Zcash – Frequently Asked Questions
Frequently Asked Questions
For troubleshooting, please see our Github wiki.
How can I acquire Zcash (ZEC)?
You can buy ZEC from participating online exchanges/markets with another cryptocurrency or fiat currency (depending on which exchange you use). We put together a list of exchanges supporting Zcash trades at launch here but these are just a few of the very first exchanges and wallets that supported Zcash at launch. There have been many more that have come into existence. We encourage the community to host their own lists and repositories of successful providers such as in this Zcash community blog. You might also have luck finding someone to buy Zcash from in-person or suggesting services/products to be paid for in Zcash. And of course, you are very encouraged to run a Zcash mining knot to earn tokens for taking part in securing the decentralized network!
You can get more info on installing a knot and sending ZEC in our 1.0 Guide.
How do I install a Zcash wallet?
There are already a diversity of third-party options for storing and sending ZEC, in addition to the officially supported core client, zcashd. Many of these third-party wallets have limitations in their support for Zcash; in particular including shielded addresses in a transaction requires a large amount of computer memory and most wallets (both hardware and web-based) have yet to integrate this feature.
You can browse a list we put together of third-party support at launch here. As mentioned in the above question, these are a few of the very first exchanges and wallets that supported Zcash at launch. There have been many more that have come into existence. We encourage the community to host their own lists and repositories of successful providers such as in this Zcash community blog.
What is the difference inbetween addresses that commence with “t” and addresses that embark with “z”?
Zcash is built upon and extends the Bitcoin protocol. Addresses which embark with “t” behave exactly like Bitcoin, including their globally public properties and we refer to these as “translucent addresses”. Addresses which begin with “z” include the privacy enhancements provided by zero-knowledge proofs (see FAQ: what is a zero-knowledge proof?) and we refer to these as “shielded addresses”. It is possible to send ZEC inbetween these two address types.
Does Zcash have multi-signature transactions?
Yes, but not with privacy. Zcash supports all of the same kinds of transactions that Bitcoin supports, such as multi-signature transactions, but all of those don’t have any added privacy — they have the same privacy properties as in Bitcoin, i.e. global transparency. You can see the difference inbetween single-signature and multi-signature translucent addresses with their kicking off characters: “t1” and “t3” respectively.
Note that it’s possible to sandwich any transaction using semitransparent addresses — e.g. a multi-signature transaction — inbetween private Zcash spends. For example, do a private Zcash spend to yourself, then do a globally translucent transaction (which could be a multi-signature transaction), and then the fresh holder of the funds (possibly you or possibly someone else) does another private Zcash spend to themselves.
Some privacy benefits may be preserved from that technology. We would caution against assuming this gives blanket privacy in general for any use, tho’, so this is an area for future examine.
What is the difference inbetween Zcash and Bitcoin?
Zcash is a fork of the bitcoin protocol, the very first and most widely used blockchain cryptocurrency. This means it maintains its own blockchain and currency token. Zcash builds on the existing work from the Bitcoin core team to enable privacy preserving transaction data using zero-knowledge proofs (see FAQ: what is a zero-knowledge proof?). It also includes some non-privacy switches to bitcoin, including its proof of work algorithm (see FAQ: “What are you switching from Bitcoin’s Design? What parts of the Bitcoin network remain?” for more detail on technical differences).
Zcash Client (zcashd)
How should I run Zcash?
To join the network, the 1.0 Guide is the best place to embark. Keep updated with the information we post on our blog to know the current phase and stay updated on zcashd, the core Zcash client.
Is there a version for Windows, Mac, Android, or iOS?
The Zcash company has official support for only Linux. While we have no intentions to officially support other operating systems, a third-party has already ported the client for MacOS and you can keep an eye on our community forum for future third-party Windows and mobile support. Since we do not have the resources to review software we do not build ourselves, we encourage users to do due diligence on the legitimacy and safety of software built by third-parties before downloading and installing.
How do I mine ZEC?
Check out the 1.0 Guide for instructions to install and run a knot on the Zcash network. Our mining guide can assist in setting up your knot to mine.
What is the mission of Zcash?
Our mission is to create an open financial technology platform that everyone in the world can use.
We believe that individual privacy is necessary for core human values like dignity, intimity, and ethics. Companies need privacy in order to conduct their business; and we believe that privacy strengthens social ties and social institutions, protects societies against their enemies, and helps societies to be more peaceful and more prosperous. Eventually, in an open and programmable financial system, privacy is the only way to ensure fungibility.
