
ZCash Will Be a Truly Anonymous Blockchain-Based Currency - mbgaxyz
http://spectrum.ieee.org/tech-talk/computing/networks/zcash-truly-anonymous-blockchainbased-cryptocurrency
======
Animats
Another altcoin. This one has a 10% pre-mining cut for the founders:

 _" Zcash's monetary base will be the same as Bitcoin's — 21 million Zcash
currency units (ZEC, or ⓩ) will be mined over time. 10% of that reward will be
distributed to the stakeholders in the Zcash Company — founders, investors,
employees, and advisors. We call this the “Founders Reward”."_

Here's a list of the other 709 altcoins.[1] 373 of them are still tradeable.
88 have a market cap in excess of $1M. 27 have a market cap in excess of $10M.
4 have a market cap in excess of $100M. PayCoin, which was last year's heavily
promoted new cool coin with a "guaranteed floor" of $20, is now at position
415 with a value of $0.002606 and a market cap of $30,247.

[1]
[https://coinmarketcap.com/all/views/all/](https://coinmarketcap.com/all/views/all/)

~~~
colanderman
Alt-coin founders are still into the whole deflationary thing I see.

~~~
omouse
What's the problem with that? It seems to be working so far.

~~~
colanderman
It incentivizes hoarding over spending, especially in the face of an expanding
economy.

Though to be fair, the rate at which new cryptocurrency pools are being
created seems to more than keep up with the growth of the economy. Who needs
the government to print money when anybody can?

~~~
VMG
> it incentivizes hoarding over spending, especially in the face of an
> expanding economy.

That kind of macroeconomic analysis assumes that everybody already owns some
amount of the currency.

However in the new currency markets that are developing, you have to consider
the incentive to even start accepting a currency.

One that loses value over time is not attractive to the recipient.

~~~
bduerst
>One that loses value over time is not attractive to the recipient.

 _Correction_ : One that _changes_ value over time is not attractive to the
recipient.

You can shine the deflationary currency as much as you'd like, but economists
have a consensus on why the volatile behavior of set-supply currencies are
inferior.

It's precisely why the world's major currencies don't use the gold standard,
but honestly, this conversation repeats itself almost every time a
deflationary cryptocurrency gets posted.

------
CiPHPerCoder
There's a general attitude to some of the comments here.

    
    
      "Another altcoin."
      "I wouldn't weigh the odds that this specific system really lasting
      more than 4 years out especially high."
    

ZCash isn't just another fly-by-night cryptocurrency scam. It's a serious
engineering effort that was carefully undertaken by some very well-known
cryptography and security experts.

    
    
      Matthew Green
      Daira Hopwood
      Taylor Hornby
      Ian Meiers
      Zooko Wilcox-O'hearn
    

Every one of the names in the preceding list is or was involved in the ZCash
project to some capacity. Every one of those names stands alone on their own
merits.

Ask your cryptography expert friends what they think about ZCash. Yes, the one
who are always yakking about side-channel cryptanalysis and which character
device to use for generating random numbers. If you don't have any such
friends, go to ##crypto on Freenode and say "Hi". It's all uphill form there.

Saying the equivalent of "Monero is better" is little better than trolling.
Let Monero stand on its own merits; being negative and hostile accomplishes
nothing.

Saying the equivalent of "Sigh! Another doomed altcoin" is needlessly
pessimistic. ZCash represents what _every other altcoin should have been doing
all along_ :

    
    
      - It uses a real proof-of-work function.
      - It offers actual anonymity (an improvement over BitCoin).
      - It uses an entropy source that won't fail open (like so many BitCoin apps did).
      - It was designed and implemented by a team of academic cryptographers
        and industry experts on secure cryptography implementations.
      - The team took their time bringing a solid implementation to market.
      - Every design decision was documented and discussed openly.
    

If you have technical concerns about the protocol design or implementation,
please don't feel discouraged in sharing them. It's the dismissive attitude
that's bothering me.

~~~
throwaway2016a
> ZCash isn't just another fly-by-night cryptocurrency scam. It's a serious
> engineering effort that was carefully undertaken by some very well-known
> cryptography and security experts.

