Table of Contents for Engineers introduction to how Zcash works

This is an introduction guide into how Zcash works.

Note: I have no interest in the value of the cryptocurrency. I’m making no judgement on if Zcash is good, will last many years etc. This is purely about how it is implemented. I just think its really interesting how it works.

Its probably worth noting that cryptocurrencies like this may eventually get banned/sanctioned/etc.

What is Zcash

Zcash is a privacy focused blockchain. It is based on bitcoin, and uses UTXO. No smart contracts, just plain old transactions transferring their currency around.

There is a concept of shielded transactions, which means you can send money on Zcash blockchain and the amount, source, destination and memo are not disclosed. This contrasts with Bitcoin, where all of the transaction details (amounts, source, destination etc) are public and not anonymous. With some detective work you can often figure out quite a lot about the source / destination by looking at transactions on Bitcoin.

• Zcash blockchain launched on 28th October 2016. The initial version and phase was called ‘Sprout’. This was designed to start off slow, while the blockchain was growing in popularity. The launch blog post is an interesting read
• Based on Bitcoin. But with privacy. It is a code fork of the bitcoin protocol. As well as the privacy features, it also differs from Bitcoin with its proof of work consensus algorithm.
• The token is ZEC. The smallest value is a zatoshi (similar to a satoshi, the smallest value of BTC).
• Initially it wasn’t premined, and it wasn’t initially funded by an ICO. Initial funding came from investors to start the development. They were rewarded with 10% of the total supply over the first four years (“founder’s reward”)
• Zcash has fast block times - 75 seconds
• Large block sizes - 2mb
• Regular upgrades to the blockchain

Zcash uses zero-knowledge proofs

Zero knowledge proofs (ZKPs) is a way for one party (known as the prover) to prove to another party (known as the verifier) that a statement is true, without giving away any additional information other than the statement is true

It is a new cryptography development. When you use a shielded transaction in Zcash (the types of transaction with privacy - described in more detail below) they are using zk-SNARKs (a non-interactive ZKP)

Types of addresses

Zcash has two types of addresses:

• private addresses (z-addresses). These start with z
• transparent addresses (t-addresses). These start with t.

There are four types of transactions, and it all depends on if the source/destination are Z (private) or T (transparent/public) addresses.

Types of transactions with Zcash

Private (Z-to-Z)

Private where source & destination are private (both t-addresses). Example transaction

These still appear on the public blockchain, but the source address, destination address, transaction amount and memo field are encrypted. This uses zk-SNARKs

Deshielding (Z-to-T)

Where the source is private (z-address), but the destination is public (t-address) Example transaction

Shielding (T-to-Z)

Where the source is public (t-address), but the destination is private (z-address) Example transaction

Public (T-to-T)

Where both source and destination are public (t-addresses) Example transaction

This is very similar to a normal bitcoin transaction, and all of the data is public to see.

Note: As you can see by the 4 types of transactions, not all transactions done on Zcash are private. It is requires more computational power to do transactions with T-addresses (private).

Transactions in depth on Zcash

• Transactions which use t-addresses interact with the “Transparent Value Pool” (TVP). This is public
• Transaction fees go through the TVP (so they are always revealed), but any shielded addresses and values are not revealed.
• When you send ZEC from a wallet, the entire wallet balance must be sent.
• For most transactions this means you’ll want to split up where the balance gets sent to.
  • For example if your balance is 100 ZEC, and you want to pay a friend 20 ZEC, you would have to send the 20 ZEC to your friend and 80 ZEC (the ‘change’) to another address.
  • You can send the remainder (80 ZEC) back to the same address so you do not have to manage multiple wallet addresses.
  • However for privacy reasons this is not ideal.
  • Most ZCash users maintain different addresses for each transaction to make it a little more private (even for t-address transactions).
• When you send ZEC from a shielded address, it is still private if you send the remainder (the ‘change’) back to the same address.
• If ZEC (balance) is held in a transparent address then anyone can see the balance
• If a transparent address sends to a shielded address, anyone can still see what the transparent wallet address balance is/how much was sent (but not where it was sent)
• If a shielded address sends ZEC to another shielded addres, the amount is private. But if it was sent to a transparent address then it (the t-address (receiver)) will deshield the ZEC amount (but not the source, if it came from a shielded address)

Fees on Zcash

• This article is not focused on the financial side of Zcash, but the transaction fees are still important and worth mentioning.
• Zcash aims for low fees.
• Right now 1 ZEC is around $60.
• Fees can be as low as $0.01, but sometimes go up to double digit USD.
• withdrawing from exchanges seems to cost a few cents (source)

Memos

Transactions have a memo field for shielded transactions, which means the sender can add some information to the transaction that only the receiver will be able to decrypt.

Viewing keys & payment disclosure

There are also viewing keys. If you hae a shielded address, then you want to disclose some details about transactions for compliance or auditing. Zcash is aiming to support these so called ‘viewing keys’ to reveal these transaction details (but not yet supported)

There is also an experimental feature called ‘payment disclosure’ - The sender or receiver of a transaction also has the option to expose details about a transaction to a third party (which may be needed for compliance or auditing)o

Multisignature transactions in Zcash

Multisignature transactions are supported. You can have a transaction that will only transfer the funds if two or more agreed parties sign the transaction. Multisig transactions are transparent (not private), but they say in the future it will work with shielded addresses too.

Mining

• New ZEC coins are mined in a similar way as they are on Bitcoin.
• Uses a different proof of work algorithm than Bitcoin - based on Equihash

Whitepapers and specs

• ZCash protocol specifications can be found at https://github.com/zcash/zips/blob/main/protocol/protocol.pdf

Zcash company

Again this isn’t about the tech, but interesting to note…

Zooko Wilcox went live with the Zcash company in Jan 2016. Back at the start it took $3 million in investment to build it up. Since then it has grown massively and is one of the key blockchains out there.

Further reading

• Reddit: https://www.reddit.com/r/zec/
• Anatomy of zcash transactions https://z.cash/blog/anatomy-of-zcash.html

Spotted a typo or have a suggestion to make this crypto dev article better? Please let me know!