"This technology can do for cooperation what the Internet did for communication two decades ago."
Huh? Why? How? It's an altcoin with more anonymity than Bitcoin. That's nice, but no big deal.
I went to hear Tromer's talk on the theory behind Zcash at Stanford last Wednesday.[1] There were a lot of very strong claims and a lot of hand-waving. I'm not an expert in that area, but the claims were awfully strong and the presentation didn't back them up sufficiently. Here's his key paper.[2] He claims, at least, to have developed a new way to generate cryptographically strong hash functions. See section 1.1 of that paper. That's a hard problem. Of the existing crypto-grade hash functions, Snefru, MD2 (128-bit), MD4, MD5, RIPEMD, HAVAL-128, and SHA-0 have all been broken, and SHA-1 is looking weak. Solving that problem alone would be a noteworthy achievement. So where's Tromer's proposed hash function, evaluated by the crypto community?
On the financial front, the insiders take a 20% rakeoff of new Zcash coins for the first four years. That's a huge cut for a financial product. The investors include Roger Ver, the convicted felon who publicly said Mt. Gox was sound. What could possibly go wrong?
The presentations motivation and conclusions are indeed very high level. The body of the presentation presented several different applications, including Zcash and several applications of Proof-Carrying Data (the extensions of SNARKs), to exemplify this. Unfortunately not could be described in detail, but they all have corresponding technical detailed papers (see http://www.cs.tau.ac.il/~tromer/publications.html).
Regarding the conclusion, patcon's interpretation is accurate, and more generally: There are numerous situation where parties cannot cooperate due to mistrust, and modern cryptography, SNARK included, allows them to use digital cryptographic schemes instread of certifications, accountants etc.
About the hash functions: collision resistance is discussed in the paper, but note that such algebraic/combinatoric/geometric hash functions are a totally different animal from SHA etc. The latter are much more efficient, but completely heuristic, whereas the former often have security proofs that relate them to well-established computational hardness assumptions.
Haven't read it, but since that quote totally rings true to me, I'll step up to the plate: I think they're trying to channel the idea that blockchains are to "agreements" what the internet was to "communications", particularly in terms of democratization.
The internet used to provide low-barrier super-human communication abilities, but only in very limited contexts -- possibly beside a giant mainframe, and only able to talk with other giant mainframes. Now that we have instant comms in our pockets and on our wrists all the time, the effects are pretty expansive. Blockchains are not yet ubiquitous, but when they are (in every device and underlying many services we use), every person will have the infrastructure to create and maintain complex agreements for near-zero costs. (Financial agreements and otherwise.) This will be pretty transformative.
I assume ZCash is acknowledging that privacy is a critical piece of that transformation in organizational structure for society. Kinda like how ubiquitous communications are almost pointless without the possibility of E2E encryption.
But this is a lot of speculation given that I haven't read the linked article ;)
> Blockchains are not yet ubiquitous, but when they are (in every device and underlying many services we use), every person will have the infrastructure to create and maintain complex agreements for near-zero costs. (Financial agreements and otherwise.) This will be pretty transformative.
Sorry, but this is wishful thinking. The simple question about how you can enforce agreements running in blockchains can't be answered. In the real world you have the military or police force while in the blockchain itself you are pretty limited. On the other hand external oracles are the weakest part of the blockchain system. If they are hacked you hacked the agreements.
I think the blockchain/cryptocurrency/smart-contracts/app-coin scene is really exciting but the connection with the real world is problematic, more when the financial institutions are enforcing AML/KYC/etc
> The simple question about how you can enforce agreements running in blockchains can't be answered.
Check out https://www.augur.net/ for an attempt at answering that question. They crowdsource the outcomes of the various bets from people holding REP tokens. REP holders have a financial incentive to act honestly to increase or maintain the value of their REP.
Augur doesn't answer my original concern. If you have a smart contract between, for example, two companies, that information is private and it doesn't work like a popular baseball game. If one company doesn't follow the contract you need to solve the problem in the real world.
Also, we don't know yet how public blockchains (where Augur runs) work with State or powerful actor attacks, when the incentives are not purely financial.
One way you could solve the problem in the real world is track down the delinquent counterparty to the contract, drag them into an expensive legal system, subject them to the costs thereof, levy a penalty on them, hope that they pay it, in the even that they do not or cannot, seize their assets, in the event that they have none or you cannot, punish them with prison, in the event that they resist, kill them.
Sure, that's the traditionally accepted way to go about solving the problem in the real world. But there are many other ways to solve the same problems that we're all intimately familiar with by now based around reputation systems. When it becomes public that a counterparty to a contract has engaged in delinquency, they suffer a reputational hit. If their reputation has value (and there is nothing about pseudonymous entities that mean that they cannot accrue reputational value, rating systems work on darknet markets quite well and have since their inception), and the amount of damage to their reputation is higher cost than making good on the contract, then they will make good on the contract (and even if they can't, you've punished their delinquency by damaging their reputation, instead of dragging them through an expensive inefficient corrupt legal system involving violence as the final sanction).
