Leap frogging zaddr

Exchange adoption of z-addr is two parts:

  1. Accepting deposits to exchange’s z-addr (value for exchange)
  2. Letting users withdraw directly to z-addr (no added value for exchange)

Reason why 1st part is useful for exchange: Why would they want world to know how much money is flowing into their exchange.

A small survey to top exchanges will help us understand this better.

  1. Would you start using z-addr instead t-addr?
  2. If not, why? (reason: dev cost, expertise, revenue concerns etc)
  3. If yes, how long would it take for you ?
    (We can mention that this answer will be considered while deciding when t-addr is deprecated)
    etc
1 Like

I think that privacy advocates should care about Zcash network effects and be hoping for the price of Zcash to increase, because there is a positive feedback loop between usage and speculation/price.

5 Likes

How much do exchanges depend on ECC help/support for their operations? I’m guessing lots…?

How about exchanges that offer (or commit to offering) zaddr services get better access, maybe a sweeter deal, taddr exchanges still get helped but at a lower priority.

I’m trying to be, unsuccessfully, on vacation today for some family time. I will come back to this next week and, if I forget, remind me. I can provide you insight into the work that happens and is happening with exchanges. If Zcash were the only asset they cared about, things would move faster. But it’s not. There are variables at play that include time, user demand, engineering (HSMs, shielded multisig, payment disclosures, etc.), banking relationships, exchange philosophy, existing engineering roadmaps, opportunity cost, etc.

5 Likes

I believe that working in a transparent and secure network is an advantage and not a disadvantage, what is the point of transferring everything to a secure network, I don’t understand, yes, I need to develop secure translations but through their convenience and general advantage, because people don’t use them for a reason, but because it’s not necessary. Networks need development, through infrastructure and unique products that work only with ZCASH, and these products take advantage of secure transfers and you’re done. Now they are simply shouting from all sides that privacy and the like, but why use zcash to achieve this if you can just not use it and nothing will change. A fully speculative asset.
I am sure that exchanges think that way. Why problems where they do not exist. There will be development and then there will be recognition and use, and while the wallets are not even ready, then there will be wallets, but why buy and store zec if it does not work, then you can pass it on without publicity, but why if there are problems again, you can take any cryptocurrency and transfer it wallet file, all secure transaction is ready, no problem. There will be cards, there will be storage facilities and a steady rate, then ATMs for easy work with cards, etc.

I love the spirit of this post.

But let me ask: are you an owner or advocate for the many fully shielded Zcash clones? Why or why not?

Are those fully shielded Zcash clones bringing privacy to more people or is Zcash or some other system?

I believe the answer is that Zcash is a leading contender for bringing privacy to the most people because we’ve been very pragmatic about network effect.

1 year might be enough time and enough of a forcing function to spur upgrades. That would be ideal. OTOH, it carries these risks:

  • we might lose product/service support that lose existing users.
  • we might lost future product/service support because the barrier to adoption becomes greater.

Degrading network effect means less privacy for fewer people, as @aristarchus also points out. I believe Zcash has more users than fully private Zcash clones partially because of t-addrs (but also because of many other important factors).

For me, adoption is crucial, not just the mere existence of tech, but proof that it works in the market place.

Let’s think about the complexity across the ecosystem to upgrade to shielded:

