Monero vs. ZCash: Privacy Coins Compared
When it comes to privacy coins currently on the market, the two biggest contenders are ZCash (ZEC) and Monero (XMR).
Both of these cryptocurrencies have protocols that are at the cutting edge of blockchain technology. They have both proven themselves over an extended period of time and are relatively well known in the crypto ecosystem.
However, can they really be compared? And, if so, which coin affords you the most privacy?
In this post, I will try to compare the two blockchains and their supposed privacy benefits. I will also look into their mining protocols and the impact that could have on said security.
However, before we jump into a comparison, we have to take a look at the key technology driving each coin.
ZCash (ZEC) was released as a Fork of Bitcoin in 2016. Hence, it shares some commonality with Bitcoin in that it is also a Proof-of-Work coin and has the same total mineable supply of 21m coins.
However, that is where the similarities end.
ZCash was specifically forked by the main developer, Zooko Wilcox, in order to be a private alternative to Bitcoin. As such, there is some pretty advanced technology that has been included in the Zcash protocol in order to facilitate this.
ZCash Privacy Protocol
One of the most important privacy features on ZCash has to be it’s use of zero-knowledge proofs and its implementation in their zk-SNARKs.
A full explanation of these are is beyond the scope of this text. Yet, the basic principle of a zero-knowledge proof is being able to prove something is true without conveying anything other than it being true.
This can be particularly useful for occasions when you want to prove that you know a password or have access to a cryptocurrency’s private key without actually sending them.
Through the use of zk-SNARKs, ZCash allows the user to hide their transaction from the rest of the network. These are called “shielded” transactions and they use addresses that begin with a “z” (z-addrs). These shielded transactions are not mandatory and users must elect to use them.
Users will ordinarily make use of their t-addrs which is the unshielded and transparent transaction. These are no different from normal Bitcoin transactions in that they are broadcast to the network and are fully public.
Below is a helpful image that takes a look at the dynamics of shielded and unshielded transactions.
As you can see, only when users send funds from one z-addr to another are the transactions completely private.
The “Trusted” Setup
Another unique quirk of ZCash was its reliance on what they call the “trusted setup”.
Essentially, this was a public ceremony that the ZCash creators embarked on to rid the future network of potentially deadly “toxic waste”.
In this case, the toxic waste is meant figuratively to refer to the unique private “master” key that could be used to create counterfeit ZEC. This private key was a by-product to the initial creation of the zero-knowledge protocol.
This was no doubt a concern for all users in the ecosystem.
Hence, the developers created the elaborate ceremony where a group of participants would intricately destroy the unique private key pieces (called shards) to ensure that they would never combine and create the dreaded toxic waste.
The Founder’s Fund
The founder’s fund was one of the more controversial aspects of the ZCash ecosystem.
This was hardcoded into the ZCash protocol such that the founders would get 10% of the total mineable coins (2.1m ZEC) which would be distributed incrementally over the first 4 years of the project. Many people considered this as a “tax on mining” and at current rates, it is 20% of all block rewards.
It is also by no means insignificant. At today’s rates, the founder’s fund will receive about 1,425 ZEC per day which in today’s dollars is about $179,000 per day. While some see this as an example of “skin in the game”, others think it is enrichment off of the miners.
To be fair to the ZCash developers, not all of the money is heading to the founders as about 2.5% of the rewards will head into R&D and reserves.
Monero is also a fork of another cryptocurrency called Bytecoin. It forked in April of 2014 and is based on the CryptoNote protocol.
Monero is like ZCash in that it uses a proof-of-work protocol but uses a different hashing algorithm called CryptoNight which is slightly more ASIC resistant than ZCash’s equihash.
However, the real innovations of Monero are when it comes to their privacy enhancing features.
Monero relies on some pretty advanced cryptographic technology in order to hide a user’s transactions. These include the following concepts:
- Stealth Addresses: These are used in order to hide the receiver’s address from the blockchain. They are one-time addresses that are created by the sender and are based on the address given to them by the receiver. Only these two parties will know where the Monero was sent.
- Ring Signatures: While Stealth addresses help the receiver, we still need to hide the sender’s address. This is done through the use of Ring signatures which mask the address of the person who is sending the funds. It makes use of the signatures of multiple parties to sign the transaction. This “mixin” creates a certain level of plausible deniability for the sender.
- Ring Confidential Transactions: Ring CT is a relatively new update to the Monero protocol that was implemented in 2017. This used cryptographic functions in order to hide the amount that has been sent thereby making the transaction completely anonymous
Technical explanations of how this technology functions are quite involved and we won’t cover it here. However, the most important thing to note is that Monero requires all transactions to be private transactions and the only choice that the user has in it is the amount of “Mixins” to use in the transaction.
Anti ASIC Stance
ASICs have the cryptocurrency community divided.
Some see them as an great way to give hashing power to a chain and mine coins in a more energy efficient way. Other’s view them as a toxic tool that helps to centralise a network, drive out GPU miners and hence make the chain less trustworthy.
The Monero community is in the latter camp. The developers and ecosystem is well known for their aversion to ASIC mining chips. Hence, not only have they used a hashing algorithm which was quite ASIC resistant but they also hard forked the Monero code in April in order to ward off the risk posed by the Bitmain Antminer X3.