All sharing economy and peer to peer systems that currently exist work on systems of this kind, and cryptocurrencies to the extent that reputations are valued and contracts made similarly so, and this will only become more prevalent as time goes by.
Reputation doesn't work in problems with a lot of money/power at stake. You can easily hack the system behaving like a good citizen for a long time until you consume all your reputation in a big transaction. Not only that, reputation is a hard problem if you are a newcomer.
That's why many people say "Everything is an exit scam in waiting". Even your legitimate meatspace bank will cheat if it thinks the economics make sense.
You could use transparency to tell how much a given escrow agent is holding and don't use them if it approaches the value of their reputation. And/or use a system where they don't hold the funds, they merely choose to unlock a transaction to pay to A or B.
Nothing works if the payoff for defection outweighs the costs of enforcement, that's why we have wars, crime, and all of the other things that the old fashion legal and diplomatic systems of the nations of the world have to deal with. However, conflicts of this type are rare compared to the very standard ones that are quite capable of being handled by reputation systems, escrow, etc. They solve these ordinary problems more efficiently, quickly, and at a lower cost.
That should be embraced and noted, and where appropriate migrated to, not pushed aside because there is a rapidly decreasing class of problems not suited to resolution with this model.
You don't make loans to people unless you have evidence that they can and will pay it back. BTCJam for example has reputation scores, and people actually say what they intend to use the money for.
The default rate on BTCJam, which was one of the first loan services is 10%, this doesn't compare well with mainstream rates however, Bitlendingclub is supposedly one third of that, which compares favourably to mainstream rates https://fred.stlouisfed.org/series/DRCLACBS
> It's an altcoin with more anonymity than Bitcoin. That's nice, but no big deal.
From a product value perspective, that's a pretty big deal for the illegal commerce side of the Bitcoin market. Which I would guess is some double-digit share of Bitcoin (currently $11B). That use alone could make Z-cash a billion dollar product.
As a side effect, that could increase the proportion of Bitcoin transactions that are legal, which might have some nice legitimizing effects on the brand.
I agree but no need to drag Roger Ver into this, afaik he was in the dark as much as most of the people who had bitcoins left in mtgox back then. Didn't he also lose some coins there?
Here is a sweet little block explorer tweeted by Zooko (although it gets the hash rate value completely wrong and unit wrong too--It's Sol/s not H/s and it's about 400 Sol/s right now):
https://explorer.zcha.in/ Edit: it gets this info from zcash itself (zcash-cli getmininginfo) which is probably buggy and doesn't compute the network's speed correctly.
My Equihash PoW solver silentarmy gets 45 Sol/s on an R9 Nano, so there seems to be only about 10 GPUs mining worldwide, 65 minutes after the launch of Zcash :)
Edit: oops scratch everything I said. I forgot difficulty 1 was redefined for the mainnet. In testnet difficulty 1 was defined as:
genesis.nBits = 0x200f0f0f;
So you needed the 32-byte SHA256 hash to be less than 0x0f0f0f00_00000000_00000000_... But with the mainnet it was redefined as:
genesis.nBits = 0x1f07ffff;
This value is 0x0007ffff_00000000_00000000_... so only 1 in 8192 random hashes is less than this. So the network's speed seems to be around 130,000 Sol/s. So that's already 3-4k GPUs mining. Ouch.
> Zcash is a technology, and like any technology it has multiple uses. I suspect that many of the best applications of this technology haven't been conceived of yet.
> 10% pre-mine to founders
This smells super fishy. Altogether, I've yet to see anything to do with cryptocurrencies be useful. Nothing but scams, hiding illegal activities, and hopeless optimism so far.
A lot of the replies here demonstrate a significant amount of ignorance about just how hard it is to pay for things outside of the US. It's not too bad in Canada and Europe, but once you have an address and credit card in a small developing nation, you have substantially limited payment options. With my Panama credit card (which is a premium card) I can't buy from most places outside of Amazon.com. PayPal fortunately accepts my card, so I shop anywhere PayPal is accepted online.
Interesting. I usually found the reverse to be true - i.e. my Russian credit cards worked just fine in New Zealand, Canada and US, but my Canadian and US cards are usually rejected by Russian online stores.
Panama is a bit of a special case as it's considered to be a fiscal paradise by most countries. I have a card from Malaysia (which is a developing nation albeit relatively rich compared to its neighbours) and I can use it pretty much anywhere.
The only issue I really sometimes have is that my bank will sometimes block transactions which they find suspicious and call me to confirm that it was me who did the transaction. That card does support 3d secure though so usually if the merchant supports 3d secure then the card works perfectly and has no issues.
I think it has less to do with fiscal paradise, since that's probably not overly correlated with fraud, but rather the fact that it's a country of 3.5 million people. That means there's little to no incentive to support transactions from Panama - so it tends to be blocked by default along with most other countries you're not likely to get sales from.
I love paying with bitcoin, even when other methods are available. It's just so easy, and just knowing no stupid bank can stop the payment or freeze your balance feels like freedom.