  • exchanges to implement shielded support, even though they often have custom in-house tech for hot wallet, cold storage, and custodian management. Often these involve various Hardware Security Modules (HSMs), which are difficult for ECC or Zfnd engineers to develop for due to proprietary nature. Furthermore exchanges and custodians are quite unlikely to freely collaborate on their core hot wallet code’s HSM integrations without heavy NDAs and stuff. So that means it’s either them doing it on their own, or someone like ECC or Zfnd taking on a legal liability and oversite to help out.
  • exchanges to pass those implementations through their legal compliance review cycles. Changes to exchange or custodian architecture (such as might be required by Zcash shielded due to differences in transparent UTXO indexing versus Viewing Key support) are much more difficult to get through this process compared to deploying similar architectures for different coins.
  • enough of the 12 wallets listed under transparent only address support need to upgrade. They use different platforms and underlying tech. I’m not sure how many Zcash users each supports. Upgrading isn’t just a matter of replacing a transaction library under the hood (which is already fairly involved) but it also requires modifications to UX. For multi-currency wallets, this means special case UX for Zcash whereas t-addr support can crib from Bitcoin. So it’s not merely a matter of replacing a transaction library, but a full-fledged product modification. (Again, I’m not saying t-addr support and UX is not a hazard, but it is a much lower cost way to integrate Zcash.)
  • what about services that let you spend Zcash at retail like Flexa’s SPEDN wallet? Not only do they need “standard” send/receive/balance functionality, but they’ll very likely need new UX flow, for example support for Payment Disclosure flow in the user-facing interface that works for both spender and merchant. The same goes for “Crypto ATM” products like Lamassu, or point-of-sale products. (Tangent: I saw an Anypay video that demos shielded Point-of-Sale support already! If that truly works, that’s excellent progress.)
  • Existing multisig users, such as custodians or API services like Bitgo would need to either deploy a new service that doesn’t use multisig (a core feature of Bitgo) or they need to upgrade to a new cryptographic threshold scheme Zfnd engineers and other cryptographic researchers have developed. The new protocol is a great improvement, but it’s unique and different from what Bitgo currently does, so they’ll need to add more special case code, infrastructure, and UX components for their product.
  • If we have Ledger support, but not Trezor or other hardware wallets, how many users are supported versus left in the cold? What if a Trezor user stores other cryptocurrencies on their Trezor that aren’t yet supported by Ledger? Is it worth it for them to migrate and manage two hardware wallets, or will they just deposit their cold storage onto an exchange to avoid the headache? In this example, even though “apparent on-chain privacy” has increased, actual privacy decreases because more exchanges control more ZEC.
  • Block explorers probably will need UX upgrades. For example, Blockchair.com already implemented a Payment Disclosure UX for Zcash Sprout. This is the only end-user payment disclosure feature I’m aware of.
  • We need to be careful of degrading or losing mining support. We want to make sure pool operators are able to do mine-to-shielded and shielded payouts on time, otherwise we risk decimating the hashrate.
  • Existing cross-chain protocols which we may not be aware of might have to upgrade and doing so may be very difficult. For example, I just learned of Ren Project’s mainnet which supports a ZEC <-> ETH bridge. I know very little about it, but I am willing to bet 1 ZEC that it relies on t-addrs, and another 1 ZEC that altering their decentralized protocol to support shielded might be a very difficult cryptographic protocol research project.
  • Plus, there’s the likelihood of dozens of applications, protocols, and services none of us are aware of with some numbers of users.

Finally, that’s all only about the complexity of deploying the upgrades. What about the incentive? If an exchange can do 5 engineer days of work to integrate Zcash t-addr and then one week of legal compliance work, they’ll do that so long as expected revenue from ZEC trading is high enough. But now, if they are forced to do a lot of heavy lifting in a one year timeframe, if I were them I would look very closely at that substantial cost stacked against ZEC trading revenue. Other factors like strategic factors probably matter, but the bottom line calculation is very important.

I also think people are getting too focused on exchanges compared to all of these other cases I described. The same calculation is true of any multi-currency wallet. How much is Zcash support worth to them versus the effort. If it’s easy to deploy t-addrs because it’s mostly cut’n’paste from Bitcoin, the low cost can be worth the effort even without a large revenue/adoption/traction increase. But now, if they are forced to do a significant amount of work, they will again need to balance their bottom line vs strategic priorities.

