Thoughts on Zcash?

[Arvydas77]

Chris Angel, Zcash and the Golden Key

https://decentralize.today/chris-angel-zcash-and-the-golden-key-e9289e917dea#.82kafn9t6

[geotom]

Chris Angel, Zcash and the Golden Key

https://decentralize.today/chris-angel-zcash-and-the-golden-key-e9289e917dea#.82kafn9t6

Thanks for the link. I'm sure there will be some money to be made from this (it is being hyped but various folk in crypto - good luck trading it for the first few months though). However it is EVERYTHING that crypto shouldn't be.

USgov VC funded, not trustless,  for the benefit of a single private entity, not decentralised, high hardware requirements for client (this is never going to take off as an exchange medium in China, Africa, S America if you can't use a mobile phone to make payments).

Adding the fact that the golden key could break anonymity (whatever the article says) and could be used to magic wand coins into existence and that we have to trust that all copies have been destroyed?

Fishy.

[statdude]

Very disappointing. I've waited years to get in early on zcash and now I find out the usual whales get to premine 10% while the rest of us are left to fight over mining scraps.

What is the distribution curve?

[LiskQH]

Very disappointing. I've waited years to get in early on zcash and now I find out the usual whales get to premine 10% while the rest of us are left to fight over mining scraps.

What is the distribution curve?

from where you have this information?

[Zer0Sum]

ZCash is scammy. 20% founders reward on mined coins are a no-go

"80% of the newly created ZEC will go to the miners, and 20% ZEC to the founders."
https://z.cash/blog/funding.html


Someone should fork it out and make a better version 

As long as they are up front about it...
20% is actually a great deal for years of work by elite Devs + a slew of experienced venture capital Pros.

I'll take a proper organization over a garage coin like Monero any day...
A few dark markets are a drop in the bucket... and will not change anything in this space.

In fact...
The idea that all of these public figures with reputations will run a straight-up fraud seems hysterical.

And 80% CPU mining, probably requiring a fast connection + 8 GB memory to cut out botnets...
This is what Bitcoin was meant to be before it was hijacked by a Chinese cartel.

[z0n0]

Is there going to be GPU mining for zcash?

[bbc.reporter]

Can someone explain zcash's trusted set up in layman's terms and without going very technical? I would really like to understand it and be able to compare it to XMR and Dash for myself. It is sometimes very hard to know the truth without the knowledge needed to discern each cryptocoin. Sometimes I find myself listening to FUD without thinking and understanding.

[dinofelis]

Can someone explain zcash's trusted set up in layman's terms and without going very technical? I would really like to understand it and be able to compare it to XMR and Dash for myself. It is sometimes very hard to know the truth without the knowledge needed to discern each cryptocoin. Sometimes I find myself listening to FUD without thinking and understanding.

I tried to do that here, with my own limited understanding of it:
https://bitcointalk.org/index.php?topic=1125666.msg16086081#msg16086081

[rustynailer]

Can someone explain zcash's trusted set up in layman's terms and without going very technical? I would really like to understand it and be able to compare it to XMR and Dash for myself. It is sometimes very hard to know the truth without the knowledge needed to discern each cryptocoin. Sometimes I find myself listening to FUD without thinking and understanding.

I thought I explained the problem fairly simply here: https://decentralize.today/chris-angel-zcash-and-the-golden-key-e9289e917dea#.x9c5n42fl

Edit: xmr have a trustless setup and doesn't suffer from this problem and dash is not really in the race

[dinofelis]

There is something I didn't really understand with ZCASH.   In zerocash, you have to actively "mint" zerocoins by "locking up" bitcoins.  That means that you have to engage actively in the anonymity "request", and that "normal" bitcoin transactions are "in the clear".  This is a big "no go" for me, because most people will not bother, which means that the anonymity set for "the suspects" is rather limited, and that "anybody who uses it is suspect".
Zerocash was designed to be "on top of bitcoin".  However, in ZCASH, this is finally not clear to me.  I first thought that it was the same: that you had to actively engage in "exchanging clear coins for anon coins", and then do the zerocash thing.
But now it is less clear to me: is zcash, contrary to what I had read and understood from zerocash, SYSTEMATICALLY anonymous, no matter how you use it ?
I have been reading the technical paper on zerocash, but there, the anonymous transactions are explained, but it is not clear to me if this is what ZCASH will use systematically.
In ZCASH language, is the ONLY kind of ownership, ownership of notes ?

[Cryptotraider16]

Will anybody be ready to sale some zcash right after its will mining start?
anybody know good place to rent rigs,legit company and no scam shit?

