- A Prelude Reflecting on a Prelude
- Financial Disclosures of the Author’s Interests
- Competition and Coöperation
- Bitcoin and Zcash give to each other!
A Prelude Reflecting on a Prelude
To set the tone for this post, I will first indulge a little walk down memory lane.
To the best of my knowledge, the first-ever mainnet financial transaction using zk-SNARKs occurred on the Bitcoin blockchain—when Zcash was still in prerelease development. The implementation was produced by Zerocash/Zcash team members @ebfull and @madars, together with Bitcoin Core developers Greg Maxwell and Pieter Wuille. It was based on a payment protocol that Maxwell had invented in 2011. It did not use zero-knowledge proofs for privacy, but rather, to enforce trustless terms of payment; zero-knowledge proofs have so many uses! The results were written up by Maxwell, and announced by him on the Bitcoin Core blog on 2016-02-26:
(Better link: Onion.)
A few weeks later, @zooko announced this on the official Zcash Company (later Electric Coin Company) blog, with reference to Maxwell’s Bitcoin Core post:
On the Zcash (now ECC) blog, @ebfull later discussed an attack that was discovered on the protocol used in the 2016 public proof of concept, and mitigations that would protect against that attack:
I think that’s an exemplary demonstration of coöperation between Bitcoiners, and the people who were actively developing a new privacy-altcoin.
Financial Disclosures of the Author’s Interests
In general, my finances are nobody’s business but my own. That is, to me, a principle of what I call privacy culture. However, I am also strongly opposed to any mishandling of conflicts of interest. As an author and a coder who wants to seeks to advocate for the future direction of Zcash, I believe it is ethical and appropriate for me to make a public statement about how my own agenda may personally benefit me. I will link to this post from elsewhere, as warranted.
I hold ZEC. Since early Sprout, I have never not held ZEC in amounts that are financially quite significant to me.
Actually, due to a recent mishap with a BTC margin account, I currently have much more value in ZEC than in BTC. I usually hold more value in BTC than in ZEC, but this is not the first time that ratio has been inverted. A dirty secret that will shock my Bitcoin maxi friends: I missed the opportunity to sell BCH, because on 2017-08-01, I had only ZEC and no BTC. That was an unusual position for me, and it is not one that I wish to repeat.
I hold BTC, and I want to hold much more of it. As a goldbug at heart, I agree with this:
However, I have sometimes publicly called a lack of privacy Bitcoin’s “fatal flaw”. I have been passionately yearning for zero-knowledge privacy since 2013, when I first heard of @Matthewdgreen’s Zerocoin—the concept for Bitcoin which begat Zerocash, which begat Zcash. It is only natural that I became a Zcasher.
(Note: The onebox metadata are wildly wrong. That page, which is on Lopp’s site and not Medium, is from 2014 and not 2019.)
I currently (and usually) have 0 XMR and 0 ETH, although I have sometimes used both chains. I personally have a longtime dislike for Ethereum, but I must applaud them for contributing financially so they can benefit from a project that has not substantially benefitted from their code. The Ethereum Foundation’s payment to ECC is Doing The Right Thing—in sharp contrast to the santimonious, hypocritical “gimme, gimme” attitude from Monero. And I am happy to see Ethereum take up the technology that I want to see in Bitcoin!
Why? Besides the shining example of Zcash, I have recently been promoting Tornado Cash, Aztec Protocol, and also, Solana’s zero-knowledge token extensions to some Bitcoiners who are too myopic to see the value of my desire for strong privacy in Bitcoin. The more privacy that Ethereum gets, the stronger my arguments will be for privacy in Bitcoin. Bring it on!
(Oh, as a C coder...)
…I enjoy programming on Solana—although the technology is immature and unreliable, and I dislike the project’s long-term direction. I severely dislike EthVM and its clones. I have some ideas for my own to compete with that—maybe someday.
I also have some financial investments in zero-knowledge coins that may turn out to be viable competitors to Zcash. I wish not to name them here. Partly to protect my privacy—and partly because as a ZEC long-term holder, I do not think that the Zcash forum is an appropriate venue to promote my long-shot, high-risk investments in obscure upstarts that thus far lack Zcash’s long track record of delivering results.
Competition and Coöperation
As a Bitcoiner, I always point to Zcash as the premier zero-knowledge privacy implementation. I highlight Zcash as the coin that has what Bitcoin needs. And I beat some of the less-thoughtful Bitcoiners over the head with Ethereum and Solana zero-knowledge projects, which they had better worry may eat their BTC lunch!
I am a long-term thinker. Am I a Bitcoin maxi? Sort of; I have been contemplating an essay entitled “The Minimal-Maximalist Manifesto”, if that makes any sense. But I don’t do groupthink. I am not a shill or a cheerleader—not for Zcash, and not for Bitcoin, either.
