Leap frogging zaddr

This can be solved IMO, we can run a competition so products & services who integrate z-addr (in given time) for their users get ZEC from dev fund.

If you don’t mind me asking - Is there anything that can be done to make integration as smooth as possible? (not familiar with underlying tech implementation)

There are so many reasons, but I wouldn’t compare Zcash with its clones. Zcash is the first crypto to offer unique value to users, that’s why it saw more adoption (with the hopes that users can get privacy benefits when shielded stuff is available). Zcash is more trade-able, trustable than other smaller cryptos

Yeah!

No. Anyone can make a billion addresses. Plus there’s no way to see shielded addresses. So this is not useful.

This number cannot be known, and if it were it’s meaningless. I can write a script to generate a million of these in a couple of hours.

This number cannot be known. Furthermore if it could, I claim it’s irrelevant. (Explained below.)

No. It’s easy for me to create a script that generates bazillions of transactions per day because they’re super cheap so far on Zcash.

Now transaction fees paid is a much better metric in this category. If there were one transaction per day but someone paid a million dollar fee, that’s saying something important about adoption. If there are a million transactions paying a total of a million dollars per day, that says something better about adoption. If there are 10 trillion transactions paying $100 / day, we can’t infer very much. Could be a botnet or a bunch of users.

If you mean fully shielded transactions, then again, I would focus on fees. A fully shielded z2z txn that follows the standard fee (which is important for privacy) costs 0.0001 ZEC. So for 1 ZEC per day anyone could send 10k.

Now if we see a million dollars per day of fully shielded transactions, now that’s something!

Note that fee mechanics in Zcash are somewhat wonky, and that there’s a lot of unused blockspace. So for fees to start to even mean something we’d have to see many more transactions. Those could either be “natural” growth or “spoofed”. Either way until blocks start becoming full, this measurement won’t mean much.

Also, I’m interested in protocol changes like Ethereum’s EIP-1559 (because I think they may improve the Means-of-Exchange use cases) which would alter this metric substantially.

Notice also, that “adoption of hodling” might be an important goal that won’t be directly visible by looking at transaction volumes.

No. I think this ratio is almost irrelevant (explained below).

If there were any privacy-preserving, non-gameable way to measure this, I think it would be a very useful metric.

The problem with this kind of metric is that it’s inherently at odds with privacy or else it’s gameable. Still, I think there could be useful proxy metrics.

For example, the total amount of bandwidth a lightwalletd instance serves to shielded mobile clients for syncing is a proxy measure. It is gameable because I could cook up a script to continually sync data then throw it away. But there’s some cost to that, so I can’t simulate a million users without substantial cost.

So maybe this is a good metric to watch. Now I don’t think we can easily guess “monthly active users” directly from “total bandwidth in the past 30 days”, but we can and should watch if the latter metric is growing. If it’s growing exponentially, for me this argues for natural adoption more than spoofing, because for spoofing that means exponentially growing costs.

Here are some you didn’t mention that I think are important to consider:

• The total ZEC in the shielded pools. A larger number here could imply multiple things all of which seem positive:
  • Maybe a few large whales decided that it’s valuable to increase their shielded holdings.
  • Maybe a few large whales decided the risks of shielded storage were decreasing, so it makes more sense to scale up their shielded holdings.
  • Maybe more small users want to either store or transact ZEC in the shielded pool.
  • Maybe some users want to store ZEC and/or transact in the shielded pool, but it’s been too difficult, and those barriers are being overcome to tap into this “latent demand”.
  • Maybe users strongly value privacy, and they see growth here and associate that with more privacy.
  • Maybe more users want to use shielded memos, and those are only available by interacting with the shielded pool.
• USD-equivalent value of the shielded pool - If this goes up/down, it could either be because of ZEC price increase/decrease or ZEC moving into/out-of the pool.
  • If it grows, it represents some market confidence in dollar terms about the value of the shielded pool/tech even if new ZEC isn’t entering the pool because the price is going up, or even if the price isn’t going up but more ZEC is entering the pool.
• USD-equivalent per day earned by miners.
  • There’s much explored about this from across the PoW space, especially of course around Bitcoin.
  • If this is increasing, we should expect more miners and/or mining.
  • More mining either means more long ZEC positions or more dollars worth of ZEC getting sold from miners and distributed to buyers.
  • More mining means more competition in the mining market which can be good for decentralization.
  • Miners receive revenue directly from Zcash. Zcash is dominant for its mining hardware niche. This means unlike multicurrency products/services (exchanges/wallets/etc…) miners are more likely to pay higher costs for shielded adoption for the same amount of benefits versus exchanges or wallets. For this reason, I am very curious if miners can be one source of shielded adoption. With Heartwood we’ll get to see if the shielded coinbase is of interest to mining pools and miners.
• Shielded Coinbase adoption - As just described, if we see growing adoption of shielded coinbase, this would be a signal that miners value the benefits and are able to adopt the upgrade.