If you see "nothing but scams", it only tells me you live in a strange bubble. There are tons of legitimate businesses that use bitcoin daily. There are some that use litecoin, and even dogecoin.
As a consumer spending money from a checking account or credit card, the only reasons a bank would stop a payment or freeze a balance are because they suspect fraud or illegal activity. In the first case, it's a service they are providing you - peace of mind as a result of extensive fraud protection measures. In the second case - then mostly_harmless is correct. If the only benefit of bitcoin is "no fraud protection and the freedom to use for illegal transactions" how is mostly_harmless wrong?
I've had a number of transactions blocked because my bank must've suspected fraud. I can count on zero hands the number of times it wasn't actually a transaction I wanted to go through. It's pretty awkward when I'm in the checkout line trying to pay for something or if it means some order gets delayed. I'm really thankful I have multiple credit cards which don't seem to all use the same fraud protection algorithms so I usually can just cycle to the next card, but it makes me a little uncomfortable that my solution is essentially just trusting the next service doesn't fuck up.
>In the first case, it's a service they are providing you
I like knowing that I have some money that I control myself, not through some service I have to worry about locking me out at inopportune times, though I admit it's mostly an ideological position than an economic one.
Same. Every single time my bank has killed my card for "suspected fraudulent use", it's been legitimate. The one time I was actually hit by a fraudulent use, they didn't even notice and I had to catch it myself and notify them. Even normal things like buying gas often get my card shut down and I have to call them and go through a long verification process to get access to my money again.
Strange - no one in the game has any interest in you not conducting your business.
Note that in cryptocurrency, there is no bank to call when your crypto "coins" are gone. Then it's gone harder than anything else that ever went, ever:
- you can't explain to your family or friends what happened
- law enforcement will hardly consider it a crime and in any case can't do anything about it
- the community will berate you for not watching out better for yourself and somehow call your loss "a good thing"
- if it's anything like Ethereum's DAO hack the fraud will not even be considered any wrongdoing at all
- everyone in the game has already made their money by pre-mining or getting in early and nobody has your interest in mind
Either way, this confirms my point - Your cryptomoney is GONE and no one would even acknowledge ANY wrongdoing whatsoever. Hilariously you losing money is absolutely part of the pseudo-libertarian crypto worldview and not worrying anybody. But at the same time crypto currencies should replace real money?
"DAO-Hacker just executed code as intended". "Of course you lose your money if a) your PC is hacked (easy) b) the wallet software is in beta (always is) c) your coins are not in a cold wallet (complicated) d) you are using the 3rd party providers/exchanges (which are hyped by the community) e) your password is weak etc. etc."
I'm having a laugh but then again I haven't lost any money in this.
That's no more appropriate for every transaction than TCP is for every packet.
If you want that service, buy it. Transfer your crypto-backed currency with a "trusted" party who will rollback certain transactions. Do this with a well-capitalized service in a country you can sue them in.
But as we've seen with Paypal (and now Upwork), etc, that can be just as disastrous. They're un-sueable because of their size, and have draconian and arbitrary policies. Many people have had money confiscated or indefinitely frozen because of this misplaced trust.
Having a transaction occasionally declined is a small price to pay for the amazing benefit of having zero liability for fraud. If someone steals your credit card and goes on a shopping spree, you can call up your credit card company and five minutes later any fraudulent charges are reversed. With Bitcoin that money would be gone forever.
On the other hand, it's much easier to protect your Bitcoin keys than your credit card number. Credit cards basically require you to share your password with anyone you want to buy from, which is a pretty ridiculous security model.
If you really want to get paranoid, you can buy something like a Trezor[0] or other hardware wallet. I'm pretty sure it would cost more than my net worth for someone to figure out how to compromise it, given the lengths[1] they've gone to to secure it. There's no equivalent option for credit cards.
One reason PayPal is so popular is that it means you don't have to give our your card number to merchants. Hopefully more online merchants will also accept Apple Pay which has the same benefit.
I've had both experiences. A few where somehow my card got leaked and other times I had to authorize a charge via a text message (which of course I did not notice until after I had decided to use a different card to replace the "declined" one.
" I'm really thankful I have multiple credit cards which don't seem to all use the same fraud protection algorithms so I usually can just cycle to the next card"
That's actually a great observation that might fit into security advice on this issue somehow. Keep track of which banks freak out about which things. Get cards from more diverse-thinking ones. Reduce odds of unnecessary freezes or rejections. Now how to do the assessment itself...
> peace of mind as a result of extensive fraud protection measures
I don't want "peace of mind". I (a Canadian) want to be able to buy something online from a US supplier and have it shipped to me in Thailand. This is just not possible with any kind of chargeback-enabling payment method.
Just because you haven't been in a situation where the "fraud protection" is impacting your life (or your sales) doesn't mean those situations don't come up for others.