Just a reminder that this WILL NOT work on Monero https://t.co/rhy6k2I4Yh
— Riccardo Spagni (@fluffypony) March 15, 2018
What this shows is that the Monero community is actively working against the threat of these ASICs and is happier to fork their code in the face of any threats from ASICs. This is also a deterrent against any other ASIC manufacturers who want to follow suit.
There are two more really important updates that are being made on the Monero protocol that are set to make the network that much more secure and private. These are the launch of the Kovri I2P Protocol and Bullet proofs.
Kovri will allow Monero to route transactions through the I2P network whereas bullet proofs will make the Monero transactions more efficient and hence cheaper to initiate. If you wanted more information I recently completed a more in-depth piece on Kovri and Bulletproofs.
Monero or ZCash?
What the above overview shows is that both of these cryptocurrnecies use pretty advanced technology. They both have been around for some time, have demonstrated their use cases and have their own selection of backers.
However, what should be your premier privacy coin of choice?
Let’s take a deeper look at the technology and potential concerns that some may have.
Both the Monero ring signature / stealth address technology as well as the zk-SNARKs on ZCash work as intended. They are able to hide transaction data and make them completely private. However, they are implemented in a different way.
Whereas the Monero transactions are all private by default, ZCash only has them as mandatory. This means that most people (out of laziness or indifference) will not use their z-addres. In fact, currently only about 13% of all ZCash transactions use their shielded addresses. The figure is even less when you look at the volume percentage.
This means that those users who make use of their shielded addresses could immediately raise suspicion of “having something to hide” even if they do not. Therefore, the actions of the users that do not make their addresses shielded is decreasing the privacy of those who do.
Monero on the other hand, decided that this negative externality was not conducive to a cohesive ecosystem. They decided to make all of their transactions private. This means that all transactions on the Monero network look identical and the ecosystem is generally stronger for it.
While there have been concerns about the risk of Monero forks and the impact that they have on the ring signature technology, these are more “edge cases” and unlikely to threaten the network.
Moreover, in the recent Monero hardfork they increased the minimum Mixin level to 6 from the previous minimum of 4. These additional layers of plausible deniability help obscure things that much more.
Centralisation is something that would concern any distributed system let alone one that was focused on privacy.
In the case of Monero vs. ZCash decentralisation, it appears as if Monero is actively fighting against any sort of centralisation. We have seen this with their actions in hard-forking the code recently in order to ward off the risk of the CryptoNight ASICs.
The developers have made it known that they would always take the Anti-ASIC route. Without the ASICs, it means that average users can still contribute hashing power to the network from their home GPU rigs. This takes the power out of the hands of a few large mining farms and places it back into the hands of the community.
Not so much can be said about the ZCash miners. The recent introduction of the Equihash Antminer Z9 had many of the miners in the community angry about the lack of action from the developers and founders.
— mine Zcash ᙇ♥️ (@mineZcash) April 3, 2018
Then there is the question about the founders and that Founder’s fund.
This has been a contentious issue for the community and the notion that a group of individuals will control 10% of all mined ZEC is quite unsettling.
While some may argue that this aligns their incentives, it only does so until they have received all of their rewards. What happens if after the 4 years they have their 10% and decide to sell out and take a step back from the project? There is no “vesting” as there is with shares. Once they have the ZEC they can easily sell them and walk away from the project.
While the trusted setup and the elaborate ceremony were done in order to maximise trust in the ZCash protocol, there are many security hawks who still have a problem with it.
This is because it is based on the community believing with 100% certainty that the master private key is completely destroyed and can never be reconstructed.
This is incredibly hard to do as no one can actually “verify” this is the case. Sure, you have videos, pictures and testimony from the ceremony but you can still not say, without a shadow of doubt, that a private key copy does not exist somewhere. Indeed, one of the most important maxims of crypto is:
“Don’t trust, verify”
While it is more than likely that the ZCash developers were able to effectively destroy the private key shards, this is not something that you can independently verify. I would not really be comfortable putting large amounts of funds into a cryptocurrency asset that lacks independent verification properties.
Monero Has the Edge
While I do not doubt that ZCash is an advanced cryptocurrency with strong privacy protocols, the points above make it clear for me that Monero is still the premier privacy coin.
The community driving the Monero development are some of the most security conscious and privacy centric programmers in the cryptocurrency community. They are mostly driven by ideology and not so much by monetary gain.
Moreover, Monero has proven itself.
For example, when the FBI brought down the founder of the Alphabay darknet market, they were able to identify how much cryptocurrency he had. There was only one coin that they were not able to obtain more information on.
While this may be an isolated case, it adds weight behind the case for Monero.
As more and more people become aware of the need for a privacy on the blockchain, they will make the transition away from fully transparent blockchains.
While there are a number of competing privacy coins occupying the space, Monero and ZCash are still viewed as the cream of the crop. Both have proven themselves to be effective and scalable and are both being adopted at record pace.
However, based on the information above, I would be more likely to trust the privacy and security of Monero than I would of ZCash.
Featured Image via Fotolia