Some usability / adoptability suggestions

I have some high-level suggestions for the Zcash team in the area of the overall usability and public adoptability of Zcash. These are ultimately based on some Really Deep Thoughts about the nature of money in human culture, but I’ll spare you the metaphysics.

My assumption, following the Hello World blog post, is that Zcash is about the private, trust-less, non-intermediated transfer of value from party A to party B and that any other uses (smart contracts, yada yada yada) are totally incidental.

First suggestion: Completely ditch all “coin” related terminology and metaphors and break Zcash away from the whole alt-coin realm. The “coin” thing is crowded, dated, and tainted. Build on the technology, but break free of the paradigm. I think from the name (Zcash), you may already be heading in this direction either implicitly or explicitly, but either way, I say go for it and go big. Just jettison all the conventions that have grown up around alt coins and let Zcash make its own rules. As a start, I would go through all of the documentation that exists currently and wherever the word “coin” appears, substitute either “currency” or “unit” as appropriate.

Second suggestion: Following from the above, I suggest changing the terminology for a unit of Zcash from ‘ZEC’ to just ‘Z’. Maybe 1/100th of a ‘Z’ should be a ‘z’, although that could cause verbal confusion and it’s also possible that in practice in the era of cryptocurrencies, the notion of labeled subdivisions of currency units is archaic and people will easily adapt to the use of decimal values of arbitrary precision (e.g. 0.013Z). That’s certainly how I use bitcoin – I never think in terms of Satoshis or micros, millis or whatever else people have proposed.

Third suggestion: I don’t think this matters in the long run, but initially, for the sake of adoption, I think it would be a good thing if the value of the primary unit of Zcash currency (i.e. the equivalent of 1 BTC) was immediately relatable to a lot of people. Because of their global use and relatively close unit valuations, I think that if the value of the primary Zcash unit was in the range of 1 to 10 Dollars/Euros, that it would help adoptability a lot. I’m not really sure how you do this in practice, but maybe by looking at the values of bitcoin and the various alts you can make a guess at what the total cap of units should be set to so that the initial value would likely fall in this range.

Fourth suggestion: I know that this is dev times with Zcash and that all the existing discussion and documentation is dev related and thus deals with ‘inputs’ and ‘outputs’, ‘transparent’ and ‘protected’ cash, ‘pours’, and etc. That’s all fine for architecting and developing the underlying plumbing, and this suggestion is mostly about building clients/wallets, but it also bears on communicating about Zcash outside of dev circles even now. Before Zcash rolls out to real public adoption all of the arcana should be completely hidden from end users and the only metaphor that should be presented to Joe (Sixpack) is the relatively instant private transfer of a specific quantity of Zcash from Joe’s wallet to Anne’s wallet, or Joe’s wallet to All Joe cares about is how much he is sending and to whom. Joe should never hear anything about “inputs”, “outputs”, and “change”. From his point of view he sends exactly the amount of whatever transaction he is effecting and the end result is that his wallet’s balance is debited by exactly that amount. I understand in high-level terms how the zerocoin protocol runs on top of a “transparent” bitcoin-like blockchain and so I get what a “transparent” coin is. Joe should never, ever need to know about them. That should all be part of the hidden plumbing and Joe should only ever think about and interact with Zs with which he can assume all his transactions carry a strong privacy guarantee. On the receiving end, Joe should be able to think of his wallet as a singular entity (he should not have to think about different public addresses), but still be able to rely on maximum privacy / anonymity for his transactions. I have thoughts about how to accomplish this in practice, but it goes beyond the scope of this note and I’m sure there are better ways that I haven’t thought of.

Fifth suggestion: I think Bitcoin’s primary achilles heel from the beginning has always been speed / bandwidth of transactions. A cash transaction is instant: you hand someone some currency and it’s done. That speed facilitates exchanges that become impractical with long settlement wait times. Block creation should be architected to handle orders of magnitude more transactions than the current Bitcoin blockchain can, and settlement times should be as close to instant as is possible in practice (while maintaining acceptable security). Think of a use-case where you go to the coffee shop and instead of handing the cashier a $5 bill for your latte, you instead wave your phone in the vicinity of the register and you paid for your coffee instantly and with the same level of anonymity as handing over the $5 bill (but without figuring out what to do with useless pennies). That’s the world we should live in.


Those are a lot of cool ideas and suggestions that I will bounce off Zooko today.

