Zcash was launched on October 28, 2016. This is the first currency that uses a specific type of ZKPs known as Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge (ZK-SNARKs) to provide complete privacy to the user. These proofs are concise and easy to verify; however, setting up the initial public parameters is a complicated process. The latter include two keys: the proving key and verifying key. The process requires sampling some random numbers to construct the public parameters. The issue is that these random numbers, also called toxic waste, must be destroyed after the parameter generation in order to prevent counterfeiting of Zcash.
For this purpose, the Zcash team came up with a multi-party computation protocol to generate the required public parameters collaboratively from independent locations to ensure that toxic waste is not created. Because these public parameters are required to be created by the Zcash team, it means that the participants in the ceremony are trusted. This is the reason why the ceremony was very open and conducted by making use of a multi-party computation mechanism.
This mechanism has a property whereby all of the participants in the ceremony will have to be compromised to compromise the final parameters. When the ceremony is completed all participants physically destroyed the equipment used for private key generation. This action eliminates any trace of the participants' part of the private key on the equipment.
ZK-SNARKs must satisfy the properties for completeness, soundness, succinctness, and non- interactivity. Completeness means that there is a definite strategy for a prover to satisfy a verifier that an assertion is true. On the other hand, soundness means that no prover can convince the verifier that a false statement is true. Succinctness means that messages passed between the prover and verifier are tiny in size.
Finally, the property non-interactive means that the verification of correctness of an assertion can be carried out without any interaction or very little interaction. Also, being a ZKP, the property of zero-knowledge (discussed in Chapter 6, Public Key Cryptography) needs to be met too.
Zcash developers have introduced the concept of a Decentralized Anonymous Payment scheme (DAP scheme) that is used in the Zcash network to enable direct and private payments. The transactions reveal no information about the origin, destination, and amount of the payments. There are two types of addresses available in Zcash, Z address and T address. Z addresses are based on ZKPs and provide privacy protection whereas T addresses are similar to those of bitcoin. A snapshot of various attributes of Zcash (after an initial slow start) is shown as follows:
Zcash uses an efficient PoW scheme named asymmetric PoW (Equihash), which is based on the Generalized Birthday Problem. It allows very efficient verification. It is a memory-hard and ASIC-resistant function. A novel idea (initial slow mining) has been introduced with Zcash, which means that the block reward increases gradually over a period until it reaches the 20,000th block. This allows for initial scaling of the network and experimentation by early miners, and adjustment by Zcash developers if required. The slow start did have an impact on price due to scarcity as the price of ZEC on its first day of launch reached roughly 25,000 USD. A slightly modified version of the DigiShield difficulty adjustment algorithm has been implemented in Zcash. The formula is shown as follows:
(Next difficulty) = (last difficulty) x SQRT [ (150 seconds) / (last solve time) ]