[Cryptotraider16]

like this project if Snowden say its good..we need safe life !

[c789]

like this project if Snowden say its good..we need safe life !

I seriously doubt Snowden would endorse a coin that requires a Trusted Setup and has major involvement from the banking industry and government ties.

...unless you can post a credible source that says otherwise.

[dinofelis]

OK, I got some more view on ZCASH.  The way it is implemented doesn't make anonymous transactions standard or compulsory.  You have essentially bitcoin, and the possibility, if you want to, to convert them in "notes" and do anonymous transactions.  That's not good.

I think that ZCASH contains some very good cryptographic ideas, but that the way these are put in music in ZCASH is not so great.  I have 3 problems with ZCASH as it is announced.

1) the post-premine of 10% to the company.  That can be arranged by a fork.
2) the way the trusted setup is done.  I can accept a trusted setup where I'm part of myself or where I could have been part of, but not with some celebrities doing things.  There are ways to solve this, with thousands of participants.
3) the big no go for me: anonymity should be compulsory.

I think that ZCASH's crypto can one day be useful, but not the way it is put into music in ZCASH. 

[Mike8]

Thank you for summarizing it so good.
The main issue is in my opinion (too) that anonymous transactions are optional. This means that the ones using anonymous transactions will "stand out", losing all the point of "anonymous transactions".

[Cryptotraider16]

like this project if Snowden say its good..we need safe life !

I seriously doubt Snowden would endorse a coin that requires a Trusted Setup and has major involvement from the banking industry and government ties.

...unless you can post a credible source that says otherwise.

Isee this on some cryptp site few days ago!

[bbc.reporter]

OK, I got some more view on ZCASH.  The way it is implemented doesn't make anonymous transactions standard or compulsory.  You have essentially bitcoin, and the possibility, if you want to, to convert them in "notes" and do anonymous transactions.  That's not good.

I think that ZCASH contains some very good cryptographic ideas, but that the way these are put in music in ZCASH is not so great.  I have 3 problems with ZCASH as it is announced.

1) the post-premine of 10% to the company.  That can be arranged by a fork.
2) the way the trusted setup is done.  I can accept a trusted setup where I'm part of myself or where I could have been part of, but not with some celebrities doing things.  There are ways to solve this, with thousands of participants.
3) the big no go for me: anonymity should be compulsory.

I think that ZCASH's crypto can one day be useful, but not the way it is put into music in ZCASH. 

Can you explain the trusted set up more? I understand the general idea but how will they put this in effect? Will someone hold a golden key or something?

[c789]

OK, I got some more view on ZCASH.  The way it is implemented doesn't make anonymous transactions standard or compulsory.  You have essentially bitcoin, and the possibility, if you want to, to convert them in "notes" and do anonymous transactions.  That's not good.

I think that ZCASH contains some very good cryptographic ideas, but that the way these are put in music in ZCASH is not so great.  I have 3 problems with ZCASH as it is announced.

1) the post-premine of 10% to the company.  That can be arranged by a fork.
2) the way the trusted setup is done.  I can accept a trusted setup where I'm part of myself or where I could have been part of, but not with some celebrities doing things.  There are ways to solve this, with thousands of participants.
3) the big no go for me: anonymity should be compulsory.

I think that ZCASH's crypto can one day be useful, but not the way it is put into music in ZCASH.  

Can you explain the trusted set up more? I understand the general idea but how will they put this in effect? Will someone hold a golden key or something?

Hello bbc.reporter. I believe you had asked me this a few days ago and I've been conducting research. I don't mean to step on dinofelis...I'm just hoping I can provide somewhat of a decent answer.

It has been difficult to get a straight answer to this and other questions about Zcash. The writers of these articles can testify to this:

http://weuse.cash/2016/06/09/btc-xmr-zcash/

https://blog.okturtles.com/2016/03/the-zcash-catch/  (updated 27 August, see comments)

Here's what I think the answer is: a "golden key" will not exist IF those who initialize the trusted setup don't have compromised systems AND at least one of the initializers is honest in their execution of the setup.

Even if that answer is correct, it's still not a good system. Why take a chance? People are probably sick of me saying this, but it's true: we shouldn't have to trust people in crypto, just math. For example, with Monero, one only needs to examine the source code to see if there are any "surprises." Granted, Zcash is also open-source, but then we go back to the issue: the trusted setup. You have to trust that it was set up honestly and correctly. That is asking too much and it is a needless self-imposed barrier since an anonymous coin already exists which doesn't require a trusted setup: Monero.