Finally, losing network effect doesn’t just mean losing users, and probably a declining price (which slows on-chain development funding), but it can also mean wittling down alternatives and thus centralizing control over parts of the Zcash ecosystem. For example, if only one hardware wallet makes the upgrade on time, users options are reduced, and there’s less competition to improve user options. (Hopefully because Zcash is open and permissionless, the competition can grow back.)

And finally: all of the concerns I lay out in this post are just the downside risk of the equation. As I said, it may be that a forcing function spurs adoption. Maybe if we lost a third of the services or products in each category, but all of the “core categories” retain enough traction, then the benefits of fully shielded will lead to better growth longer term.

One way to think of it: if Zcash commits to going fully shielded in 12 months, how long will it take the growth rate to surpass the existing trajectory? If it takes 6 months, 12 months, or 48 months, does that change our thinking about when/how to go fully shielded? For me personally if I’m fairly confident it’s ≤ 6 months, I’d be totally for it. I’m not confident in that yet.

What would give me confidence is seeing users adopt shielded products and services. For me “Ledger support” isn’t nearly as important as “the number of Ledger users using shielded Zcash is growing by 5% per month for the past three months”. Shielded mobile “support” isn’t nearly as important as “the number of shielded mobile users and/or txns is growing by 5% per month”.

BTW- I’m starting to hear some really promising adoption rate numbers through the grapevine for shielded services. So if we keep the momentum going, with any luck in 3-12 months this thread will be moot because the downside risks I mention here will be fairly obviously mitigated already before needing to apply a forcing function.

8 Likes

For t-addr support they depend on us very little! Because they already know Bitcoin and it’s almost a cut’n’paste job in both engineering, UX, and product.

For z-addr support a lot because currently the main libraries for shielded transaction creation/signing/detection I’m aware of are developed by ECC + Zfnd engineers. Plus, a viewing key vs UTXO-indexing architecture change is another technical hurdle.

4 Likes

Let me ask this, are we currently seeing growth in taddr & transparent transactions?

Can you expand more? Due to all the constraints & complexity involved: z-addr adoption from these players may not happen.

2 Likes

This can be solved IMO, we can run a competition so products & services who integrate z-addr (in given time) for their users get ZEC from dev fund.

1 Like

If you don’t mind me asking - Is there anything that can be done to make integration as smooth as possible? (not familiar with underlying tech implementation)

There are so many reasons, but I wouldn’t compare Zcash with its clones. Zcash is the first crypto to offer unique value to users, that’s why it saw more adoption (with the hopes that users can get privacy benefits when shielded stuff is available). Zcash is more trade-able, trustable than other smaller cryptos

1 Like

Yeah!

No. Anyone can make a billion addresses. Plus there’s no way to see shielded addresses. So this is not useful.

This number cannot be known, and if it were it’s meaningless. I can write a script to generate a million of these in a couple of hours.

This number cannot be known. Furthermore if it could, I claim it’s irrelevant. (Explained below.)

No. It’s easy for me to create a script that generates bazillions of transactions per day because they’re super cheap so far on Zcash.

Now transaction fees paid is a much better metric in this category. If there were one transaction per day but someone paid a million dollar fee, that’s saying something important about adoption. If there are a million transactions paying a total of a million dollars per day, that says something better about adoption. If there are 10 trillion transactions paying $100 / day, we can’t infer very much. Could be a botnet or a bunch of users.

If you mean fully shielded transactions, then again, I would focus on fees. A fully shielded z2z txn that follows the standard fee (which is important for privacy) costs 0.0001 ZEC. So for 1 ZEC per day anyone could send 10k.

Now if we see a million dollars per day of fully shielded transactions, now that’s something!

Note that fee mechanics in Zcash are somewhat wonky, and that there’s a lot of unused blockspace. So for fees to start to even mean something we’d have to see many more transactions. Those could either be “natural” growth or “spoofed”. Either way until blocks start becoming full, this measurement won’t mean much.