Perhaps I am naive. My understanding is that in general, debit cards do not enable charge backs. Further, I've never had a fraud alert on my card (even when traveling internationally) that I couldn't resolve with a phone call to the bank. Does a debit card not solve your problem?
It's not the bank that's blocking me, it's the merchant. Since merchants are the ones on the hook for card-not-present fraud, they refuse to ship items anywhere but the address registered with the credit card.
I don't know which debit cards you're referring to but I'm almost 100% sure that the cardholders are not liable for fraud. Meaning someone else along the chain is liable and is monitoring/blocking transactions to reduce that liability.
For a very large number of people, these aren't "extremely niche use cases."
Something more comparable to Bitcoin than regular banking would be Western Union; they make 5 billion dollars a year in revenue transferring money. And they charge vastly higher rates than the Bitcoin network does, charging in the 5-10% range for for transactions, which is a pretty hefty overhead.
Not the same since it's on the mining, not the transactions, but here we have the founders taking 20% of the value of the network for the first four years. That's a decent overhead, too.
This is not "niche." Every person living outside of the states has this problem. Next time you need something even remotely specific or customized, head on over to amazon.ca and see if you can find the item you're looking for. Then when you can't, think of other countries that aren't directly beside the most consumer friendly country on earth.
Cross border electronic payments are a pain because many US companies won't ship internationally because merchants are the ones that are liable in cases of fraud.
> I don't want "peace of mind". I (a Canadian) want to be able to buy something online from a US supplier and have it shipped to me in Thailand.
So does anyone else with access to your information. How sure are you that your account info is absolutely secure enough to prevent that AND will remain so for the lifetime of your use of a specific cryptocurrency?
> How sure are you that your account info is absolutely secure enough to prevent that AND will remain so for the lifetime of your use of a specific cryptocurrency?
I'm not, and it's irrelevant because I only have a tiny fraction of my net worth in easily-accessible Bitcoin at any given time.
I'm not advocating replacing bank accounts with Bitcoin, I'm just showing that Bitcoin does solve real problems that traditional payment processors cannot or will not solve.
My bank prevented me from making a purchase at Ikea last weekend because it incorrectly identified the purchase as "fraud." Since it was Saturday I couldn't resolve that day and had to return on Monday to complete the purchase... which meant tremendous inconvenience as I still haven't had time to assemble all that stuff.
Even if a bank has the right intention, poor implementation can be a huge headache.
Strange - my bank immediately calls me in such situations and asks me if the transaction was correct, immediately restoring the card if so. They've even started e-mailing recently.
Fraud protection doesn't necessarily protect you -- there was a campaign to fund the open source drivers Nouveau and in the developer's bank account balance was frozen because there was a large volume of international deposits. It's difficult to see how this protects the consumer from fraud, but fairly easy to see how it protects the bank.
Privacy. No need for any transaction details to be given to my bank. Just use BTC to buy cash, exchange for prepaid cards, for instance. (Or direct BTC->cards.)
Since it's hard to use BTC anonymously, Z Cash allows nice insertions of hard privacy points.
A person I met a few years ago told me rather proudly that he refuses to use banks because the courts can use the money in his account to pay his child support when he doesn't want to.
This is probably a huge market given the number of those people I have run into in small towns. Another is tax BS with the IRS where they try to garnish but person can't afford a lawyer to show it's bogus. They seem to have trouble doing it with things other than regular, bank accounts. People getting payed on cards often have no trouble.
Most if not all successful cryptocurrencies, like BitCoin, are only premied a genesis block, a few block for confirmation and then maybe a few days of beta release.
10% is hilariously greed and maybe fit "nothing but scams"
Oh come on, the early bitcoin adopters got WAY more than 10%. The first bitcoin transaction was 10,000 BTC for a pizza. That should tell you how easy it was to mine bitcoin when it first came out.
I agree. Even if you don't pre-mine, the random early adopters will be getting an "unfair" share. I'd rather it went to the founders than random users.
Eh, more cypherphreaks and cypherpunks. Not academics, and definitely not the sort of people at banks who'd call themselves "experienced cryptographers."
That's the point. The people complaining about "premining" want to be early adopters and take that 10% for themselves (even though it probably doesn't work any more due to the maturity of the cryptocurrency ecosystem). As if reading forums obsessively and firing up your GPU at the right time is more deserving than writing the code in the first place.
Bitcoin wouldn't've been possible without transactions like that. The future of Bitcoin was as uncertain as any startup, and it wasn't until that pizza transaction that people started paying attention.
I was about to argue that I found cryptocurrency tremendously useful when I wanted to shift a largish volume of money from HK to the USA without messing around with banks and immigration, and then I realized that probably fell a bit under "illegal activities."
Why does everyone assume the end state of a successful cryptocurrency is replacing all other currency? This won't even replace bitcoin, let alone the dollar.
Because the second most important thing that to a currency is network effects. If it doesn't 100% replace my credit card, I still need a credit card, which so far works MUCH better for me than Bitcoin.
