For example: I want to transfer 1 ZEC from my_address to his_address.
So I have to place this transaction WISH to the network. And then this transaction will be processed or my be not. I guess in >99% of the cases it will be successful. Okay, later it’s impossible to see this transaction in the zcash blockchain.
BUT:
Everyone could see my transaction wish, the amount, my address and the recipient address.
So, isn’t it possible that someone (e.g. government) runs a ZEC miner and listen and stores all the coming transaction wishes? Parallel running, in this way a historical list of all the transaction wishes with all addresses is build. Of course, this transaction-WISH-list doesn’t cover exactly the executed transactions, but with a >99% probability all the money flows can be reconstructed.
the z address will be saved encrypted inside the blockchain and
perhaps will be send encrypted to the miners (SSL, etc.)
but isn’t it so that all miners will be able and have to read my z address un-encrypted?
Otherwise the miners couln’t make the transaction. And if a miner can have my z address, also a government miner can have it and create a log file of all incoming transaction requests.
The use of shielded addresses - whether sending or receiving - requires the generation of a zero-knowledge proof which allows others to verify a transaction’s encrypted data without it being revealed.
In contrast, Zcash uses a method developed by a team of cryptographers working at M.I.T. and in Israel — known as zk-Snark — that allows transactions to be confirmed by the network without anyone recording the Zcash addresses involved in the transactions. Users can opt out of this privacy function.
Rather than a public address, a hash is shown on the left side which is comparable to, say, a reddit nickname being turned into random number and letters, preventing us, therefore, from knowing the pseudonym. The same applies to the right side. That is all we can see. No amount is shown, no public address, therefore there is no way to gain any information whatever from this transaction. An incredibly strong privacy guarantee as it allows no tracking, making Zcash, arguably, more private than paper money.
The z-address is converted to a hash when you send the money.
Rather than a public address, a hash is shown on the left side which is comparable to, say, a reddit nickname being turned into random number and letters, preventing us, therefore, from knowing the pseudonym. The same applies to the right side. That is all we can see. No amount is shown, no public address, therefore there is no way to gain any information whatever from this transaction.
Please excuse me if I am too slow understanding this complex topic…
So, the zcash network / the miners don’t get my z address, only a hash of my z address. But will the hash of the same z address always be the same hash at several transactions? If yes, then you can build a historic logfile of all z-address-hashes and their related transactions. You know that hash-1 transfers money to hash-2 and later the same person/account with hash-2 to …
For example what is if I make two transactions with the same z address. Will the network see two equal hashes?
This wouldn’t help much if the hash of an address is always the same in each transaction request. Then anstead of my_address_hash → recipient_address_hash it would be the same in the end: my_address_hash → xyz_address_hash → recipient_address_hash. Everyone can log the money flow.
To know the hash of an address isn’t more secure than to know the address. You can track the money flow.
Or does the hash of the same z address change on every transaction request?
I don’t know exactly how is shielded an address in Zcoin, I haven’t read about it yet.
But should be something like an RSA message with public and private keys, so the sender and receiver only share the public keys, and can proof that they are the sender and receiver of the message.
In RSA if you send a message two times with a different pair of public and private keys, the encoded message is different.
Now change the words ‘encoded message’ with ‘hash’ and you have the answer!
Please, read carefully what @fibonacci posted.
Hope this helps!
I think salt is mainly used to secure words from a brute force dictionary attack.
An address is not a word of a dictionary so I guess no salt is added.
rho and r are random strings, specific to each note. Thus the hashes published in the transaction are specific to each note, and will not stay the same for the same address.