About that old tweet of mine that dontbeevil posted to this thread:
For what it is worth, I changed my mind after I posted that (a couple of years ago), because of Gordon Mohr’s arguments that taddresses are a good solution to a legitimate need (for example this Twitter thread), and because of getting more experience with use-cases that require transparency: proof-of-reserves, turnstiles for assaying the monetary base, coin-holder’s petitions, transparent donations to non-profits, etc.
My current belief is that transparency and privacy are both valuable features for different use cases, and the current “taddr-and-zaddr” architecture lets the user choose different tools for different jobs.
I think we’re missing narrative. It’s hard to acquire new users because they think primary activity on Zcash is just transparent transactions (which is a fact). They would rather use Monero than Zcash.
Zcash can be successful if it is viewed as private store of value, a counter to transparent BTC.
Finally, I can agree with you, I said for a long time that having both open and private transfers is an advantage of zcash, the problem is that this advantage does not develop in any way, and it has come to the point that now many are starting to say that this is even bad. Give a practical answer in what and why there should be a choice through examples and achievements. I draw attention to my previous post about commissions, I think that increasing commissions is bad, you need to act through achieving comfort in what is considered a priority and the old will not be used.
No. P2PKH addresses (t1...) can be replaced by z-addrs + viewing keys, but P2SH addresses (t3...) support the Bitcoin script system, and therefore funds in those addresses can be encumbered in a variety of different ways that shielded addresses do not currently support.
Now, once there is a usable multisig option for shielded addresses, the vast majority of observed P2SH use cases would be satisfied. I conducted a survey last year which found that (as of block 606537):
95.5% of all observed P2SH addrs had been used in a spend.
Of these spends, 99.97% were a plain t-of-n multisig.
Note that 4.5% of all observed P2SH addrs had unknown scripts, and therefore we could not predict what use cases they might already require. And in any case, the protocol currently supports anything you can do in (Zcash’s version of) Bitcoin script, so there would still be a tail of use-cases that would be lost by dropping t-addrs.
Correct; the “turnstile” exists entirely inside transactions for in-flight funds, not in any static ZEC residing in a particular address.
TBH, I love this temporary strategy but without true narrative, clear value proposition for new users. It’s hard to be a winner in private crypto space.
I didn’t say that turnstiles required t-addresses, I said that turnstiles require transparency.
We want a transparent (publicly-visible) accounting for how much ZEC is in each pool and how much moves from older pools to newer pools, in order to let people audit the Zcash monetary base for themselves, and in order to enforce that the monetary base can never exceed 21m.
Now given that public transparency is necessary for this purpose (like various other use-cases, a few of which I mentioned above), it can be implemented in a variety of ways. Gordon Mohr makes a solid argument (for example here) that t-addresses have advantages over other possible ways to implement such transparency. Certainly they have the advantage that they are already implemented, very widely supported (much more widely implemented than almost any competing cybercoin), and widely understood.
His argument was so strong that it forced me to reconsider my previous belief that t-addresses should eventually be deprecated. (I could still swing back to that idea if I had a clearer view of what would be able to replace them in all of those use-cases.) The fact that Gordon comes up with these arguments that I can’t find a hole in and that force me to change my mind is why I asked him to serve on the Electric Coin Co’s Technical Advisory Board when we founded the company.
This reasoning is different from regulatory concerns or even having shielded multisig being available. t-address having these advantages doesn’t mean we need to rely on them. I agree we can’t deprecate now, but I’m not convinced that we need to keep them forever. We will succeed when the ecosystem treats zaddr as primary citizen & first choice, it doesn’t seem to be case for valid reasons.
Increasing fees for transparent txs sounds great for miners but would work better after the usage metrics have essentially flipped like what Nathan mentioned because it otherwise would fall (partly anyways) as an undue tax on the underserved, people who might like whatever service it is in question to provide shields. But because regulatory movement is intentionally slow and they also (for lack af a better term) wouldn’t give two hoots about how much more users have themselves decided to pay I don’t see it being a very effective means to accelerate reaching that future point, where verifying zkps isn’t even a thing
Do we even need to support this use-case: transparent donations to non-profits (they can publish viewing key like I said for others to verify if they really want donations from ZEC holders. IMO BTC is perfect use-case for them).
For proof of reserves, coinholder petitions, does ZKP work?
I agree that t-address is somewhat needed (for transparency) as long as we still have more than one shielded pool.
Also, we really should encourage organic shielded address adoptions rather than forcing everyone to adopt it. Let’s make the use-case for shielded so obvious, and make its adoption so easy that people just naturally pick shielded address.
I hear you but I’m exhausted, hope other community members can continue the discussion.
Building consensus to deprecate t2t, then t-addr → Setting up timelines & partnering with partners, wallets to support deprecation will force us in making zaddr first class citizen & build any missing functionalities that lets users pick shielded address. Once users know t-addr will go away sometime in future, they will move it shielded pool for their own safety & privacy.
I totally agree with deprecating t-address sometimes in the future but I will not support removing t-address before z-address adoption picks up. To sum-up my stance on this matter:
I support deprecating t-address IF
More than 50% of daily transactions are z-to-z for at least one month
More than 90% of miner’s reward are mined directly into z-address for at least one NU period
I do not support deprecating t-address IF
More than 50% of ZECs stored in t-address
More than 50% of major projects building interoperability with other chains/fiat support only t-address
Oh, is there any party that wants to keep t-address forever? I have always regarded the compromise to be “temporary”, which can mean another halving or two.
I have come to realize this implicit assumption is wrong & we need to make it explicitly clear as we don’t see ZF or ECC taking an official stand on this. Hence the ZF poll.
Yes, I think most disagreement people have is on the timing. I guess we can group people into 3 groups:
“we should depecrate t-addr as soon as possible”. Certainly not me.
“we should depecrate t-addr but only when we’re ready to do so”. Here, we can discuss what does it mean to be “ready”.
“we should never get rid of t-addr”. I would really like to hear from people who thinks that t-addr should be maintained for as long as Zcash protocol runs.
I assume that most people here are in group 1 and 2. I would be really surprised with the existence of group 3 in this forum.