Removing (some) state from the chain


One privacy caveat of all existing privacy coins is that while encrypted, all data is still committed to an immutable ledger. Thus, if someone were ever able to break the encryption, the have access to all prior transaction history. This is also an argument the Lightning Network likes to highlight.

Now I’m wondering - does that have to be? Would it be possible to have some mechanism, maybe akin to a rollup, that would keep sender/receiver off the chain? In my head, what I think about is storing an encrypted Zcash “note” directly on my own device; if I want to send it, I copy the ciphertext out-of-band to the recipient who can then create a new note from it, invalidating my existing one.

Would such a thing be possible at all? Beyond privacy, this could in theory also scale the blockchain as less data needs to be written to it.

Thanks :).


Yes, see for example Shielded transaction aggregates · Issue #4946 · zcash/zcash · GitHub :

The potential reduction in chain size after trimming is 97.7% relative to Sapling, and ~99.3% relative to Orchard.


Love it, very interested in seeing that work one day! :slight_smile:

1 Like