Embarrassing that they can announce that without a hint of shame. Despite that, I'm betting they'll still find people looking to get in on the pump and dump
People and businesses in countries like Venezuela, where the native currency is volatile and under strict government control, use cryptocurrencies. They're more stable (not as stable as USD/EUR though) and easier to transact (particularly cross-currency).
I just don't understand why people can't be honest and say "this is great for mail order drugs, guns and kiddie porn, which I enjoy." I really do hate cryptocurremcies because of their ludicrous waste of fossil fuels, and because so many arguments smell of the above.
> I really do hate cryptocurremcies because of their ludicrous waste of fossil fuels
It'll never be economical to mine cryptos with fossil fuels in the long term. Commercial mining will end up concentrated in Iceland etc. where the electricity is both cheap and difficult to export.
Short term, yes, unfortunately they're using fossil fuels but only because of Chinese capital controls that effectively subsidize Chinese miners.
In a world of bitcoin any address could be anyone, but as addresses are shared (or posted on someones public website) knowledge is revealed about who they are. You can, thanks to how bitcoin works, track all the transactions they do and who they send it to. You may know somehow who the other side of the transactions are (or find out in the future, since the blockchain is forever).
This isn't how cash works, which is the real "money" in our system. At some point (even if on credit) cash is transferred for stuff. I don't want people to know which places I have a news subscription for. I don't want them to know who I donate to just from the blockchain. I have a choice to want them to know that. This is a practical problem because that means either I need to use shady services to hide these facts for normal purposes. That, or never use them except in a few cases where I don't care people know (but I also might regret that).
I think from a practical perspective, this makes bitcoin really hard to use. How do you make transactions that aren't easily traced to you by literally anyone? Answer: it's hard and possibly won't work completely.
This part seems to be the major problem zcash solves from what I can tell. Delivering on the promise of true anonymity which Bitcoin currently lacks. I see the appeal to current Bitcoin users, but outside of that group, can't see the appeal in a broad "general consumer" sense.
zcash seems like a company addressing a small problem (true anonymity) in the broader context of issues cryptocurrency faces (ubiquity, liquidity, ease of transacting, fraud prevention). Creating an entirely new currency which has to retread the efforts of building out the ecosystem to support that currency is a huge mountain to climb.
According to Matthew Green, they tried for years to get this (or one of the earlier versions) into Bitcoin and Bitcoin weren't having it. Their options were to make an entirely new coin, with the problems you point out, or to let the crypto they had developed die.
That's simply not true. I was actually hired as a consultant by Green, and he did hardly anything with that contract. I know of no proposal actually made to any Bitcoin devs for inclusion, and in any case, it took a long time to improve the tech to the point where resource requirements were low enough for either Zerocoin or Zerocash to be viable in any currency.
> I went and dug up where I had read Green talk about this and it turns out it was in a conversation with you.
Ha!
> It seems you and him disagree, he says ZCash couldn't/wouldn't have happened in Bitcoin and you say it could.
Yeah, I'm just surprised he feels so strongly about that, given how little I remember him actually doing along those lines. Like I said, I actually was hired by him on a monthly retainer to do consulting... and he did almost nothing at all with that contract. :(
> Is your blog post about this still coming?
Yes, although holy fuck I have a lot on the todo list. :( I also need to writeup my part of the trusted setup ceremony too.
And a blog post on that isn't paid work, so doesn't get as high priority as paying rent. :)
I can see the tension there. In a certain sense it's a shame to see good crypto languish.
It's also highlights why I feel the concept of a "decentralized" currency is essentially impossible. Someone always controls some facet of it, be it features of the currency, supply, restrictions, or value.
In the case of cryptocurrencies, the authors of the protocol and governance put in place to maintain it are the central authority. For zcash, the central bitcoin authority (whoever you referenced as 'Bitcoin') wouldn't/couldn't integrate features they wanted so they rolled their own currency of which now THEY are the central authority.
Very true, but at least it's open source and can be used in other future coins. I never will claim to be a crypto, currency, or econ expert, but I think it's safe to claim it's still very early days for cryptocurrencies.
You cash out because cash has this property. And, at least in the US, you never need to subject your self to daily currency fluctuations to go about your business. IF a crypocurrency is going to be used it needs to be able to be used as is on it's own just as easily as US Dollars are used now.
Does any cryptocurrency have banking infrastructure?
If you're counting "people who hold on to your money and promise to probably give it back", I'm pretty sure you can find some of those in most countries.
I could see one problem it could solve: donating to organizations that governments find "undesirable", like say Wikileaks, Manning/Snowden defense fund, or even the EFF, and then would take secret (or even more direct ones) actions against me (IRS audit, no-fly list, etc).
imho, it's important because a cashless economy is coming. And with how we've built everything up to now, a society running a cashless economy is ripe for dystopic control if the wrong person gets the reigns.
These technologies are about resilience in the face of rare but probable hiccups in social order. It's long-term investment and not about a killer feature that a single individual might crave :)
games, gambling, sexual things, anything that is in a gray market. many traditional payment services and hosting providers prohibit you from hosting sites with those. and some endusers who wish to spend money on things like gambling sites would like to do so anonymously, or have a payment option which is safer than handing strangers your credit card info and blindly trusting them.