Why do I think shielded / transparent ratios are a red herring?

Fully shielded z2z transaction privacy doesn’t depend at all on the ratio of transparent to shielded funds or transactions. Shielded network effect in terms of goods or services don’t depend on the ratio either, since that just depends on if the service provides a shielded address or not (regardless of if it provides a t-address).

A naive measurement of the privacy set is just every shielded output, which grows with every shielded transaction of any type: z2z, z2t, t2z.

Privacy researchers have shown us a bunch of ways that interacting with t-addrs reduces privacy. This shows us we can identify many of these outputs because users treat the shielded pool like either a mixer or as just a mandatory transitory stage where they don’t even care much about privacy (for example for miners who just want to deposit directly to an exchange to sell).

None of those research results impact fully shielded transactions. If we subtract all of the outputs identified by those “mixer analysis techniques”, we would see the anonymity set grow proportional to at least the number of fully shielded z2z outputs. (Some z2t and t2z transactions also have stronger privacy, but we can ignore them for simplicity.)

So, every time there’s a fully shielded transaction, the anonymity set grows and privacy is strengthened for all future users. It doesn’t matter if there are 0 transparent (or t2z or z2t) transactions or a billion of them. That has no impact on chain privacy properties of the shielded pool.

By the same reasoning, it doesn’t help privacy at all to turn off transparent transactions with the unrealistic assumption that wouldn’t affect shielded usage rates. Of course in reality that could either stimulate more or less shielded transactions (as I posted about elsewhere in thread).

So if we care about growing the privacy protections and all the other beneficial network effects of fully shielded Zcash, we should be laser focused on growing fully shielded z2z transactions and fully shielded ZEC.

ECC + Zfnd are doing the most helpful basic building block technically by providing open source libraries and code. ECC also does regular outreach to check on compliance concerns and we engage with regulators so that we learn from both sides of that conversation and we provide clarifications to both parties.

Aside from advocacy and building tools, anything that makes shielded ZEC more financially attractive might spur adoption. One example is the early work Zfnd + Cosmos Foundation have done on a Cosmos Zcash Pegzone.

That design allows user to stake shielded Zcash in the pegzone and it also only supports transferring ZEC from the main chain to the pegzone through the shielded pool. If wallets or exchanges want to support those cross chain transfers or staking for their users, they’d need to upgrade to support shielded. We’ve seen exchanges adding staking support on behalf of users elsewhere, so I believe that’s an incentive that might make sense to their bottom line.

I think Zcash being first and more tradeable are directly related to t-addr availability. So again, I think t-addrs are a mixed bag. Benefits and costs.

Not, because I trust the ZEC developers to do what’s technically best.

I hear everything you are saying and thank you for the detailed answer but most of it relies on the assumption that I should care about the price. I just want to have fungible, digital cash, using this amazing ZK tech. And having t-addresses is not helping in that direction.

Is anyone working on getting updated analysis about the extent to which these unsafe practices still persist?

Edit: pinging @daira for this

Wouldn’t the miner fee shielded too? otherwise, it might be possible to deduce the “worth” of transaction when Zcash has the growth where block-space is crowded like Bitcoin.

In our current state, I find two metrics most appealing to measure Zcash adoption/success:

1. Measuring growth of shielded z2z transactions (just raw count - doesn’t matter it is game-able, let people do it, how long are they going to do - forever?? what do they gain out of it). It increases anonymity set, right?
2. Total ZEC in shielded pool.