We are a science-driven team. We are the discoverers of the underlying scientific technologies and the designers of the protocol; we are not the controllers or the power-holders. We believe in the value of decentralization, which promotes security and fairness. Every user of Zcash is a part of the network, and helps protect it against failure and corruption. We created Zcash, but its ultimate fate lies not in our arms, but in yours.
When did Zcash launch?
The Zcash block chain launched on October 28, 2016, bringing into existence the very first Zcash monetary units. This software release and the initial phase of the block chain is called ‘Sprout’ to emphasize that it is a youthful, budding block chain with good potential to grow.
Please read our launch blog post for more details.
Who are your investors? How is Zcash funded?
A utter list of Zcash investors can be found on our team page.
Zcash has raised capital in a non-traditional way; there have not been the same clearly delineated “Series A” or “Seed” round nominations like other similar technology companies. The very first public investors included: Pantera Capital, Digital Currency Group, Fenbushi Capital, London Trust Media, Evolve VC, Naval Ravikant, Niraj Mehta, David Dacus, Roger Ver, Alan Fairless, Ben Davenport, Brian Cartmell, James Nicholas, Jonathan Perlow, Charlie Songhurst, Adam Ludwin, Devon Gundry, Ryan Smith, and Rop Gonggrijp.
In the summer of two thousand sixteen there was a private raise that included the following fresh and already established funders: Aaron Grieshaber, Branson Bollinger, Maple Ventures (Amir Chetrit and Steven Nerayoff), Brian Cartmell, Vlad Zamfir, Roger Ver, Digital Currency Group, Barry Silbert, Charles Songhurst, Fenbushi, Shapeshift, Erik Voorhees, David Lee Kuo Chuen, Fred Ehrsam, Sebastian Serrano, and Li Xiaolai.
There will not be a crowdfunding round.
Who is the Zcash team?
Our team includes the scientists who invented the Zerocash protocol, engineers and communicators with a specialized track record in open privacy technology, advisors who are leaders in the Bitcoin, Ethereum, and academic communities, and well-regarded investors. See our team page for details.
What is the Zcash Foundation?
The Zcash Foundation is a non-profit entity for maintaining and improving the Zcash protocol in the interests of all users, present and future. It will receive 1.44% of the monetary base (over four years) to support this work, thanks to pledges from some of the stakeholders to donate part of their share of the Founders’ Prize.
Read our announcement of the Zcash Foundation on our blog.
If the Zcash cryptocurrency provides transactional privacy, won’t bad people use it?
Yes, but bad guys will use anything. Bad guys use cars, bad guys use the Internet, bad guys use cash, bad guys use the current banking system. Our purpose is not to invent something that bad guys can’t use, it is to invent something that can empower and uplift the billions of good people on this planet.
For more context about our values, see the Hello World blog post.
What is Zcash’s treatment to governance?
Our fundamental philosophy is consensuality. Presently the Zcash Company (CEO: Zooko Wilcox) is effectively leading development of the science, the protocol, and the reference client, as well as public communications and many other significant tasks. In the long run the freshly formed Zcash Foundation is expected to take over some of these roles, especially education, consumer protection, and the advancement of science. For now they say that they intend to keep letting the Zcash Company do its thing.
What are the economics of Zcash? Is there going to be a motionless monetary base?
Zcash’s monetary base is the same as Bitcoin’s — twenty one million Zcash currency units (ZEC, or ⓩ) and is mined over time. It is a scarce token just like Bitcoin which can be transferred globally and exchanged to/from other cryptocurrencies or fiat currencies via online exchanges, in-person transactions, etc.
10% of the mining prize will be distributed to the stakeholders in the Zcash Company — founders, investors, employees, and advisors. We call this the “Founders’ Reward”.
For more information about distribution, see the Funding, Incentives, and Governance blog post.
Since the value sent inbetween shielded addresses is private, how can we determine the number ZEC in circulation?
Presently, we know that every miner validates every transaction, and each transaction comes with a zero-knowledge proof that it doesn’t crack conservation-of-money (i.e. a proof that the money coming out of the transaction is ≤ the money going into the transaction).
This reasoning depends on the soundness of the zero-knowledge proofs. If someone could get the miners to accept a transaction that created fresh money — if you could somehow forge a zero-knowledge proof or defeat the zero-knowledge-proof-verifier software in the miners — then you could counterfeit money.