Is this the one that forked off BitCoin due to differences centered around how it didn't make its investors/founders enough money?
From the last thread they pointed out:
"Zcash's monetary base will be the same as Bitcoin's — 21 million Zcash currency units (ZEC, or ⓩ) will be mined over time. 10% of that reward will be distributed to the stakeholders in the Zcash Company — founders, investors, employees, and advisors. We call this the “Founders Reward”."
It's nice to have a currency with more security and privacy features in mind but I would be extremely wary of compromises like this for that achievement.
> Is this the one that forked off BitCoin due to differences centered around how it didn't make its investors/founders enough money
You must be thinking of something else. Matthew Green has said he would have much rather got this implemented in BitCoin.
ZCash forked off of BitCoin because BitCoin core wouldn't accept it. The proposed solution was a "side chain" to BitCoin. Side chains have been being talked about since around 2009, and that's all that is happened: talking. There is no code and no agreement on how they should work.
The fork happened when it became apparent that this would never make it into Bitcoin in any form.
Hi. Who are you? You're saying a number of things which are outright untrue, and I think it would be helpful to know who I'm speaking to here.
Matthew Green was _insistent_ about making an altcoin. I believe can substantiate this with DKIM-signed emails by Google, if it's actually being refuted. He was especially concerned about difficulties monetizing any other path.
In particular, later I begged for access to the efficient SHA256 circuits which had been created and benchmarked as part of their publications, which were held back from publication with libsnark. ... so that I could begin working on applications of them with Bitcoin, only to be blown off.
> and that's all that is happened: talking. There is no code and
"Last I checked - a few months back - it was just a bunch of ideas. No code on main." "And more importantly, no schedule on when it was going to go live. You can't build something that doesn't exist." - https://twitter.com/matthew_d_green/status/78154605479791821...
fraction?? The money supply of the world is about between 30 and 80 trillion dollars. Let's call it 50 trillion. Let's say crypto gets 10% share over time, and these guys get 10% of crypto. That's 1% of the money supply. So... 500 billion dollars. 10% for founders = 50 billion dollars. Isn't that just, a bit, ambitious in your opinion? This fork of bitcoin is worth 5 million dollars MAX for the founders efforts up to now (it's a fork, remember), namely 1/1000 of my already conservative scenario. Let's hyperbolically discount that for the huge risk, and therefore generously multiply my scenario by 10. We're talking 1% premine fair value, max.
Let's get real here. These guys are fucking opportunists at best, ponzi median, outright thieves at worst.
Absolutely irrelevant and ridiculous comparison. On what basis did you come up with those numbers? 10% of the world's money supply?? Why??
Let's do something more reasonable, which least is approximately in the order of magnitude. The BTC market cap is ~$10bil. 1% of that is 100 million dollars. Which means that if Zcash ever becomes more valuable than the phenomenon that was bitcoin, you have a 100 million dollar stake for the founders. A pretty penny, but still a far cry from your ridiculous half a trillion.
Firstly I did not say half a trillion. I estimated that the kind of investor who will buy into zcash has to believe in crypto upside, and I assumed 10% crypto share of global money supply over time. IE 5 trillion. Second I said, along the same lines, that to buy zcash you have to believe in an upside scenario of 10% of crypto market share for zcash. 500 billion. 10% of that is 50 yards. Does that sounds reasonable to you? You have said 100 million is reasonable. I say you're right. But that's not the pitch here.
The pitch is that zcash will "uplift millions of people". As per your numbers, you're saying 2e-06 proportion of global money. Can you see the disjoint between the ambition pitched and the (entirely reasonable) numbers that you cite? They're pitching a game change ("zcash begins") and you're saying their target is 2 in every 1 million dollars of global cash?? Come on. If that's true, fine, 10%. But that is not "uplifting millions of people" and this is not "Zcash Begins", biblical style.
What we have here is an unfeasibly large founder's share in the case of success, and this unreasonableness is precisely the signal that indicates that they do not believe in long term success, themselves. Therefore we have a credibility problem.
TL;DR: If they had 1% founders share, they'd have a shot. At 10%, they're doomed to failure. 1% of something or 10% of nothing.
You need to recalibrate your sense of scale when moving from equity micro to global macro. We're not in the domain of some tech startup. We're talking a venture that takes on the global money supply, 1% of which is 500 billion dollars. Your analogy is way out by at a minimum two orders of magnitude, and probably four. 0.02% of market share in the world of fiat currency is called wild success = bitcoin. Think about that before implying that 1% and 10% numbers are reasonable. Saudi Aramco is worth 4%. Apple is 1%. The whole of IBM is 0.3%.
What you're basically doing is analogous to applying planet scales to a galaxy.
Even accounting for miniscule market share, 10% "founders reward" for any venture targeting global money, is a ludicrously large sum and a strong signal of probable charlatanry.
