Some thoughts on Signal, Mobilecoin, and Zcash

This is all from a twitter thread: https://twitter.com/secparam/status/1380352749859135489

Mobilecoin is in Signal. What would it have taken to put Zcash there instead? Signal wanted 1) fast payments (< 5 seconds) 2) capacity/scale. “Snarks are slow” you heard. So clearly Zcash needs new crypto break throughs and it’s out in the cold until there’s new science? Nope.

Zcash in Signal needed fast payments and scale. So you need a blockchain with fast (say sub 5 second) confirmations. You won’t get that from traditional PoW. Maybe DAG protocols. And BFT or PoS works. Thankfully, Zcash’s tech is consensus agnostic, we just need a blockchain.

So switch to PoS or a DAG. Done. But now you need scale to handle all those users. That probably requires years of new R&D right? Well, no. Once you’ve swapped consensus algorithms, you can easily handle more than enough zkSNARK transactions today. So no problem there.

Finally, for fast payments you need zkSNARK proof generation to be fast. It’s 2 seconds on mobile now. Not fast enough for you? I disagree, but theres at least 2 to 3x speedups in simple optimizations in the circuit and/or proving code. Couple of weeks of work to mock up.

So, to put Zcash or its tech in Signal, you’d need to move to a faster consensus algorithm like DAG/BFT/PoS and optimize your proving code/circuit. That’s it. You’d get fast < 5 second private payments that can handle thousands of payments per second.

There are two ways to look at this. 1) is we missed the boat. I don’t think thats it. Instead we are much better positioned for the next one. But this requires doing a number of things differently post halo.

If ever there was a good application for second-layer txs, then it’s signal users paying each other. You get the benefits of speed (instant confirmation) and true scale (no bloating the chain).

How’s Bolt coming along?

We are we assuming second layer ? The point is Zcash (as privacy tech) is capable of handling that volume at layer one with existing technology today.

It is a clear feedback from the Signal userbase. It seems that either people want a separate app to do the payment, (Some positive words highlighted how easy it was to make payments by picking the recipient’s money via their contact list) or they at least wanted a currency that already existed / more trustable than mobilecoin.

So to resume, it seems people are interested in fast private payments with a easy to use interface (pick up the recipient from your contact list?), and not necessarily integrated in the chat app.

Interesting feedback for some wallet developer teams.

A few thoughts:

• I think—especially at Signal’s scale and potential future scale—you need careful user research to gauge what their userbase wants, and the reaction on Twitter etc to the mobilecoin announcement isn’t a great proxy for that.

• “What would it take to get Zcash in Signal?" is a very useful question to be asking, especially since Signal has indicated in their announcement an openness to adding support for other networks in the future, and obviously this would be huge for Zcash adoption and ease-of-use.

• What are the tradeoffs that various <5 second transaction time blockchains make in order to achieve this? Are those tradeoffs really compatible with Zcash privacy and decentralization requirements?