“The tech behind Zcash is novel in the sense that we’re trying to work with the best of both worlds,” Zcash Director of Communications and design Paige Peterson tells Crypto Insider. “Breakthrough cryptography integrated into a fork of Bitcoin and smooth integration with services already accustomed to working with Bitcoin.”
Zcash, which trades as ‘ZEC’ on digital currency exchanges, is a distributed and open-source cryptocurrency developed and released by a private company, the ZeroCoin Electric Coin Company. Like Bitcoin, only 21 million ZEC will be generated.
In Zcash, payments are handled on a public blockchain. Sender, recipient and amount of a transaction can remain private in an added layer. Zcash has two types of addresses: transparent and shielded. Transparent addresses (t-addrs for short) have the same properties as Bitcoin addresses, and transactions sent between two transparent addresses reveal sender, receiver and amount in the blockchain.
“Because t-addrs have familiar properties, it’s quite simple for existing cryptocurrency exchanges and other services to integrate them,” according to Ms. Peterson. “So that’s what we’re seeing first.”
Shielded (read: private) addresses (z-addrs for short) utilize zk-SNARKs for encrypting that data (plus a memo field) and have a completely different set of properties – some of these properties are limiting (such as a current lack of multisig functionality) while others are expansive.
“The fact that payments between z-addrs are encrypted inherently allows users to re-use addresses for multiple payments and send change back to the original address without the fear of an observer of the blockchain to build a profile around them,” says Peterson.
Compared to ring signatures and mixing protocols which obfuscate coins using a subset group of potential addresses, shielded ZEC are indistinguishable and therefore offer an obfuscation set relative to all shielded ZEC in the system.
“If everyone moved their ZEC into shielded addresses, transaction graph analysis would be completely ineffective,” says Ms. Peterson. “It is our hope that this will one day become reality but until then, transparent addresses offer a bridge into Zcash for third-party integration and the like.”
One might compare using t-addrs and z-addrs to how Tor interacts with non-Tor websites. “Tor facilitates going into and back out of their network which allows users to visit websites that aren’t Onion Services,” says Ms. Peterson. “For privacy’s sake, the ideal would be for all websites to be hosted as Onion services and for all Internet users to run a Tor node so there is no non-Tor traffic rendering network graph analysis ineffective. Until that day comes, however, using Tor as a tool to obfuscate network traffic coming from and returning to the non-Tor Internet is a valuable step.”
Zcash’s proof-of-work scheme
BLAKE2 is a component of Equihash, Z-cash’s proof of work scheme. It is also a part of the OpenSSL toolkit and popular cryptographic libraries. Variations of BLAKE2 allow for efficient verification in Equihash. Bram Cohen, inventor of BitTorrent, based his research on Merkle Sets on BLAKE2.
“Equihash PoW verification via the BLAKE2 algorithm could mean Interoperability and trustless atomic swaps between PoW blockchains,” BLAKE2 developer Jean-Philippe Aumasson tells Crypto Insider.
There is currently an effort to integrate BLAKE2 into Ethereum. Equihash could be used in any cryptocurrency, including Bitcoin, say the developers. BLAKE2’s predecessor was BLAKE, a candidate in the SHA-3 competition, BLAKE was a finalist but did not win. Keccak won and became SHA-3.
“We designed BLAKE2 after the SHA-3 competition, motivated to create a hash algorithm better suited to users’ needs that SHA-3,” says Mr. Aumasson. “And today, four years later, BLAKE2 is more popular than SHA-3.”
The main thing the developer did to make BLAKE2 better for user’s needs than SHA3 was to make it faster than SHA3 – one reason why people want to add it into Ethereum. It costs less Ethereum gas to use BLAKE2 than SHA3 for an Ethereum contract to hash something.
The team recently designed a variant of BLAKE2, called BLAKE2X, which can support more use cases than the original BLAKE2. Whereas BLAKE2 can produce hash values of length up to 512 bits, BLAKE2X can produce hash values of arbitrary length, such as 1024 bits, 1 megabyte, et cetera. Thanks to this new feature, BLAKE2X can be used as a pseudo-random generator (PRNG), as a key derivation algorithm (KDF), or within modern signature schemes, such as Ed521.
Speed is the main reason why people choose to use BLAKE2 rather than SHA-3 or SHA-2. “In fact, BLAKE2 is often faster than the legacy standards MD5 and SHA-1,” says Mr. Aumasson. “Switching from these to BLAKE2 therefore provides both faster and more secure hashing.”
BLAKE2 can be seen as the combination of two main components. “Its core algorithm, which keeps the CPU busy, and the mode of operation, which specifies the inputs to the core algorithm, and how its outputs are combined,” elucidates Mr. Aumasson. “There is a mathematical proof that the mode of operation is secure. Core algorithms, however, are much harder to prove secure mathematically, because of the way they are designed.”
BLAKE2’s core algorithm is trusted because it’s derived from the widely trusted core algorithm of the ChaCha stream cipher, a TLS 1.3 standard. Stream ciphers often used for their speed and simplicity of implementation in hardware, and in applications where plaintext comes in quantities of unknowable length like a secure wireless connection.
“It’s been reviewed and analyzed by top crypto-analysts since 2008, who never found any security issue or imperfection,” says Mr. Aumasson
Zcash currently sits just shy of an $80,000,000 market cap at USD $68 per token.
Image from Pixabay.