Regarding “Coin”… unfortunately, there are a few conflicting definitions. In the zerocash paper Coin is a structure which stores some value and other details used for the scheme. We tried to change this term to “bucket” or even “pour output” (which is probably semantically more accurate) but we keep bouncing back and forth. I hope that we can put a glossary together of terms that we can commit to, but probably not yet. See #539.

Think of a use-case where you go to the coffee shop and instead of handing the cashier a $5 bill for your latte, you instead wave your phone in the vicinity of the register and you paid for your coffee instantly and with the same level of anonymity as handing over the $5 bill (but without figuring out what to do with useless pennies). That’s the world we should live in.

I absolutely agree.


Some great suggestions here and the first being the most important in my eyes.


FWIW, It would be nice to be terminology consistent throughout, but I don’t think it really matters that much in the realm of developer models and docs, or in conversation among developers. Obviously everyone who is working on writing code for Zcash right now is someone who is familiar with, and already deeply involved in building on top of, the “coin” metaphor and code that is a more or less direct derivative of bitcoin core. And maintaining those terminologies, models, and metaphors at the developer level might be the most pragmatic decision for now.

All of my suggestions are directly addressing how Zcash is presented to users. And if a Zcash user ever needs to consult any kind of glossary, that would signal to me a total fail in my having made those suggestions either clear enough or compelling enough.


These are great suggestions. I especially appreciate your focus on usability, user experience, and terminology / conceptualization.

We’ve been trying to find the right terminology both on the technical front as well as for end-users. I agree with your intuition that we needn’t bother most end users with differences like confidential versus transparent amounts, and by default we’ll just have confidential behavior.

I’m curious about your last issue. You’re describing a point-of-sale use, and you mention both high network transaction volume as well as quick settlement. Whenever I see a bundle of assumed functionality I like to try to tease it out from a user-story perspective to help evaluate what’s most important, so here’s a thought experiment (not necessarily based on technical reality):

What if we could choose between two options: make transactions instant but only for a tiny network throughput, or make network throughput very large but with very large settlement latency.

In the first case, when the network utilization is low and few people are making PoS purchases, their transaction happen instantly. However, as usage grows in a given time window, suddenly the network throughput can’t handle the load, and now some of the users have instant settlement and others need to wait for the network to catch up. In the other scenario, everyone always has to wait N minutes, but that’s the same even when the whole network has many simultaneous users.

So which is preferrable for PoS? Sometimes instant but unpredictable, or predictable but slow? Let’s assume both cases have identical security guarantees and all other technical details are somehow magically identical.

1 Like

Hi @nathan-at-least,

I’m not technically naive (I’m a software developer and a devops/sysadmin guy for money), so I understand that there are engineering tradeoffs and I understand the question you are asking. But my POV on this is that the only acceptable answer is to pull a Steve Jobs and have both nearly instant transactions and simultaneity for everyone on earth.

As a user, you can’t be standing there at the register waiting for five minutes for a transaction to clear. They call espresso “espresso” because it all happens FAST - brewed fast, served fast, imbibed fast. Espresso cannot wait for a slow payment.

At the same time, as an engineer / developer / purveyor, you can’t offer the world a revolutionary network-driven technology that is the literal re-invention of MONEY, but with the caveat that only a few people can use it at a time. FFS!

So the only proper answer to your question, in my opinion, is that you have to break the paradigm and re-invent the engineering so that the engineering conforms to the constraints of the use-case rather than vice versa. That’s one reason I was massively disappointed when I read through Zooko’s AMA. My opinion may or may not be worth anything, but here it is for good or ill: I think that staying so close to bitcoin core is a giant strategic mistake and I think it’s going to make Zcash fail, where I define “failure” as not fulfilling the potential of literally becoming the global, universal, digital replacement for cash (i.e. anonymous paper currency). If your definition of success is being the next Litecoin, Monero, or _____________ [fill in the blank with your favorite altcoin], then you’ll probably succeed in that sense but still fail from my point of view.

To me, the POS use-case was just an example and only one area in which truly usable, truly private digital cash would literally change the world. In order for Zcash to fulfill its promise at the POS, it has to be able to functionally replace paper cash and credit cards. That means it has to be that fast, that global, and that ubiquitous.