10% premine and run by a private company? No thank you! I don't care what cool ZKP crypto they use; one of the critical aspects of Bitcoin's success is that there was no premine (no unfair advantage for the creator) and no company to go after if someone starts feeling litigious. Bitcoin is a protocol, this is a product.
Regardless, he didn't premine unfairly; he released it to the public before mining began. Also, 1m is a very high-end estimate. Most estimates come in on the order of several hundred K.
Barely. He created them with about no effort at all while other peoples hard work and real dollars spent would turn it into a fortune later. That counters wyager's claim a bit where there's definitely an unfair advantage in terms of financial distributions. Quite like the U.S. system it intends to replace. :)
There were a number of people who were mining within the first few days. They had no idea if it would pay off or not; they put a fair amount of effort into an extremely high-risk investment. They deserve everything they got out of it.
I'm not arguing they shouldn't get a first-mover benefit. I'm saying it was designed for that to happen. It's totally rigged so the early players do almost no work while getting the highest gain. Just like the banking system it replaces. Just like VC's. It's no different except it's so radical the ROI was way less guaranteed. More risk.
The wealth distribution of the Bitcoin accounts vs the U.S. dollar is interesting. Here's a visual one:
Note: There's also the other problem of hoarding happening a lot since it's a commodity rather than a currency. I'm not sure if that's changed since I last looked at it.
It's basically claiming all unspent Bitcoins mined during the first year were mined by Bitcoin's creator. But there is _no_ evidence linking them to Bitcoin's creator except pure handwaving.
I want to buy zcash for 10 euro, then wait until it explodes like bitcoin, how can I do this? It's not currently traded at Bittrex I see it's there but as "disabled". When can I buy?
It may be a language thing, but I believe teekert meant bitcoin exploded, as in, took off and was temporarily valued at ~$1,300. So, you mistook the meaning as the exact opposite of what the author intended (I believe).
Also, the other reply to you mistook you for not understanding that your link is satire, which I believe you understood.
Wow, that's even worse. The entire reason cryptocurrencies exist is to do away with a governing party. If what you say is true, Zcash has an administrating government, while developers of Bitcoin design the algorithm only for the benefit of the community.
With Bitcoin anyone can see for example that "1F38k5Q3ob4X4rJtmzAER2Y6j94cU8EKW9 sent 0.0115627 BTC to 1NzLNxxU8Vo2urbGdarJjHCpLyv61JuHwD" (see for yourself: https://blockchain.info/tx/bf151762857db770a5a714afd974e1f46...). This is not really anonymous because first you see the amount being sent. Then you may be able to track who owns these addresses, eg. if someone posts his Bitcoin donation addresses to a website, or if a vendor sells something for a particular price like 17.958 BTC then you can scan the blockchain and look for all transactions of 17.958 BTC and you might be able to infer how many transactions that vendor made even if they used unique addresses for each sale.
All of this is not great. This is why we say Bitcoin is not anonymous, but "pseudonymous".
So Zcash fixes this by obfuscating all of this: sender, amount, recipient are just obfuscated blobs of data. You don't know how much was sent, from who, to whom, but you cryptographically know the transaction is valid (didn't try to send more coins than the recipient has, etc). This is verified through fancy so-called "zero-knowledge proofs". See https://blockchainhub.net/blog/infographics/zcash-explained/
Bitcoin, to which it is most similar, is the currency it tries to differentiate itself from, but it is not its main competitor, and it looks like it shares most of its flaws compared to its main competition, the dollar.
In terms of availability, the US government has facilities in place to produce more cash without breaking the economy, while there is a limit to how many Zcash coins can be produced. In fact, since people cannot transfer Zcash after their death, there is absolute certainty that Zcash has an expiration date.
In terms of volatility, Zcash shares Bitcoin's (and most traded commodities') flaw in that the value of assets held can fluctuate tremendously, making Zcash one of the riskiest currencies on the market. Even buying pounds is a safer investment. The dollar has, yet again, facilities in place to avoid huge swings in its value.
In terms of ease of use, Zcash requires complex maintenance, careful security practices, and computing power. The dollar has a whole banking industry in place, from paper money to debit cards to Apple and Android Pay. All of that makes storing and transacting painless, and not that expensive, all things considered.
In terms of energy consumption, well, yet again Bitcoin's flaws shine through.
Most people want to exchange money for goods and services lawfully, which means adhering to taxes and audits and ensuring that no money laundering takes place, so Zcash's anonymity is not a huge selling point.
Bitcoin had the benefit of being the first practical currency of its kind, which was enough to surpass its flaws. Do you believe Zcash will survive ten years?
Why does everyone always make the argument that because a cryptocurrency doesn't cover every possible use case for a currency that it will never be used.
Tell me how I can anonymously send $10,000 to another country with dollars?
That isn't my argument. Plan9 is technically fascinating and a few people use it, but it is a far cry from even Linux. It feels like Zcash will be the Plan9 of currencies — at best.