We are investigating options for the future which would enable accounting for all ZEC in existence. Stay tuned to our blog for any proposals on this matter.
What is the Founders’ Prize?
10% of the eventual monetary base goes to the founders. The Founders’ Prize is distributed incrementally over the very first four years of mining, so that there is continued incentive and continued resources for the founders to improve the value of the coin. Unlike a pre-mine or an Initial Coin Suggesting, this structure offers little or no chance for the founders to pump-and-dump.
After four years, the Founders’ Prize finishes and all of the mining prizes after that go to the miners.
Who will receive the Founders’ Prize?
The investors who funded the creation of Zcash will collectively receive 1.65% of the ultimate Zcash monetary base. The founders, employees, and advisors will collectively get Five.72%.
The two fattest single beneficiaries of the Founders’ Prize are the “Zcash Company strategic reserve” receiving 1.19% and the non-profit Zcash Foundation receiving 1.44%. The strategic reserve fund will go towards fresh projects to increase the value of the Zcash Company and the Foundation fund will benefit the maintenance and evolution of the Zcash protocol in the interests of all users, present and future.
Is the Founders’ Prize a pre-mine?
I (Zooko) don’t call it that because it’s not “pre”. (And it’s not mining.) Also, unlike a typical “pre-mine”, the Zcash Founders’ Prize is semi-transparent and it aligns the incentives of the creators and the users of the system.
What markets are supporting Zcash?
There are many exchanges presently supporting ZEC. See this community maintained page of exchanges. Be sure to check back regularly for freshly added exchanges.
Why did the price of Zcash fall so much after it was launched? Was it because the founders/investors were selling their coins?
Nobody knows why buyers and sellers choose the prices they do. One fact to bear in mind is that the supply of Zcash instantly after launch was limited as described here. For example, on October twenty nine (one day after the blockchain was created) there were four hundred fifty coins and on October thirty one there were 1950. One thing that we can be sure of is that it had nothing to do with the Founders’ Prize. The Founders’ Prize coins are distributed incrementally over the very first four years of the blockchain, and none of them were moved until December 21, as we wrote about here and as you can see on the blockchain here.
Are there online Zcash communities?
There are! Particularly our offical community forum and the community-run developer talk.
Are there any local Zcash communities? How do I find local Zcash enthusiasts and traders?
You might find some Zcash enthusiasts and traders at local cryptocurrency meetups. Get in touch if you’re thinking about or interested in kicking off a Zcash meetup in your community, we’d love to hear from you! [email protected]
Simply put, what is a zero-knowledge proof? How does Zcash integrate it?
Zero skill proofs are a scientific breakthrough in the field of cryptography: they permit you to prove skill of some facts about hidden information without exposing that information. The property of permitting both verifiability and privacy of data makes for a strong use case in all kinds of transactions, and we’re integrating this concept into a block chain for encrypting the sender address, the recipient address, and the amount. A block chain that encrypts transaction data (making it private) and lacks zero-knowledge proofs also lacks the assurance that all the transactions are valid. This is because the knots in the network can’t determine whether the sender truly had that money or whether they previously sent it to someone else, or never had it in the very first place. The encrypted data becomes unverifiable by network knots.
In Zcash, we use a particular type of zero-knowledge proof called zk-SNARKs (or “zero-knowledge succinct non-interactive arguments of knowledge”). Within a Zcash transaction, there may exist a string of data that the sender of a transaction provides –the “zero-knowledge proof”– along with the encrypted transaction data which proves properties of the encrypted data cryptographically, including that the sender couldn’t have generated that string unless they had ownership over the spending key and unless the input and output values are equal. The proof also assures creation of a unique nullifier which is used to mark tokens as spent, when they are, in fact spent. This permits for verification that the transaction is valid, while preserving privacy of the transaction details.
What is the difference inbetween Zerocoin, Zerocash, Zcash and ZEC?
Zerocoin is a cryptographic currency protocol invented by Ian Miers, Christina Garman, Matthew Green, and Aviel D. Rubin in 2013. Zerocash is an improved cryptographic currency protocol invented by Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza in 2014. Zcash is an implementation of the Zerocash protocol, with certain improvements as described in our protocol specification (all of the scientists who designed the Zerocash protocol are members of the Zcash team). We have adopted ZEC as the informal three letter currency code for the Zcash currency, and ⓩ as its currency symbol.