Like I said in my original post, go big. Don’t be held back by the conventions of today. Look at the future and look at what doesn’t work in bitcoin (and all the alt coins) and DON’T DO THAT. From the beginning it has been obvious to me that bitcoin was pure genius but under-engineered for a real global payment system. Bitcoin is a proof of concept. Now it is time to fix what’s wrong and build the real future. Private transactions are half of that. Engineering the ability to support a world’s worth of simultaneous transactions is the other half.

Change the world. GO FOR IT.

Hey pjv: I’ve read your note many times in the 16 days since you initially posted it. :slight_smile: I’ve been busy since our public announcement!

I totally agree that we should focus on user experience, that we should design “top down” — starting from user experiences and then choose the narrative, terminology, protocol, and cryptography to implement that intended user experience.

(Instead of “bottom up” — starting from a protocol and then trying to figure out how to layer a good user experience on top of it. To some degree we’ve already done that bottom-up part, starting from Bitcoin and Zerocash, but now I think we should switch to top-down, as much as possible, for the rest of the process of creation the Zcash-1.0 product.)

One detail about terminology: I’m fairly keen on using “note” instead of “coin” or “bucket” for describing the protocol, as suggested by gojomo, here:

N.B. this is not something that would ever be visible in the UX! The existence of “coins/buckets/notes” is for readers who want to understand the protocol better, not for users.

Point-by-point replies to your suggestions, pjv:

First suggestion”: Yeah, I agree. We’re heading in that direction. I try never to call it an “altcoin”. (On the other hand I’m not going to waste time trying to get other people to stop calling it an altcoin. ;-))

Second suggestion”: No, “Z” is not specific enough. “ZEC” doesn’t mean “coin”, it means “currency”, like GBP, USD, CNY, EUR, etc.

Third suggestion”: I actually do agree that this magnitude matters! Computer geeks think it is fun and cool to use decimals and SI units and crap, but yes, non-computer-geeks really prefer nice small integers. Unfortunately there’s nothing we can do about this at the protocol level. For starters, like you say, there’s no way we can know how valuable the units of ZEC will be in a year or a few years.

But fortunately it can probably be fixed in the user interface, just by displaying the values to the user in a different unit.

Fourth suggestion”: absolutely. Please help us by inspecting the user interfaces (once they exist) and user-visible documentation and help us stamp out “leakage” of the underlying protocol concepts like notes and transactions.

Fifth suggestion”: Very interesting! We’re already working on performance/scalability issues in private, but that work is really just at the “spitballing and trying to decide what our options are” kind of stage at this point, so I haven’t mentioned anything about it publicly. I hope to move that technical work (and everything that we do) from private to public in the coming weeks.


FWIW, from my point of view, total fail.

Zcash, while technically amazing, has been rolled out as just another alt-coin. I have no idea what the future holds, but for now, it’s just another alt.

Woulda, coulda, shoulda…

What would have been interesting / different / revolutionary is if your “release” had been a well-designed, cross-platform, GUI client (ala Jaxx) built on top of the Z-guts, that is easy for regular folks to comprehend and use. In that client there should have been no mention of t-addrs or z-addrs or even any “addresses” per sé (and BTW, t-addrs should be all but invisible except to the geekiest of the geeks who need them for some reason - the z-addr is the entire reason for the existence of Zcash, it should be the automatic default and no client should ever generate a t-addr except by some kind of explicit opt-in or advanced setting), all of which is like exposing the technical details of a transmission to a grandmother whose only worry when buying a new car is what color it is.

As I wrote in the OP:

You could have released a revolution. Instead you released a geeky protocol. Maybe someone builds a revolution on top of it - I can’t predict. But I do believe you guys missed a huge opportunity by not pulling your heads out of the low-level engineering and looking around at what the world needs BIG PICTURE.

1 Like

I too think at the moment it is still deemed a bit geeky. But luckily nheqminer and claymore miners (others are available) being easily installed and working on Windows platform means a person with a bit of interest can be up and mining fairly quickly and that is fantastic. You don’t need to be a Linux wizard to be mining otherwise I think the amount of interest (and number of miners) in Zcash to date would have been quite a bit less.

The wider adoption of ZEC as a currency is I think hindered by issues/bugs with Z addresses and also wallet adoption (for example Jaxx on iOS not having ZEC). It is also very early days (not even 7 weeks since launch) but overall I’m excited at it’s future potential. For me, I think Zcash has a lot of features that long term will make it overtake bitcoin.