Looking forward to see the adoption rate, is there a simple way to measure this? If not, @prastut would you be interested in building this?

Yep. We agree on the first step, which is deploying shielded tech & making it widely accessible. What we are discussing are the next steps that come after it (for Zcash adoption).

My version of next steps (similar to what @anon16456014 mentioned previously in this thread):

1. Encourage & educate developers, exchanges, people & ecosystem partners who integrate Zcash to adopt shielded tech for 6 months (we can debate if this is good enough) using campaigns (“Shield Your ZEC” or a much better name) run by ECC/ZFnd, ZF grants etc. I really believe in this part working.
2. Then announce an upgrade to disable t-addr receiving to protect user privacy (within 1 year).

It is really important we do all this - hope we start the campaign around the ZEC halving time.

Not sure if this was replied to yet, but the migration functionality built into zcashd (getmigrationstatus / setmigration) has never used transparent addresses. The migrated funds pass from Sprout to Sapling through the transparent value pool inside a single transaction, which just means that X ZEC flow out of the Sprout shielded pool, and X - fee ZEC flows into the Sapling shielded pool. This has no dependence on any of the transparent address infrastructure.

Thanks @str4d for clarifying! This is why I love Zcash devs.

I’m not aware of any.

I’d love to see an open source API that provides information from the various heuristics in info about transactions. Then block explorers like the Zcash-enabled Insight fork could augment their API to show warning/compromise flags next to outputs linked by the heuristics.

If anyone is interested in working on that as a project, let me know and I’ll see how I can support you.

The distinction between the current ‘legacy’ coinbases versus shielded coinbases will be directly visible in each block’s coinbase. I’d love to see a site that charts the amount of shielded coinbase over time.

If anyone’s interested in working on this, let me know and I’ll see how I can support that.

Would this be in scope for ECC’s current funding? Or ZF’s? Or must it be third-party?

I’m going to see how we can prioritize it at ECC. When I said “I’ll see how I can help” I meant in any way I can influence: ECC priorities, supporting ZF Grant applications, Gitcoin campaigning, testing their code and filing tickets, etc…

So far at ECC we’ve been prioritizing things like (a) making shielded tech usable in the first place (via mobile wallet team and librustzcash improvements), and (b) engaging with regulators and compliance people to advocate for the legitimate use of privacy to protect individuals and businesses.

However, given the imminent ECC wallet open sourcing, progress by ZecWallet, and (apparent) adoption metrics like this tweet suggests it might be time for ECC to turn our attention to these other important issues. It might not. We may decide we need to follow through more on current priorities.

Also, while those shielded transaction rate metrics are a welcome sign, I still believe it’s too early to distinguish broad adoption (which helps privacy globally) from narrow use cases or services (which may not contribute enough to actual privacy if only a few services see most of the new traffic), so one of our priorities may be to define and distill better privacy adoption metrics.

Fortunately Kappos et al. have a fantastic repository with Docker containers for their Sprout-based work, which would presumably need to be updated to handle Sapling transaction data.

Regardless of shielded adoption levels, it’s my personal opinion that having good updated research on unsafe use of Zcash (in the style of Kappos et al.) could help to drive shielded support and better inform interested users and ecosystem participants of potential dangers of transparent pool interaction by giving accurate up-to-date information on what actually happens on chain.

Yes, you are right. A “first-price-auction” fee market like Bitcoin’s would leak information about the user’s private activities. One of the many benefits of an “algorithmic fee market” like Ethereum’s proposed EIP-1559 is that it would reduce this information leakage. Vitalik opened this github ticket to explore an algorithmic fee market for Zcash: Evaluate alternative transaction fee market mechanisms · Issue #3473 · zcash/zcash · GitHub

By the way, a related problem that might be also be at least partially solvable with similar techniques is the problem that adding User-Defined-Assets (like ERC-20 tokens but on top of Zcash) might undermine the value of ZEC coins. I wrote a twitter thread about the problem and about one idea I had for how to mitigate it: https://twitter.com/zooko/status/1243303909830955010

That is interesting - “Max ZEC fee” with algorithmic shielded rebate - https://twitter.com/zooko/status/1243303934078234624

Not sure if there is a better solution