Why do we pretend like this is a blocker? Have it automatically do it one UTXO at a time, nobody says combine all the transparent UTXOs in a single shielding transaction. The fees are low anyway.
1 Like
Iām not saying it is a blocker, they have already stated itās coming.
zkool rotates taddr on demand
2 Likes
Thanks, I am going to look into that.
@Shawn I appreciate how responsive you are and how welcoming the community has been. I donāt want to be a nuisance, it just strikes me as a very unusual thing to backlog. There are worse privacy issues to letting it stay at this state to be honest. The privacy issue is effectively nullified if you shield the utxos individually. There is really no problem in doing that.
This is now communicated publicly as the highest priority for at least CrossPay, with general t-address rotation also on the roadmap.
I agree that this should have been a launch blocker for CrossPay and swaps, as it basically removes privacy for almost everyone.
Correlation for shielding from multiple t-addresses is an argument, but nothing could be worse than the status quo TBH.
/edit: See the top goals for Q4, both are related to this topic: https://x.com/ElectricCoinCo/status/1984299892756414676
Hereās the smaller thing. Rotating receiving addresses is so basic that ānon-privacyā crypto currencies like, uh, bitcoin, have had it as a normal feature of virtually all wallets for over a decade. There is voluminous prior art.
And hereās the bigger thing. Not everyone who is excited about crypto currencies in general and zcash in particular has a sophisticated enough understanding to parse whatās really happening in the depths of the plumbing. You (whoever is involved in spreading the Zec gospel) are telling them that zcash is built on the most privacy-preserving technology available and that if they use zcash, their transactions will be completely private. But in fact, if they use zashi to receive to a taddr more than one time, their transactions are as trackable and as doxable as ANY OTHER CRYPTO CURRENCY.
It has been that way for as long as there has been a zashi and I posted this topic here almost a year ago asking why. In the mean time those of you who are involved in āmarketingā zcash have continued to promote both zcash and zashi as a privacy preserving alternative to other crypto currencies and that is extremely ethically impaired. Especially when this gaping hole is really very fixable.
2 Likes
Iām not sure I follow your reasoning here. The transactions are trackable up to the moment they get shielded. But as long as they arenāt linked to the shielded transactions, how are they doxed? Isnāt it as if someone else used transparent transactions (for example Binance)?
Hi @hanh
My reasoning is that if people receive to the same ZEC taddr more than once from different source addresses, then those transactions are just as linkable on the public ZEC blockchain as multiple bitcoin transactions to the same BTC address are on the public BTC blockchain.
Well - sure. But the BTC were linked on the bitcoin chain anyway. And the swap is public. Therefore even if you have different transparent addresses on the ZEC side, they are linked.
If you managed to have kept them unlinked on the BTC side, they are different. But thatās quite difficult.
In practice, itās more likely
vs
Are you worried that Zcash/Zashi is the weakest link?
1 Like
I have indeed managed to keep them unlinked on the BTC side and I am sure many others would say the same. It is because we understand the utxo model and it is predictable and it works exactly like youād expect. So yes, we did keep them unlinked on the BTC side and we do believe that ZCash is being the weakest link here, and not living up to their claims. It is annoying that this argument would be brought up. To the point where now I think ZCash privacy claims are not serious. I will hold this coin as long as it is going up in value and then convert back to BTC, as ZCash is not even trying that hard to fix this achilles heel of privacy.
Play with ZK proofs, fun but then drop the ball in basic utxo management. What a terrible look.
It is also disappointing that the devs are being so dense about this. Talking about percentages when doing shielding and stuff. It is all irrelevant, as irrelevant as it can get. Take each UTXO, and on a random looking schedule shield them, or let the user shield them one utxo at a time.
You guys are making a mountain out of a molehill of a challenge.
Take each UTXO, individually shield them or give users the option to do that. It is as simple as that. There is no imagined loss of privacy from that.
But instead youād rather leave the ecosystem at a state where the change from NEAR intents are sent to the same change t-address, along with expecting the funds to arrive to the same t-address first before shielding.
Please get serious about privacy on ZCash, until then this is just a project to have fun with ZK proofs. Academically it may itch a scratch but falls short for real-world usecases.