Also, I’m interested in protocol changes like Ethereum’s EIP-1559 (because I think they may improve the Means-of-Exchange use cases) which would alter this metric substantially.

Notice also, that “adoption of hodling” might be an important goal that won’t be directly visible by looking at transaction volumes.

No. I think this ratio is almost irrelevant (explained below).

If there were any privacy-preserving, non-gameable way to measure this, I think it would be a very useful metric.

The problem with this kind of metric is that it’s inherently at odds with privacy or else it’s gameable. Still, I think there could be useful proxy metrics.

For example, the total amount of bandwidth a lightwalletd instance serves to shielded mobile clients for syncing is a proxy measure. It is gameable because I could cook up a script to continually sync data then throw it away. But there’s some cost to that, so I can’t simulate a million users without substantial cost.

So maybe this is a good metric to watch. Now I don’t think we can easily guess “monthly active users” directly from “total bandwidth in the past 30 days”, but we can and should watch if the latter metric is growing. If it’s growing exponentially, for me this argues for natural adoption more than spoofing, because for spoofing that means exponentially growing costs.

Here are some you didn’t mention that I think are important to consider:

  • The total ZEC in the shielded pools. A larger number here could imply multiple things all of which seem positive:
    • Maybe a few large whales decided that it’s valuable to increase their shielded holdings.
    • Maybe a few large whales decided the risks of shielded storage were decreasing, so it makes more sense to scale up their shielded holdings.
    • Maybe more small users want to either store or transact ZEC in the shielded pool.
    • Maybe some users want to store ZEC and/or transact in the shielded pool, but it’s been too difficult, and those barriers are being overcome to tap into this “latent demand”.
    • Maybe users strongly value privacy, and they see growth here and associate that with more privacy.
    • Maybe more users want to use shielded memos, and those are only available by interacting with the shielded pool.
  • USD-equivalent value of the shielded pool - If this goes up/down, it could either be because of ZEC price increase/decrease or ZEC moving into/out-of the pool.
    • If it grows, it represents some market confidence in dollar terms about the value of the shielded pool/tech even if new ZEC isn’t entering the pool because the price is going up, or even if the price isn’t going up but more ZEC is entering the pool.
  • USD-equivalent per day earned by miners.
    • There’s much explored about this from across the PoW space, especially of course around Bitcoin.
    • If this is increasing, we should expect more miners and/or mining.
    • More mining either means more long ZEC positions or more dollars worth of ZEC getting sold from miners and distributed to buyers.
    • More mining means more competition in the mining market which can be good for decentralization.
    • Miners receive revenue directly from Zcash. Zcash is dominant for its mining hardware niche. This means unlike multicurrency products/services (exchanges/wallets/etc…) miners are more likely to pay higher costs for shielded adoption for the same amount of benefits versus exchanges or wallets. For this reason, I am very curious if miners can be one source of shielded adoption. With Heartwood we’ll get to see if the shielded coinbase is of interest to mining pools and miners.
  • Shielded Coinbase adoption - As just described, if we see growing adoption of shielded coinbase, this would be a signal that miners value the benefits and are able to adopt the upgrade.

Why do I think shielded / transparent ratios are a red herring?

Fully shielded z2z transaction privacy doesn’t depend at all on the ratio of transparent to shielded funds or transactions. Shielded network effect in terms of goods or services don’t depend on the ratio either, since that just depends on if the service provides a shielded address or not (regardless of if it provides a t-address).

A naive measurement of the privacy set is just every shielded output, which grows with every shielded transaction of any type: z2z, z2t, t2z.

Privacy researchers have shown us a bunch of ways that interacting with t-addrs reduces privacy. This shows us we can identify many of these outputs because users treat the shielded pool like either a mixer or as just a mandatory transitory stage where they don’t even care much about privacy (for example for miners who just want to deposit directly to an exchange to sell).

