Battle for Online Privacy

Betamax vs VHS, Coke vs Pepsi, Ring Signatures vs zk-SNARKs; the choice for a winner in the battle for online cryptocurrency privacy is not so clear cut. We see two main contenders: Zcash and Monero.

Zcash hasn’t launched yet but is making waves, featuring a new privacy method that has not been used in any other coin. Zcash implements the Zerocash protocol, which is an evolution of Zerocoin, a protocol prominent in 2013 but never mainstream. Zerocash’s main draw is transaction size; Zerocash can make transactions up to 98% smaller than Zerocoin through a novel method. This method is known as a zk-SNARK (zero-knowledge Succinct Non-interactive ARgument of Knowledge). zk-SNARKs allow Zcash to feature completely opaque addresses and transactions, while keeping proof size small. From their protocol spec:

“The basis of the privacy properties of Zcash is that when a note is spent, the spender only proves that some commitment for it had been revealed, without revealing which one. This implies that a spent note cannot be linked to the transaction in which it was created. That is, from an adversary’s point of view the set of possibilities for a given note input to a transaction—its note traceability set— includes all previous notes that the adversary does not control or know to have been spent.”

Users are hopeful but skeptical. There may be too much anonymity; transactions can’t be traced to the genesis block. In the wild, there could be more coins mined than claimed by the devs – only a thorough review of the source code & proof that all parties are running the same code could verify. Zcash also requires a “trusted setup”, essentially a seeding of key data, that has attracted criticism. The technology is new and untested; like Bitcoin in 2009, it has yet to be proven, and few understand the implementation.

Zcash is attempting to integrate with other chains. Zooko Wilcox O’Hearn, one of Zcash’s technology leads, describes “Project Alchemy”, an attempt to connect the Zcash blockchain and the Ethereum blockchain. “You [can] create a decentralised exchange right there,” Zooko writes. “It means you can create unshutdownable things. It also means when you add this new power – to send and receive Zcash – all the other Ethereum contracts gain this new power.”

What about Monero? Monero has had a head start in this race. Monero’s ensures privacy via Ring Signatures. In short, it is based on mixing transactions with other transactions. This method of privacy is tried and tested in Bitcoin mixers, but mixers are explicit and coins coming from them are often blacklisted. Monero’s mixing is implicit and constant, significantly improving privacy.

Monero is not without issues. The set of mixed transactions is smaller than that of Zcash (where your transaction is hidden amongst all outstanding transactions), and mixing more coins requires a larger transaction size and thus slower transactions.

Both coins seek to solve other Bitcoin issues.

Monero has no block size limit nor any built-in reward halving. Zcash seeks to prevent a mining cascade at launch by slowing scaling up rewards in the first weeks. Both have faster block timings, and both use hashes designed to disadvantage GPU and ASIC mining.

Both coins desire to keep mining decentralized by reducing the GPU and ASIC advantage. Monero hasCryptoNight, which is designed to be fast on a CPU but slow on a GPU. This is effective in reducing GPU hashrate – the latest & greatest GPUs only have a very small scale advantage over fast CPUs. Zcash tackles the same problem with Equihash, a tunable hash algorithm that is designed to require massive amounts of memory, thus being almost entirely unusable on all but the very fastest GPUs. No GPU miner has yet been released forEquihash.

Which will capture hearts & minds? Usability may be the decider. Monero users have been waiting years for a simple GUI wallet. Monero is a completely new currency and thus has few tools. Zcash, on the other hand, isforked directly from Bitcoin and already has GUI wallets and even a block explorer forked from Bitpay’s popular Bitcore project. If the Zcash team is able to deliver fast and quality development, they may see users switch quickly.

Zcash is not yet launched, but you can already trade it, exclusively on BitMEX. We have launched a future,ZECZ16, that will settle on the largest underlying spot market’s price with expiry Dec 30, 2016. Bullish on Zcoin vs Monero? You can long the Zcoin ZECZ16 contract & short the Monero XMR7D contract (or vice versa), using BitMEX today.