.e. the transaction graph
is private).
– The note traceability set of any input is “all” previous outputs (that the
adversary cannot rule out by information independent of the block chain).Secondary goals

Allow light clients with weak trust requirements.

Improve privacy by use of network-layer privacy mechanisms.

Current Zcash has excellent on-chain privacy but sends transactions
in the clear.
Reduce cryptographic assumptions.

A light client can fully verify the block chain with low bandwidth and
The fact that the zk-SNARK parameter setup requires trust, is a big
issue for confidence.
Solve transaction malleability.
A good payment protocol should be able to provide certainty to payer
and payee that a transaction occurred; malleability interferes with

@daira proposes A mix-net, to replace broadcast of transactions to miners
and all potential token receivers, while maintaining privacy.

Zcashd can already be used over Tor. Should we be doing more until mixnets are ready?