If you read the two articles above, you'll see that the Zcash team has changed their explanations of the trusted setup a few times and have provided contradictory answers to questions where straightforward answers are necessary for trust. They have been evasive in providing answers as well...and these are the people we are supposed to trust?

I wish I could give you a simpler answer but I can't find much to add to what has already been well-documented in the two articles above. The fact that the Zcash team keeps giving dodgy answers to the okturtles author only makes me even more wary of them. In my opinion, there's already more than enough information available to show that it's a bad proposition, and an unneeded one at that.

[dinofelis]

Here's what I think the answer is: a "golden key" will not exist IF those who initialize the trusted setup don't have compromised systems AND at least one of the initializers is honest in their execution of the setup.

That's also how I understood it.  This is why you can trust a trusted setup, if you are part of the setup !
For that, you have to have:
1) a medical certificate testifying that you are not schizophrenic and that you can trust yourself
2) being sure that you are part of the setup
3) be sure that you didn't give out your secret part

In other words, you have to have a way to verify that the published setup has actually used your contribution.  I don't know if this can be tested independently, but there is one thing that does work: if you have the public contributions of every contributor, then you can run the "compilation" yourself, and verify that it generates indeed, the published public setup.

It is indeed true that it is sufficient that ONE contributor has not given his part of the golden key (his random number/secret key) to the others to be sure that the golden key has not been generated.  So if YOU are part of it, and you can trust yourself that you didn't give your key, then you know that the trusted setup can be trusted. 

The subtle thing is probably that you are to be sure that that little piece of data has not left your computer.  So you have in some way to be totally master of the software that did the generation.  Best is to have the source code, and verify that it doesn't do any sending, but just a calculation on a console, and do this on an airgapped computer which is physically destroyed (or kept switched off in a safe, the day you want to be part of the conspiration that will have the golden key) once you copied the public results on a piece of paper.

Even if that answer is correct, it's still not a good system. Why take a chance? People are probably sick of me saying this, but it's true: we shouldn't have to trust people in crypto, just math.

If you are part of the trusted setup, you can trust it.

And if thousands of people are part of it, in the end, that comes down to "the market".  In crypto, you have to trust the market.  If ALL bitcoin holders except you decide that bitcoin has no value any more, then it doesn't matter that the protocol is well implemented.  It is worth zero.  So at a certain point, using a cryptoCURRENCY, you have to trust a market.  If the trusted setup is set up with so many people that they are a serious part of the market, and if you could have been potentially part of it, then I think you can trust it enough.
But best is to be part of it.

[Cryptotraider16]

Here's what I think the answer is: a "golden key" will not exist IF those who initialize the trusted setup don't have compromised systems AND at least one of the initializers is honest in their execution of the setup.

That's also how I understood it.  This is why you can trust a trusted setup, if you are part of the setup !
For that, you have to have:
1) a medical certificate testifying that you are not schizophrenic and that you can trust yourself
2) being sure that you are part of the setup
3) be sure that you didn't give out your secret part

In other words, you have to have a way to verify that the published setup has actually used your contribution.  I don't know if this can be tested independently, but there is one thing that does work: if you have the public contributions of every contributor, then you can run the "compilation" yourself, and verify that it generates indeed, the published public setup.

It is indeed true that it is sufficient that ONE contributor has not given his part of the golden key (his random number/secret key) to the others to be sure that the golden key has not been generated.  So if YOU are part of it, and you can trust yourself that you didn't give your key, then you know that the trusted setup can be trusted. 

The subtle thing is probably that you are to be sure that that little piece of data has not left your computer.  So you have in some way to be totally master of the software that did the generation.  Best is to have the source code, and verify that it doesn't do any sending, but just a calculation on a console, and do this on an airgapped computer which is physically destroyed (or kept switched off in a safe, the day you want to be part of the conspiration that will have the golden key) once you copied the public results on a piece of paper.

Even if that answer is correct, it's still not a good system. Why take a chance? People are probably sick of me saying this, but it's true: we shouldn't have to trust people in crypto, just math.

If you are part of the trusted setup, you can trust it.

And if thousands of people are part of it, in the end, that comes down to "the market".  In crypto, you have to trust the market.  If ALL bitcoin holders except you decide that bitcoin has no value any more, then it doesn't matter that the protocol is well implemented.  It is worth zero.  So at a certain point, using a cryptoCURRENCY, you have to trust a market.  If the trusted setup is set up with so many people that they are a serious part of the market, and if you could have been potentially part of it, then I think you can trust it enough.
But best is to be part of it.

Yeh its ll about communiti! No trust no value!