The implication that most of the alt coins are like this is unfortunate. Sure,
a very many of the alt coins are just bitcoin clones with a different genesis
block trying to get rich but many of the alt coins have had great minds behind
them, that's not novel in and of itself.

~~~
tlrobinson
Out of curiosity, which alt coins would you put in the latter category ("have
had great minds behind them")?

~~~
throwaway2016a
If I answered that I would have to make personal endorsements of the team
members of those coins which I am not prepared to do.

Same reason Gary Johnson didn't answer the "Name a foreign leader you
respect"... once you name someone you open up to answering for all their
mistakes.

------
pero
ZCash has a myriad of fundamental issues, chief among them:

-ZCash is a US-based LLC, and given what is publicly known about the capabilities and past behavior of its intelligence apparatus I don't see how anyone can claim that such an organization can shepherd a 'truly anonymous blockchain', particularly one that is essentially a black box

-ZCash's blockchain is a black box and requires you to not only trust them with your anonymity, but also to trust them not to create coins arbitrarily - a successful attacker could also mint coins at will - as there is no way to verify circulation

-Anonymous transactions are optional and require tremendous resources to generate

-It is an innovative take on a pre-mine where insiders were given opportunity to pre-purchase coins at the expense of future miners

I suggest that anyone looking for a truly anonymous blockchain experience take
a look at Monero.

~~~
tribby
> ZCash is a US-based LLC, and given what is publicly known about the
> capabilities and past behavior of its intelligence apparatus [...]

why does it matter where zcash is incorporated when the apparatus you're
describing operates without regard for borders?

zcash is the first effort at a cryptocurrency where I have immense respect and
trust for its team right out of the gate. not sure where the FUD is coming
from (although I'd hypothesize that you are long monero?).

>Anonymous transactions are optional and require tremendous resources to
generate

this is indeed a problem. hopefully temporary.

~~~
kbart
_" why does it matter where zcash is incorporated when the apparatus you're
describing operates without regard for borders?"_

Yes, they can do intelligence ops and attacks in others countries, but can't
issue a subpoena along with gag order. Attacks can be defended against, secret
court orders - not. A decision to make this currency US based killed it before
it was even born. That's sad, because technically ZCash looks quite
interesting.

~~~
tribby
Subpoena for what? There's no useful data to hand over, that's the entire
point of zero knowledge.

~~~
kbart
"Zero knowledge" is not an excuse, it's way too easy to "miss a bug" or few to
leak an information. NSA is known to talk/force companies into adding
backdoors to their products. Users can never be sure, so why risk it?

~~~
tribby
It is too easy to miss a bug, which is why there was an audit.

I really don't understand the risk of US incorporation that you're talking
about, or why it is better or worse than any other country without introducing
other potentially even less desirable risks. Can you explain further?

More recently the US is known for failing to force companies to add back doors
(see Apple/FBI). It's probablg worth noting Jospeh Bonneau (EFF) is on the
board of Zcash. I just don't see the risk that you're seeing, sorry.

~~~
kbart
_" Can you explain further?"_

No other western country (to my knowledge) has secret courts, that were also
proven to target tech companies. If such reason is not enough for you, I don't
know what else could it be then.

~~~
tribby
right, but we already covered that. there is no court order in the world that
can compel to you to provide what you do not have. so why is the US a bad
place for ZCash to incorporate?

~~~
kbart
Are you sure such argument would fly against (possibly and probably
technically illiterate) judge? I'm not. Apple was a separate case, because it
is publicly known and loved company, and there are very few companies that
have luxury to say the same. How did that play out to Lavabit (that's a
controversial example, but it's to illustrate that court doesn't hesitate to
crush a company to achieve its goal)? Also, RSA scenario[1] is not unrealistic
too imho.

That's it, I'm not going to argue in circles anymore, I don't trust and will
not trust any US based, privacy related tech company unless something
fundamentally changes in its legal and power structures -- there are more than
enough reasons and examples for me. If you do -- that's fine by me.