Going back to the original post, I agree with a lot of those comments and I’m sure they will be addressed (particularly point 5) as the development team bring out more features etc… Keep up the good work guys & gals!

1 Like

Well, @pjv, I continue to agree with a lot of your ideas about this, but the problem with “You could have released a revolution.” is that it would have taken a lot longer — maybe a year longer — and a lot could go wrong in a year.

In any case, what can we do now to make further steps toward you revolution? Jaxx is indeed a nice UI. I like it! I think the next step is making z-addresses easier to use for end-users and for 3rd-party integrators like Jaxx. What do you think?

1 Like

Ha Ha, @zooko, I’m afraid you are asking me to describe the color red to a blind man.

I wrote my OP in this thread to you guys before you had built much and I was trying to suggest that you architect a system based on the usability of the end product and then go backwards from there to the engineering primitives. Instead, you guys did what engineers always do (and I’m a software engineer by trade), you completely ignored what and who the thing you were building was for and just went off and solved low-level (I mean fundamental, not insignificant) engineering problems from entirely within the existing paradigms.

You built a technically amazing bridge from nowhere to nowhere.

I think it would have taken you a lot longer than an extra year. I think it would have taken a really good team, which would have included all the people you have plus some really good UX folks and most critically, someone who groks the Really Big Picture to architect the overall system, at minimum 2-3 years.

One extra year? The history of human money stretches back for thousands of years and in that time there have been maybe 3 or 4 complete revolutions, (commodity money, precious metals, paper money), each of which made possible an entire new realm of human commerce and thus dramatically changed the course of human cultural history. Crypto currencies are the next step in that progression and the existing ones have three major flaws: lack of reliable privacy, lack of global transactional scalability, and lack of usability by my mother. Fix those things and the revolution is on.

Are you seriously saying that investing an extra year into revolutionizing human culture is too much time to spend? I know that sounds hyperbolic, but it’s not; some single crypto currency is going to really make a change on that level. Will it be Zcash? I think it could have been, but now I am pretty skeptical (though maybe still something built on top of your code).

If you had started with the big picture - not the crypto-engineering challenges, but the revolutionary nature of introducing an anonymous, trustless, decentralized, disintermediated currency - and designed backwards from something that would be usable by 80% of humans instead of .003%, you would have made different decisions in how you solved the lower level engineering problems. Now you are stuck having to bend the user experience to fit the engineering instead of vice versa. Alas.

I get that you are where you are and your job is to move things to a better place from here. Making z-addresses more accessible seems like a good idea to me; like I said, I think that t-addresses should be all but invisible because they are going to be very misleading to most people who will understand Zcash (to whatever degree they do) as “that anonymous bitcoin” and who will assume that any Zcash transaction has a strong privacy guarantee. That should be 100% true for naive users - anyone who doesn’t know what a t-address and a z-address is should not be able to get their hands on anything other than a z-address. But then again, I don’t think they should ever have to understand the concept of an address at all. They should have a wallet that tells them how much Zcash they have and makes it easy for them to send some to someone else without anyone else knowing anything about that transaction. That’s all it should do from the naive user’s point of view. ZcashCo’s first “product” should have been that wallet which should have been available on all major desktop and phone OS’s …which would have also necessitated all the plumbing that you built, but again, you would have built the plumbing differently if you were building it to make that specific wallet possible.


1 Like

Unfortunately, it would have been impossible to fund the project you describe.

1 Like

It’s a good film, but in the absence of a magical Force, size (or amount of engineering effort) does matter, I’m afraid.


Dear @zooko: I’m reviving this in light of your recent blog:

…to throw down an I told you so.

In looking back at what I wrote on this thread, I think it ages pretty well so far.

Coulda, woulda, shoulda…

1 Like

It is impossible for a crypto to become really popular among common folk if there is no safe (encrypted) and user friendly wallet for at least Windows, IOS and Android. I’m develper myself and I’m more or less sure that my computer is virus free. But often I have to install software that I don’t trust, so how can I be sure that my money is safe? I can not trust a wallet from which my money can be stealed by simply copying wallet files! It is unacceptable! The only way I see now is to install separated encrypted VM for the only purpose of using zcash wallet. I understand that you have a lot of other tasks to do. But success and cost of cryptocurrency depends on how much people trust and simpathize it. It is impossible to gain people’s trust with unsafe and ugly wallet, which can not be used for daily needs and transactions by anyone including housewifes.