None of those research results impact fully shielded transactions. If we subtract all of the outputs identified by those “mixer analysis techniques”, we would see the anonymity set grow proportional to at least the number of fully shielded z2z outputs. (Some z2t and t2z transactions also have stronger privacy, but we can ignore them for simplicity.)

So, every time there’s a fully shielded transaction, the anonymity set grows and privacy is strengthened for all future users. It doesn’t matter if there are 0 transparent (or t2z or z2t) transactions or a billion of them. That has no impact on chain privacy properties of the shielded pool.

By the same reasoning, it doesn’t help privacy at all to turn off transparent transactions with the unrealistic assumption that wouldn’t affect shielded usage rates. Of course in reality that could either stimulate more or less shielded transactions (as I posted about elsewhere in thread).

So if we care about growing the privacy protections and all the other beneficial network effects of fully shielded Zcash, we should be laser focused on growing fully shielded z2z transactions and fully shielded ZEC.

3 Likes

ECC + Zfnd are doing the most helpful basic building block technically by providing open source libraries and code. ECC also does regular outreach to check on compliance concerns and we engage with regulators so that we learn from both sides of that conversation and we provide clarifications to both parties.

Aside from advocacy and building tools, anything that makes shielded ZEC more financially attractive might spur adoption. One example is the early work Zfnd + Cosmos Foundation have done on a Cosmos Zcash Pegzone.

That design allows user to stake shielded Zcash in the pegzone and it also only supports transferring ZEC from the main chain to the pegzone through the shielded pool. If wallets or exchanges want to support those cross chain transfers or staking for their users, they’d need to upgrade to support shielded. We’ve seen exchanges adding staking support on behalf of users elsewhere, so I believe that’s an incentive that might make sense to their bottom line.

3 Likes

I think Zcash being first and more tradeable are directly related to t-addr availability. So again, I think t-addrs are a mixed bag. Benefits and costs.

1 Like

Not, because I trust the ZEC developers to do what’s technically best.

I hear everything you are saying and thank you for the detailed answer but most of it relies on the assumption that I should care about the price. I just want to have fungible, digital cash, using this amazing ZK tech. And having t-addresses is not helping in that direction.

2 Likes

Is anyone working on getting updated analysis about the extent to which these unsafe practices still persist?

Edit: pinging @daira for this

3 Likes

Wouldn’t the miner fee shielded too? otherwise, it might be possible to deduce the “worth” of transaction when Zcash has the growth where block-space is crowded like Bitcoin.

In our current state, I find two metrics most appealing to measure Zcash adoption/success:

  1. Measuring growth of shielded z2z transactions (just raw count - doesn’t matter it is game-able, let people do it, how long are they going to do - forever?? what do they gain out of it). It increases anonymity set, right?
  2. Total ZEC in shielded pool.
1 Like

Looking forward to see the adoption rate, is there a simple way to measure this? If not, @prastut would you be interested in building this?

Yep. We agree on the first step, which is deploying shielded tech & making it widely accessible. What we are discussing are the next steps that come after it (for Zcash adoption).

My version of next steps (similar to what @anon16456014 mentioned previously in this thread):

  1. Encourage & educate developers, exchanges, people & ecosystem partners who integrate Zcash to adopt shielded tech for 6 months (we can debate if this is good enough) using campaigns (“Shield Your ZEC” or a much better name) run by ECC/ZFnd, ZF grants etc. I really believe in this part working.
  2. Then announce an upgrade to disable t-addr receiving to protect user privacy (within 1 year).

It is really important we do all this - hope we start the campaign around the ZEC halving time.

2 Likes

Not sure if this was replied to yet, but the migration functionality built into zcashd (getmigrationstatus / setmigration) has never used transparent addresses. The migrated funds pass from Sprout to Sapling through the transparent value pool inside a single transaction, which just means that X ZEC flow out of the Sprout shielded pool, and X - fee ZEC flows into the Sapling shielded pool. This has no dependence on any of the transparent address infrastructure.

9 Likes