1\.
[https://en.wikipedia.org/wiki/RSA_BSAFE#Dual_EC_DRBG_backdoo...](https://en.wikipedia.org/wiki/RSA_BSAFE#Dual_EC_DRBG_backdoor)

~~~
tribby
Forum-shopping is a problem, I don't disagree. But Apple didn't win that case
on PR, and Lavabit didn't lose that case by making smart decisions. These are
not analagous situations.

If you could name a single country that would offer better protections, we
might have something to talk about. Western Europe, seriously? [1]

The reason we are going in circles is because you're unwilling to trust ZCash,
not because of where it's incorporated. If, like me, you trusted ZCash, it
wouldn't matter to you where their articles of incorporation were filed,
because you would trust that the zero-knowledge implementation would prevent
law enforcement from mattering at all. If open source, audited code by some of
the brightest minds in the space doesn't earn your trust, nothing will.
IcelandBux won't save you.

1\. [https://www.theguardian.com/world/2015/may/05/france-
passes-...](https://www.theguardian.com/world/2015/may/05/france-passes-new-
surveillance-law-in-wake-of-charlie-hebdo-attack)

------
mappum
I am long Zcash:

* The founder is Zooko Wilcox-O'Hearn, creator of Zooko's triangle, the BLAKE2 hash function, Tahoe-LAFS, and former employee at MojoNation (an early attempt at cryptocurrency/P2P filesharing where another employee, Beam Cohen, went on to create Bittorrent). He knows a thing or two about decentralization/P2P.

* This project is NOT a trivial Bitcoin clone with only a new proof-of-work swapped in. The Zero Knowledge Proofs they use to keep transactions private is state of the art crypto. Also their PoW is actually memory-hard (many currencies have used PoW functions which they thought would be memory-hard and ASIC-proof, such as Litecoin with Scrypt, but it turned out not to be the case).

* Their "Founders Reward" is less like a premine and more like startup vested equity (it pays out to them gradually over 4 years to incentive themselves not to pump and dump).

* The team is extremely helpful in the Zcash Slack and are a relief after dealing with the pedantic, difficult Bitcoin developers.

~~~
rspeer
I can't stand the proliferation of proof-of-work cryptocurrencies in a world
where people don't have to pay for the externalities of the energy they use.

Let me know when there's a cryptocurrency based on proof-of-carbon-
sequestration or something.

~~~
DennisP
I'm working a coin minted for proof of carbon sequestration. It'd be
implemented as a ledger on Ethereum (which is currently PoW but moving to
proof of stake). Pay ether to a smart contract, it forwards the ether to
approved organizations doing sequestration, and you get new minted coins.

A couple weeks ago I presented the idea at MIT's Solve conference, and I've
got a writeup at MIT's ClimateColab that made finalist this year.

[http://climatecolab.org/contests/2016/shifting-behavior-
for-...](http://climatecolab.org/contests/2016/shifting-behavior-for-a-
changing-climate/phase/1314434/proposal/1331638)

[http://solvecolab.mit.edu/challenges/2016/fuel-carbon-
price](http://solvecolab.mit.edu/challenges/2016/fuel-carbon-price)

(The Solve writeup is pretty old, the Colab is recent but I've done more
thinking about the minting schedule since then and made some changes.)

~~~
rspeer
Neat.

Aside from the fact that it's built on a bug-prone foundation (Ethereum), the
idea at least gives me some hope that cryptocurrencies don't have to have a
negative impact.

~~~
DennisP
Cool :)

As for Ethereum, so far the bugs in the underlying platform have been minor;
right now they're dealing with DoS attacks resulting from mispriced opcodes
but that's getting fixed. Most issues have been due to poorly-written smart
contracts rather than the platform. That's not entirely the fault of the
contract authors; it's taking some time to figure out the attacks and best
practices.

I'm not planning to launch in the near future anyway, because Ethereum is
going through some major changes next year for scalability, and contracts will
need to be coded differently to take advantage of that. In the meantime I've
gotten a job doing Ethereum app work, so I should be reasonably well-prepared
to get the technical side of things right.

I think the bigger challenge is making sure the climate action is actually
effective. Something I learned from people at the MIT conference is that while
carbon offsets are readily available in the voluntary market, even the
certified offsets are often very poor quality, or even outright scams.

Also I'd like to figure out a governance system that doesn't rely on central
administration, but that may not be workable; a more democratic system could
end up funding charismatic projects that don't actually do much good. I've got
some ideas though.

------
moyix
I'm kind of confused by the tenor of the comments in here. I'll admit I
haven't been following cryptocurrencies closely, but there seem to be a large
number of comments suggesting that ZCash is a scam and that Monero is better
(without any concrete arguments).

Could someone enlighten me as to why that's the case? I know of ZCash via the
academic papers on it, and because the people involved – Zooko Wilcox, Matthew
Green, etc. – are extremely well known and trusted in the security community.
I've heard basically nothing about Monero.

