What made me change my mind about Zcash

nullius · July 11, 2022, 4:03am

Why I chose Zcash

That is an excellent question. I recently addressed that in something that I wrote before this post:

To that, I will add a quotation of something that I recently wrote to a correspondent. (Much of my personal activity consists in nonpublic correspondence.)

nullius:

What has kept me with Zcash: It is the only coin that I feel comfortable using. I love Bitcoin, but I can’t stand the “how do I make this private?” problem. (I was impatiently awaiting Zerocoin for Bitcoin since 2013, so…) I eventually tried Monero, after they had improved far beyond the state that Monerolink exploited; I churned like crazy, and I exercised careful coin control to avoid merges that I guessed could be probabilistically linked, long before CipherTrace showed up. What a hassle! What a worry! I took one look at some outright scams (DASH, etc.) and ran like hell.

With Zcash fully shielded, I don’t even need to think about mixing, churning, coin merge, coin control, or the potential for future attacks. I have sufficient technical expertise to understand these issues. I know Schneier’s aphorism: Attacks only improve. Zcash is a pleasure to use. To me, Zcash means peace of mind. With zero knowledge proof privacy, I just don’t worry about what I am irrevocably, indelibly leaking onto the blockchain forever and forever. (Do people even pause to think about that!?) For any other coin to give me similar peace of mind, it essentially needs to imitate Zcash.

As for what you say, @particlmike33: I had the same concerns about the “trusted setup”. I put up with it, because I know that no technology is perfect in Version 1. I frankly hated the trusted setup—but I knew that the Zcash team hated it, too. Well, they spent years labouring to get rid of it!

Although Zcash versioning worked out a bit differently, I think of it this way:

v1 tech: Sprout. Buggy and painful to use. A Sprout send took me multiple minutes on my old hardware, plus of course, gigabytes of RAM usage.
v2 tech: Sapling. Bugs fixed, orders of magnitude more efficient—but still stuck with the trusted setup. Suitable to start a push for wider adoption, but not yet really mature.
v3 tech: Orchard. With Halo2, no trusted setup! I officially consider the technology to have reached initial maturity. Ready for mass-adoption!

You know the old saying in technology about how v1 is for early adopters, and nothing is ever really “ready” until v3.

I observe that early Bitcoin was not what Bitcoin is today. It was revolutionary, but buggy and unpolished as you would expect from a lone inventor pursuing an impossible dream. In other venues, amongst Bitcoin maximalists, I have frankly stated my opinion that Bitcoin was not “ready” until Segwit fixed transaction malleability (a design-level security flaw!) and a bunch of other problems.

For similar reasons, I tried Monero after some of their major upgrades in the 2017–2018 timeframe. See above. With Monero, I was constantly examining my coins, my mixes, etc. in the CLI wallet. Churining, exercising coin control.

I never bought the argument about XMR allegedly having a “bigger anonymity set”, because Monero leaks information onto the blockchain. Of what use is a larger total set of privacy-tech users, if the privacy tech may eventually fail to prevent the users from being distinguished from each other?

As the security aphorism goes, attacks only improve. I just can’t stomach having my financial activity spread all over a blockchain—forever and forever, with no way to erase it. So what if it’s covered up and obfuscated with decoys? So what if the signal is mixed with some noise? I want for the signal to be absent altogether!

Early Zcash had only small usage of the shielded pools—but within the shielded pools, my usage was completely indistinguishable from everyone else’s. Zcash does not leak information (at least, not on the blockchain level; network-layer privacy still needs improvement to prevent, e.g., spies potentially linking your txids by observing them originating from the same source). Zero knowledge means zero knowledge. Few people get that—too few, unfortunately. I understood the power of that, from before Zcash even existed.

On the other hand…

Why I fear for the future

@steve.b, I notice that “privacy” is not listed or discussed in any of your three bullet-points.

I am the opposite. The news of the POS switch was the major impetus that pushed me to come out of the woodwork, when I had faded back so much into the long tail of anonymous users that I didn’t even hear about it until too recently. POS “rich get richer” financial manipulation is a strong negative for me, a hard-no, potentially a dealbraker—especially after the miserable hands-on experiences that I have had with other POS coins. I am trying to exit POS. I only haven’t yet much talked about it, because I am not yet sure what to do… sigh.

Given my personal years-long dependency on ZEC, which I reasonably presumed would stay as-is in its major economic characteristics, I have been upset and afraid about this.

May I ask why, when there are at least a score of POS chains plus thousands of POS-based tokens, you came to Zcash evidently quite recently—for reason of a potential future switch to POS? If this is such an important factor that you list it as your primary reason—it seems incomprehensible to me.

I strongly object to that. It is baseless FUD propaganda no different in spirit than, “Bitcoin will be globally delisted and banned if it gets strong privacy,” or, “Zcash will never gain mass social acceptance because it has scary, scary untraceable transactions!”

I trust Bitcoin because I know that it will never sell out its security, its decentralization, and its honest economics to chase fads, or to line the pockets of fat-cat VCs, DPOS companies, and other financial manipulators.

I observe that out of exactly 172 words in your post, 143 words (83%) are about POS—123 words (73%) are an attack on Bitcoin, anti-Bitcoin talking points that I have seen in many places, not about Zcash at all—and exactly 0 words (0%) are about privacy.