Sending $10,000 to another country should not be anonymous, to combat fraud and illegal activities. Many countries have laws about that kind of thing.
Do not underestimate how much a system like that is abused and that is where the problem is with not allowing anonymous transactions.
As much as I'd like to stop terrorism and activities that really are immoral to society as a whole, you can't circumvent the security of the people who are good because it's proven those systems become abused in ways that it was not originally intended.
Mixers often have limited anonymity sets, can sometimes be scams, are opt-in. We are seeing improvements in trustless mixers, but a fully anonymous currency is a very different beast.
zCash offers a level of anonymity beyond anything we have seen (Monero hasn't activated CT yet). Systems with similar properties as zCash ([see auditable eCash](http://www.cs.tau.ac.il/~amnon/Papers/ST.crypto99.pdf)) have been discussed since the late 90's, today marks the first time to my knowledge one has been deployed in production. This is a big deal. I'll raise a glass to the zCash team.
tl;dr zCash is a very impressive cryptographic achievement.
Exactly. Though I have seen ZCash stories on YC HN frequently, the commentaries of my peers have combined with my prejudicial biases to coalesce into the opinion that ZCash will not be a significant part of future commerce, and there is no advantage to me in buying into it now, while it is in the ground floor.
At this point, in order for me to pay attention to any crypto-currency other than Bitcoin, it would have to allow for more than just one of the following:
- buy black-market without getting pinched, more easily than paper money
- pay bills with a verifiable proof of payment, more easily than checks
- buy from untrusted parties, more easily than credit cards
- save at lesser risk of theft than cash in the mattress
- save at lesser risk of confiscation/forfeiture than money in the bank
- save at lesser risk of market volatility than Bitcoin alone
- allow anyone to issue barter scrip
- facilitate trade-chain settlements and redemptions of barter scrips
- allow both anonymous transactions and provable-identity transactions
- facilitate honest trade while crippling scammers
- stable decentralization, such that N% attacks are impossible
- built like a pile of bricks, instead of a house of cards
- no excessive pre-mining or front-loading
- if not future-proof, at least future-resistant
So far, the only thing Bitcoin really has going for it is that it got to the mountaintop first. But since no other alt-coin has proven to be superior in more than one or two of the ways that matter to the users, none have yet displaced even it, and never mind surpassing any of the traditional currencies.
And I think none of the schemes set up to reward those investing in the costs of development will succeed. In the end, a currency has to be a commodity, and you can't charge much more as seigniorage on a commodity currency than the actual cost of operating the mint, unless you have a monopoly. Otherwise, you're better off running the power plant than the data center packed with ASICs.
It looks like the Bitcoin fan boys are already rushing to poison the proverbial water hole and hijack this discussion. It's always disappointing to see just how much politics have managed to infect this space. I mean, everyone knows that with politics a person's preferences end up being based largely on whether or not they like a given candidate's character (hence the quote "politics is the mind-killer") ...
But within the cryptocurrency space people are even less rational since after investing their money they now have a perverse incentive to try discredit any competition and the effects of their confirmation bias after investing are truly immense. Bitcoin in that sense, is one of the most toxic communities out there since its entire community seems to be against any kind of innovation taking place outside of Bitcoin and are quick to dismiss any such attempts as "crapcoins."
I wish we could go back to 2011 when people were more opened minded ... It's honestly gotten to the point where no one can work on anything new in this space without some shill from Bitcoin trying to cast doubt on their project to steer people back to it ... So I guess pick your favorite investment and support your side.
"Arguments are soldiers. Once you know which side you're on, you must support all arguments of that side, and attack all arguments that appear to favor the enemy side; otherwise it's like stabbing your soldiers in the back—providing aid and comfort to the enemy. People who would be level-headed about evenhandedly weighing all sides of an issue in their professional life as scientists, can suddenly turn into slogan-chanting zombies when there's a Blue or Green position on an issue."
Huh? Why? How? It's an altcoin with more anonymity than Bitcoin. That's nice, but no big deal.
I went to hear Tromer's talk on the theory behind Zcash at Stanford last Wednesday.[1] There were a lot of very strong claims and a lot of hand-waving. I'm not an expert in that area, but the claims were awfully strong and the presentation didn't back them up sufficiently. Here's his key paper.[2] He claims, at least, to have developed a new way to generate cryptographically strong hash functions. See section 1.1 of that paper. That's a hard problem. Of the existing crypto-grade hash functions, Snefru, MD2 (128-bit), MD4, MD5, RIPEMD, HAVAL-128, and SHA-0 have all been broken, and SHA-1 is looking weak. Solving that problem alone would be a noteworthy achievement. So where's Tromer's proposed hash function, evaluated by the crypto community?
On the financial front, the insiders take a 20% rakeoff of new Zcash coins for the first four years. That's a huge cut for a financial product. The investors include Roger Ver, the convicted felon who publicly said Mt. Gox was sound. What could possibly go wrong?
[1] http://web.stanford.edu/class/ee380/ [2] https://eprint.iacr.org/2014/580.pdf