~~~
hulahoof
I have been reading through and also noticing this. I was looking for a better
explanation too - from what I understand basically:

 _Monero uses ringCT algorithm on transfer to mix the payments and obfuscate
the sender_

 _Monero has a private view key and separate spend key. View key can decrypt
transactions made by you to confirm your total balance (Monero balance is
unknown to daemon, is calculated as (xmrRecieved - xmrSpent)_

ZCash has 'zero-knowledge' proofs and while the whitepaper[1] is a bit intense
it uses a novel Proof-of-Work explained within. Called zero-knowledge Succinct
Non-interactive ARguments of Knowledge (zk-SNARKS).

 _ZCash coins origins obfuscated before recieved by user, reducing need to mix
payments together_

Personally, I think they're both great and it's a healthy time for a privacy-
based cryptocurrency face off. Having said that, ZCash theoretically sounds
better (to me) yet Monero is proven in the wild - and both have people with
money already sunken in.

IMO the cryptocurrency world will be much better off when it's userbase is
looking for a CURRENCY and not a COMMODITY.

[1]: [http://zerocash-project.org/paper](http://zerocash-project.org/paper)

[2]:
[https://github.com/zcash/zips/blob/master/protocol/protocol....](https://github.com/zcash/zips/blob/master/protocol/protocol.pdf)

[3]:
[https://www.reddit.com/r/Monero/comments/41vg68/monero_vs_zc...](https://www.reddit.com/r/Monero/comments/41vg68/monero_vs_zcash_eli5_fundamental_differences/)
\- decent ZEC vs XMR ELI5 thread

edit: formatting

~~~
llamataboot
What is the difference between a currency and a commodity? If the rate of
appreciation is perceived as high enough, and the exchange rate into goods and
services is high enough, anyone will have a tendency to hoard a currency - why
wouldn't you?

It would be simple to create an alt-coin that degrades in value over time,
thus encouraging circulation and not hoarding (though how you would battle
fake-circulation through shill transactions is up for debate), but no one
wants to buy into such a thing.

I happen to think the conflation of money/debt/interest with the corresponding
need for continual economic growth is one of the great tragedies of our age,
but I'm not entirely sure how to get out of it.

~~~
Dylan16807
> What is the difference between a currency and a commodity?

Whether you want to spend it.

> If the rate of appreciation is perceived as high enough, and the exchange
> rate into goods and services is high enough, anyone will have a tendency to
> hoard a currency - why wouldn't you?

Of course it's reasonable to do in such a situation, but that doesn't make it
good for the thing being hoarded. Ideally a currency would have minimal
appreciation.

------
choffman
ZCash requires a trusted setup, takes a 20% fee from miners, and active mixing
requires 8GB of RAM.

[https://blog.okturtles.com/2016/03/the-zcash-
catch/](https://blog.okturtles.com/2016/03/the-zcash-catch/)

[http://weuse.cash/2016/06/09/btc-xmr-
zcash/](http://weuse.cash/2016/06/09/btc-xmr-zcash/)