Until this is fixed, the best I can do is to hold some ZCash until it stops gaining value against BTC, and then dump it all. Because I am sorry but it is not useful at this state. And youāre so close to it being useful that it is painful to watch you struggle grasping what the community has been telling you for what seems to be years.
Sorry, but I think we are talking about totally different scenarios. In my diagram, my entities are intended to represent literal entities that are separate. Like three people or three companies or whatever. I either donāt understand your diagram or I fail to see what it has to do with the scenario I was trying to illustrate.
In my scenario, three separate entities sending value to the same public address has a very, massively different linkage profile than three separate entities sending value to three different, unlinked, one-time-use public addresses.
In my perfect world, there would never have been anything in zcash called a t-address. I invite you to read my first post on this forum from January 2016. Given that we donāt live in that perfect world, all I am trying to say is that forcing all non-shielded transactions to and from the zashi wallet to happen through a single public address that is reused over and over is such a gigantic and unnecessary hole in the privacy model that it really would be a bad joke for something that its developers call a privacy wallet and a privacy currency. Except for the fact that those same people, or people representing the project, are out there on social media proclaiming that zcash is the most private crypto currency available and that zashi is the reference wallet.
Iām here, and have been here since 2016, because privacy is something that I care about and I understand enough about ZK proofs to believe that they could, in fact, be the basis for something amazing privacy-wise. Itās an absolute wonder to me that itās just short of 10 years later and itās still not.
3 Likes
Ok, in this case I suppose they are expected to own three different devices and use three different instances of Zashi. The fact that it doesnāt support separate accounts is another matter. But if we are talking about different people/companies, why would they share the same phone?
As I said earlier, some wallets support taddress rotation and shield UTXO separately. Tbh, I donāt agree with the Zashi devs decision on this either, but they are working on it.
why would they share the same phone?
Thatās the outside view @hanh. As in, it is the illusion that wants to be created. The obfuscation that these are three entities is the illusion that is for privacy. I cannot believe I have to spell this out. It feels like fundamentally you donāt see any reason to have true privacy. It feels as if it is just incompatible with your view of the world. I hope thatās not the case.
As I said earlier, some wallets support taddress rotation and shield UTXO separately. Tbh, I donāt agree with the Zashi devs decision on this either, but they are working on it.
Iād love it if Ywallet supported it too. Or any of the flagship wallets. I think it would take you less than a few hours to get it done. If I were the developer of any of these wallets, that would be my estimation for how long such a task would take (being a developer of other projects before and a software dev for over 20 years). It is notable that this was recommended what appears to be many years ago and yet keep getting backlogged. We keep asking because we want to have the wallet devs realize why we want it. This is exactly why this conversation is going on.
Taddress rotation in ywallet is pretty hard. I had to rewrite it from scratch because the account model permeates the entire app. Zip 316 relates address indexes with diversifiers. Therefore the taddress change also impacts the other receivers. There are also additional complexity regarding synchronization. The good news is that we have now a much cleaner account model that allows any combination of receivers & pools.
Unless something is drastically different about diversified addresses from how deterministic address generation works, you should be able to make some assumptions that may make your life better. Iterative scan of diversified address indexes, and once you get to ~11 empty indexes that received no transactions, you end your search there.
Given a BIP 39
seed_phrase, and an integeraccountin range [0, 231):
Why donāt we walk this range like Bitcoin wallets do? Scan for transactions. Stop when you hit 11 unused ones. Go back and display the first one thatās unused as the next one.
Sure but thatās not what the difficulty is. I donāt want to go into the technical details, roughly speaking it is ok to make a transparent wallet, it is hard to make a shielded wallet, it is even harder to do both.
I think @pjv and you may be talking past each other.
The scenario is where one person (one Zashi wallet) receives from three distinct entities.
e.g. if Alice receives a payment from a KYCād exchange to her t-address AND Alice receives a payment from Bob to the same t-address, then the exchange can see that Alice has received money from Bob. Alice may not want the world to know she gets paid by Bob.
1 Like
It would be most preferable to have both obviously but arenāt these just derivations from a seed? What is the complication? If it is not keeping track of the latest generated/used index, what else is there to it? Iād imagine all the utility functions should already be in place for such a change hence my mention of calling it a relatively quick change.
1 Like