I think that competition is healthy for those who have the merits to compete. Bitcoin is the biggest, because it is the best at most things. Bitcoin is hands-down the most decentralized coin—the coin where you don’t need to worry about any particular party becoming corrupted. Bitcoin has the most trustworthy codebase: Bitcoin Core is a masterpiece of financial software engineering, not a child’s toy. I read the code of glitzy new coins, and I run screaming back to Bitcoin—Bitcoin, which is slow, clunky, and rock-solid trustworthy for value in the $billions and the $trillions.
But it always needs continuing innovations. And it has what I have called a “fatal flaw”: A disastrous lack of privacy.
I understand that Satoshi faced a dilemma between Digicash-like centralized unlinkability, versus his own brilliant innovation of repurposing Hashcash POW to resolve inconsistencies in BFT distributed consensus, with no central authority. He lacked the technology to have both decentralization and privacy—pick one of two, either-or!
Satoshi was clearly interested in making Bitcoin transactions unlinkable—even in zero-knowledge proofs. He just didn’t know how. Nobody yet did. This provided an opportunity for Mike Hearn, et al. to sow bad memes touting blockchain analytics, “taint tracing”, and coin blacklisting. They failed to standardize surveillance and censorship in Bitcoin, because Adam Back and others gave a furious no. (N.b. that both of the two preceding links mention Zerocoin.) Ever since then, Bitcoin has been a battleground between pro- and anti-privacy forces.
On grounds of accomplished facts, Bitcoin set some important precedents. Most were for the good: Be Your Own Bank, politically neutral international currency—in so many ways which naysayers would have claimed no government would ever allow, Bitcoin has made the world a better place. Fait accompli. But Bitcoin’s unfortunately transparent blockchain set a bad precedent. Now, anyone who wants privacy is fighting against accomplished facts.
I frankly leverage Zcash as an argument for privacy in Bitcoinland—and on the flipside, some of my near-future posts here will leverage Bitcoin as an argument for improvements to Zcash.
But I do not see this only in terms of competition. I think that Bitcoin and Zcash have some great synergies, which could be enhanced for mutual benefit. Competition will will save them from the negatives of ossifying, or even of degenerating. Coöperation brings positive values to both.
Bitcoin and Zcash give to each other!
In the spirit of open source, Zcash has greatly benefitted from what I view as a symbiotic relationship:
Zcash copied its original codebase from Bitcoin Core v0.11.2 (partly brought up to v0.12, which was apparently what I had remembered), and added on top of that the core Zcash competence: Zero-knowledge privacy.
For only one example of major improvements that Zcash has copied from Bitcoin after that: It took Zcash five and a half years finally to kill the openssl abomination with fire. Along the way, the work was almost entirely done by Bitcoin Core—not the least of which was writing a high-security, high-performance cryptographic primitive implementation from scratch. I noticed the speedup, when Zcash pulled in Bitcoin’s secp256k1! Besides that, merges from upstream Bitcoin were probably the dominant factor in the >50% speedup that Jameson Lopp measured in Zcash IBD between his 2018 and 2020 benchmarks.
Much of my Zcash wishlist could be satisfied by merges from upstream Bitcoin. Zcash is way behind Bitcoin on things like multi-wallet support in the node, the switch from leveldb to sqlite3 for the wallet, numerous security and privacy improvements on the network layer—I will save the list for other posts, and/or for Github.
Thus, the question reasonably arises: Who pays for all of the MIT-licensed Bitcoin Core code that Zcash freely copies in the open-source spirit?
The answer: Many people. In a fully decentralized way.
I have been thinking a lot about this, because I have been recently been engaged in private discussions with a wealthy Bitcoiner who wants to work out a long-term strategy for donating significant amounts to support Bitcoin Core. That is altruistic, very generous—and also self-interested, for the same reasons that @zooko describes as to ZEC. Needless to say, the concrete results of such generosity would be MIT-licensed just like the rest of Bitcoin.
These contributions by Bitcoin Core’s BTC-holding supporters to Zcash constitute a prime example of what BlockAdvisors (via @zooko) say: “Positive feedback loops create positive externalities!”
There is room for more than one currency in the world. Nothing created by human hands is ever perfect. Bitcoin must never rest on its laurels. Zcash has a small dev team with limited resources, and with deep knowledge within a narrow specialty. Zcash makes world-changing innovations, when it focuses on what it does best; it falls behind when it tries to reinvent the wheel.
I think that the subset of Bitcoiners who want to crush all altcoins are as thoughtless as altcoiners who fantasize about replacing Bitcoin. Of the thousands of altcoins that have been made, most have nothing to offer but a speculative bet on selling for a higher price to the greater fool. Some altcoins have merits of their own. Some altcoins have fundamental value! Zcash is one of them. I have foreseen for years that zero-knowledge proofs will take over the world. Zcash is the leader of that revolution.
Even if, hypothetically, Bitcoin were to create a BTC Orchard shielded value pool tomorrow, the privacy specialists at Zcash would still be moving ahead with the next generation of privacy technologies: ZSAs, further enhancements to zk-SNARKs, perhaps even someday a practical usage of per-transaction zk-STARKs—plus numerous other potential applications of zero-knowledge proof technology.
As a Bitcoiner and a Zcasher, I love to see that.