If you are interested in anonymous blockchains, I highly encourage you to look
into Monero. It meets or exceeds that of ZCash. And Monero's RingCT is
currently implemented and in use on TestNet with a target "go-live" this
January.

~~~
urza
Could you please explain this?

_"And Monero's RingCT is currently implemented and in use on TestNet with a
target "go-live" this January."_

I couldnt find any relevant infromation on this. Does it mean that from
January 2017 bitcoin will have anonymity properties of Monero?

------
lisper
I'm a big believer in privacy, but anonymity scares me. Anonymity invites bad
behavior: look at how bitcoin -- which isn't even all that anonymous -- has
enabled the ransomware industry.

I agree that it is very important for people to be able to conduct financial
transactions without having to disclose them to third parties. It's also
important for people to be able to use a mutually-agreed-upon trusted third
party to mediate transactions where neither party knows the other's identity.
But I'm much less convinced of the wisdom of enabling people to conduct
financial transactions with _no possibility_ of knowing who they are doing
business with. That seems to me to be fraught with all manner of moral hazard.

~~~
uncletammy
I would argue that anonymity and privacy are equally positive things and both
necessary for a functional society.

Anonymity facilitates the exposing of bad actors and systemic failures in the
bureaucracies we've created to help and protect each other, i.e., whistle
blowers.

I would also argue think ransomware is a good thing. Although it's annoying,
it's providing just enough of a shift in incentives for people to start taking
data security seriously. Ransomware makes everyones data more secure in the
long run.

~~~
lisper
> Anonymity facilitates the exposing of bad actors

No, it doesn't actually. What are called "anonymous sources" in the press are
actually not anonymous in the sense that ZCash makes them anonymous: their
identity is known to the journalist who publishes the story. The identity of
the source is kept confidential by the journalist. This mechanism is an
important check on the credibility of the source. True anonymity leads as much
to vendetta-driven libel as it does to legitimate whistle-blowing. There's a
reason that serious people get their information from the Register and the
Washington Post instead of 4chan.

Also, anonymity in general and an anonymous _currency_ are not the same thing.

------
mootothemax
"But in ZCash, the miners only get to keep ninety percent of those coins. The
rest gets dumped into accounts controlled by the ZCash company"

This alone makes me extremely sceptical.

~~~
wmf
Unlike Bitcoin, where Satoshi probably mined 5% of all BTC before other people
noticed? Or unlike Bitcoin, where developers get paid by layering centralized
startups on top?

~~~
tom_mellior
5% < 10%, last time I checked. Also, "Bitcoin did something fishy" should be a
reason to invent some thing _less_ fishy, not more.

~~~
earlz
If I recall correctly, it's not 10% of the entire supply, but rather 10% of
the first 2 years worth of supply. After that, the 10% cut from miners is
stopped and their 10% of the supply will slowly decrease as the overall supply
increases

~~~
tromp
No, it's 20% of the first 4 years' reward, which is equal to 10% of all time's
reward.

------
wyldfire
ZCash is one of a few options for anonymity. Cryptonote-based ring-signature
coins like Monero have been around for a while.

See also [https://news.bitcoin.com/meet-top-3-coins-cryptocurrency-
ano...](https://news.bitcoin.com/meet-top-3-coins-cryptocurrency-anonymity-
race/)

------
nickff
ZCash looks like a promising tool to prevent civil forfeiture and legalized
theft.

It is interesting how the same (or similar) technologies that have made cash
rare, and allowed tracking of transactions and spending, may subsequently
enable radical anonymity.

P.S. I hope to see an investment market based on anonymous cryptocurrency one
day; it would allow many people who currently lack access to investment
markets or funding to prosper.

~~~
bogomipz
"ZCash looks like a promising tool to prevent civil forfeiture and legalized
theft."

How does it prevent civil forfeiture specifically? Can you elaborate?

~~~
nickff
If you carried your money electronically, the police would have nothing
physical to seize. The most common form of civil forfeiture is when the police
seize money or other items of value from someone transporting or holding them.

More significantly, if you have an anonymous ZCash account, the state has very
little idea of how much money you have, where it is, or how you've used it;
this means they don't know whether you have anything they want, or how to get
it.

~~~
fleitz
How does it defeat the $5 wrench?

~~~
seansoutpost
Multisignature wallets mean that you can beat the credentials out of a person
and still not be able to access the coins. You would have to figure out who
else had keys and beat then too. Raising the difficulty a non-trivial level.

~~~
vkou
For the wallet to be useful, the person you are beating will either know who
else needs to be beaten, can be compelled to withdraw their funds under
duress, or in the case of a centralized counterparty, like a bank, can be
trivially compelled by a government bearing a lawful order, to sign off on a
money transfer.

If none of those means of getting you to pay work out, they can always leave
you to enjoy your internet money in jail.

~~~
stale2002
The issue is that they have no idea how much money you 'actually' have.

If someone threatens you with a wrench, you simply do what they ask you to do
and provide a password to your "account" that conveniently doesnt have much
money in it.

"yes officer! I have done exactly what you asked me to do. Here is all the
electronic money that I own. "

------
mmanfrin
A month ago I did a deep dive in to etherium and the 'altcoin' universe. The
one thing I came out of it all with was a feeling that I had seen so much of
the same sentiment and rhetoric about specific altcoins and altcoins in
general as I saw with the 'HYIP' sites of two decades ago.

HYIPs were plain ponzi schemes, given the fancy name of 'high yield investment
portfolio'; they promised things like "1.5% yield/day on investments of egold"
but all of them would fold.

------
Ar-Curunir
The article is a bit inaccurate; SNARKs weren't developed just by Eli; there's
an entire group of researchers at the SCIPR lab who worked on this stuff:

[http://www.scipr-lab.org/](http://www.scipr-lab.org/)

~~~
sangfroid
Hi. I'm the author. Thanks for pointing this out. You were not the only one.
We've reworked the attributions paragraph to include all of the institutions
that had a hand in this particular work. And we also tried to make it clear
that the snarks they worked on were specific to the zcash project.

------
TheLilHipster
Monero is better tech:

* [https://getmonero.org/knowledge-base/about](https://getmonero.org/knowledge-base/about) * [https://github.com/monero-project/monero](https://github.com/monero-project/monero)

------
andirk
I think the people behind a project mean a heck of a lot to the validity an
integrity of the project.

So if Zooko Wilcox et al are indeed respected in the P2P and security
community, then I am interested in this.

~~~
aminorex
You have to trust them, because if they cheat, they can print infinite zcash.

I do not trust Israeli SIGINT people with my secrets.

~~~
Ar-Curunir
So people like Matthew Green, Alessandro Chiesa, Madars Virza, Ian Miers and
Christina Garman, none of whom are Israeli, had absolutely no say in how this
project was constructed, right? Eli and Eran are just two members of a much
larger research group. They most certainly did not "backdoor" ZCash.

There's skepticism, and then there's this stupid crap like your post. No
technical foundation, no evidence, nothing, just FUD.

------
CN7R
A current problem that I feel blockchain-based currencies face all is the
inability to effect large scale changes. Whether it be Bitcoin's infighting or
Ethereum's decision to fork, the reliability of transactions by blockchains
comes into question.

The central conflict is over authority: should the system be in the hands of
miners or in a central power? Both of these have pros and cons.

Miners have an economic incentive to ensure changes to the system are in favor
of users. And in theory, these changes are democratic: representing the
opinions of the majority of miners. However, in practice, this is rarely the
case; as voting power is allocated based on computing power, the result is a
system governed by a few individuals with the economic resources and
advantages to cheaply 'outrepresent' others. In effect, they do not represent
the majority of miners and users. Look at Bitcoin, where a handful of Chinese
companies control the network
([http://www.nytimes.com/2016/07/03/business/dealbook/bitcoin-...](http://www.nytimes.com/2016/07/03/business/dealbook/bitcoin-
china.html))

A central power has the ability to enact large scale change affecting the
whole system, but is inherently undemocratic. Ethereum, in response to a
capital fund being hacked, performed a hard fork earlier this year, mitigating
the adverse effects. This rapid collective action would be hard to do in
Bitcoin.

The benefits of blockchain are anonymity, security, and low costs of
transactions. Both of these features need to be upheld if blockchain-based
currencies are to be competitive with current credit systems, regardless of
which form of authority is adopted.

In my opinion, a central power blockchain-based currency would be preferable.
Why? Current credit systems charge high fees for transactions to offload the
cost of fraud and corresponding insurance. Blockchains don't, but there is no
guarantee of security against hackers in a system not run by a central power.
Low cost and security of transactions must be maintained. In addition, in a
miner-based blockchain, all transactions are not treated equally. For Bitcoin,
transactions which give a fee to miners are processed faster
([https://docs.google.com/spreadsheets/d/1aYfkjiN534p4zyE5WJNm...](https://docs.google.com/spreadsheets/d/1aYfkjiN534p4zyE5WJNm7rddr84KS_e50EFTYJqj5jQ/edit#gid=1463201895)).

Any response?

------
philfrasty
Anyone else finds naming important for adoption? Bitcoin sounds pretty elegant
to the regular Joey IMO but „ZCash“...I mean...awful. Well lets hope for a
rebrand later.

~~~
seansoutpost
This is the rebrand. This project was initially ZeroCoin, then ZeroCash, and
now the abbreviated ZCash

~~~
nullc
> This project was initially ZeroCoin,

ZeroCoin was an entirely different approach based on different cryptography
with radically different properties.

(
[https://bitcointalk.org/index.php?topic=175156.0](https://bitcointalk.org/index.php?topic=175156.0)
)

------
grondilu
> Although privacy was a motivating factor for Bitcoin’s flock of early
> adopters

Not quite. I mean surely there were people interested in that, but frankly
this is exaggerated. We knew very early that anonymity was far from obvious,
even on a purely theoretical point (that is, even if you could anonymise your
IP for instance).

Bitcoin was approximately anonymous not by design, but by convenience. Who
wants to have to bother checking the identity of users? In fact, I'd argue
that bitcoin was no more anonymous than any other FOSS project. You usually
don't ask for an ID before allowing someone to download your software.

------
wh0rth
The blockchain is slowly going to become a dominant pillar of our
transactions. Whether it be information, money, etc., blockchain will probably
be a part of it. If we want it to be secure anyway...

~~~
TearsInTheRain
Is anyone working on/does it make sense to have blockchain based voting for
elections?

~~~
bandrami
It's been looked at (my advisor in grad school was working on it) and it keeps
running up against the problem of scaling -- 100 million transactions (800
million if you want to scale up to India) on a single day is going to be hard
from a realization standpoint, even if it's theoretically doable.

There's also the interesting psychological side to it: while a blockchain
system is in a theoretical sense more transparent than anything else, from a
popular standpoint it's _incredibly_ opaque compared to a county registrar
counting two different stacks of paper ballots.

~~~
nathcd
We can just use cryptography and forego the blockchain for much more scalable
verifiable elections:

[https://en.wikipedia.org/wiki/End-to-
end_auditable_voting_sy...](https://en.wikipedia.org/wiki/End-to-
end_auditable_voting_systems)

[https://vote.heliosvoting.org/](https://vote.heliosvoting.org/)

------
mempko
We need something better than money. I don't know what that is, but I think
focusing on creating new forms of tokens won't enable any radical change.

~~~
nickff
If you want to get rid of money entirely, the first thing you have to do is
solve the 'Economic Calculation Problem'.[1]

[1]
[https://en.wikipedia.org/wiki/Economic_calculation_problem](https://en.wikipedia.org/wiki/Economic_calculation_problem)

------
jbb555
Bitcoin seems to be going through an issue at the moment where many
transactions are taking hours to complete due to a large backlog. This might
be transient but when I ask any questions about so what happens if volume
doubles, I just get attacked for asking such questions.

It seems bitcoin just doesn't scale very well.

So my question is does ZCash? How will it cope with current bitcoin volumes?
Or 10 times? Or 1000?

------
alexellisuk
If you want an automated build that you can run on any platform (not only
Linux/Ubuntu) then check out my Docker guide: [http://blog.alexellis.io/mine-
zcash-with-docker/](http://blog.alexellis.io/mine-zcash-with-docker/)

------
nercht12
I can't wait for the arrival iCoin.

------
RangerScience
Here's a question: I can see the value in an anonymized blockchain for use by
individuals...

...but, is there a reason that anonymity would be good for use in a blockchain
for use by businesses? Or, is it categorically better for a business-centric
blockchain to have the most identity possible?

~~~
akanter
They touch on that in the link. "“There are regulatory and commercial and
moral reasons for privacy from all sectors,” he says. To give a commercial
example: Apple wouldn’t want Samsung to be able to track its transactions and
gain valuable competitive intelligence."

I agree with this sentiment.

~~~
dorfsmay
On the other hand, how do you deal with the for the for proving who the
currency belongs to, for example in the case of death (and the person never
shared their passwords/keys)?

------
jbb555
This looks good to me. It looks like it is not just another bitcoin clone, it
has genuine, and well thought out improvements. I'll probably try it out
unlike all the others.

------
abrkn
Privacy coins is the new hot thing in altcoins. There's Monero, ZCoin, ZCash,
Dash, ...

~~~
Ar-Curunir
ZCoin uses an old, weaker research paper by Christina, Ian and Matt, ZeroCoin.
ZeroCoin offers weaker security guarantees than Zcash.

------
hasa
Takeover AD behind the link. Is this acceptable for a hacker news link ?

------
brighton36
An truly a scam as well. These investment pumps are so obnoxious

------
ebbv
As I said the last several dozen times ZCash hype articles got posted; what's
worse than currency controlled by a government AND currency controlled by an
unelected group of developers? Currency controlled by a for profit company.

------
ojiikun
This just sounds like a new clone of Dash (née darkcoin) but with pre-mine for
the founders and without the cool proposal / voting system. Why would anyone
buy into this?

~~~
Ar-Curunir
Except this work is the result of many years of both theoretical and
engineering advances in cryptography; if you can't take even the modicum of
effort to read up on the subject matter, maybe you shouldn't be spouting
bullshit?

------
kyrre
going to be hard to launch a pre-mined coin when there are thriving
alternatives such as monero.

good luck.

------
jamisteven
"truly anonymous".

------
hash-set
I have a hard time believing that the powers that be will allow it, then,
because of "Assassination Politics," avoidance of taxes, etc. We won't kill
Skynet without a war.

~~~
nickff
The 'Assassination Politics'/'Assassination Market' problem is an interesting
one, and may be one of the parade of horribles, along with extortion,
blackmail, identity theft, and others that will be brought against ideas like
ZCash. The problem is that a 'ZCash' alternative is almost inevitable, and the
best we can reasonably expect is to control the markets for these transactions
to reduce or prevent them (as is done with cash/physical currency).[1]

[1]
[https://en.wikipedia.org/wiki/Assassination_market](https://en.wikipedia.org/wiki/Assassination_market)

~~~
FrancoDiaz
I had never heard of "Assassination Market" before. Very dystopian/sci-fi.

------
jandrese
I'm failing to see how this is superior to the hundreds of altcoins already
available. What makes this better than Bitcoin, Dogecoin, or Kanyecoin? Why
should I choose it over the competition?

~~~
wmf
As it says in the title, it's more anonymous. So ZCash and Monero are
competing for the darknet payment market.

~~~
jandrese
But it can't really be truly anonymous, not if you want people to actually use
it. At the end of the day you need at least some assurance that you're sending
the money to the right person in exchange for their good or service. They also
need to be able to verify that they have been paid for their work and by whom.

~~~
schoen
Imagine that you went to a restaurant and the restaurant told you where to
send a payment. Then they could confirm that you had done so.

Now imagine that the restaurant didn't possess any information that it could
use to identify you as a result of the payment, and that no payment
intermediary possessed information that could be used to identify the parties
to the transaction, and that when the restaurant later spent the money, the
source of the funds couldn't be associated with your payment transaction
(perhaps even by you as the customer).

Those are some properties that we could wish for in an anonymous payment
system. It doesn't mean that the payee can't tell that a payment was made in
response to a particular request, though it might not know "by whom" in any
other sense.

~~~
warkdarrior
So there is no way for the restaurant to know who paid if multiple concurrent
payments happen? What if 5 different tables are done and ready to pay, but the
restaurant sees only four payments? Who do they go after?

~~~
schoen
The restaurant could give each table a different "address" to pay, and then
see which ones have received payments (which can already be done with Bitcoin,
despite the lack of some of the other anonymity properties).