Does Zcash suggest accomplish anonymity for transactions?
Zcash enhances privacy for users by encrypting sender, amount and recipient data within single-signature transactions published to its public block chain ledger.
Zcash does not: encrypt data for multisignature, protect against correlations made with public transactions (for example, when Zcash is traded to/from another cryptocurrency) or obfuscate IP addresses. It is possible to use it in conjunction with an anonymizing network such as Tor, in order to obtain protection against network eavesdropping which is complementary to transaction privacy.
It should be noted that while Zcash facilitates anonymization for its users amongst a broad pool of individuals, we align more with the term “privacy” to describe what Zcash technology aims to provide. While related in scope, the terms have subtle differences. Anonymity relates to removing individual identifiers linked to potentially public data such as sending an anonymous peak to law enforcement or wearing a mask during a protest. Privacy considers the data itself in need of protection such as a discussion during a private meeting and more relevant, the encryption of information – whether for keeping personally or sharing with a select number of others. Anonymity methods can enhance privacy goals, such as defending against targeted attacks on private data, and vice versa if the protected data relates to personally identifiable information. The encryption of data in private Zcash transactions aligns with the latter as it is foremost a implement for financial privacy with the added benefit of enlargened anonymity.
Will Zcash contain a backdoor?
Neither Zcash nor any other cryptographic algorithms or software we’ve made contains a backdoor, and they never will.
Is Zcash peer reviewed?
Yes. Zcash is based on the peer-reviewed Zerocash protocol, which was published in the IEEE Security & Privacy conference in 2014. The Zerocash paper provides a detailed technical overview of the specification. Our switches to the protocol are not (yet) peer-reviewed, but they are described and justified comprehensively in our protocol specification. Those switches are also in the process of being subjected to several independent security audits.
Is Zcash built on the Bitcoin block chain?
No. Zcash is its own separate block chain.
Have you considered sidechains, Ethereum, or embedding into the Bitcoin protocol?
Yes, we’ve explored all of those ideas in varying degrees. What we’re doing right now is the simplest thing that can make Zcash a real, live, permanent medium of exchange and store of value, and that is to create a separate block chain.
What’s the point of Zcash if Ethereum is going to have SNARKs?
It’s hard to say in advance how the privacy features of Zcash will compare to the analogous future planned features for Ethereum. Given that the Zcash blockchain and team are focused primarily on privacy, there’s an advantage to this specialization in terms of efficiency, security, and usability.
While we cannot provide advice for investors determining where to place bets, the Zcash blockchain does provide users with a means for private, decentralized payments right now. Further, the Zcash team will be working to ensure that any such improvements to Ethereum benefit Zcash users and vice versa.
When asked this question, Vitalik Buterin of Ethereum points out that Zcash can more lightly make development tradeoffs to optimize use of zk-SNARKs.
What are you switching from Bitcoin’s Design? What parts of the Bitcoin network remain?
We’re following a general principle of “conservative innovation”. Aside from the Zerocash privacy protocol (itself already a massive technological achievement), we wish to avoid making switches from Bitcoin’s design without a strong rationale.
We’ve determined to make a number of relatively conservative switches to Bitcoin’s consensus rules:
- We’ve adopted a “smooth” difficulty adjustment algorithm, based on DigiShield v3.
- We’ve adopted a memory-hard proof of work, Equihash, which involves adding a memory-hard problem to be solved in valid blocks.
- We’ve switched the block interval target from ten minutes to Two.Five minutes, and modified other constants in order to preserve the monetary base of harshly twenty one million coins and halving interval of four years.
- We’ve enhanced the block size limit to 2MB.
- We require coinbase transactions to contain an output to our Founders’ Prize P2SH address during the very first four years before the very first halving.
- We require transactions spending coinbase outputs to contain no “transparent” outputs (vout should be empty).
- We’ve liquidated activation rules for softforks in Bitcoin and made them enabled by default.
Zcash embeds a confidential value transfer scheme alongside the traditional Bitcoin infrastructure; for most purposes, it simply adds extra behavior to the existing primitives.
For further detail, see the ‘Consensus Switches from Bitcoin’ section of our protocol specification.
How does Zcash compare to other cryptocurrencies with anonymizing properties?
As mentioned in the FAQ Does Zcash suggest accomplish anonymity for transactions?, the encryption of data in shielded Zcash transactions aligns more with the term “privacy” as it is foremost a implement for financial privacy with the added benefit of enlargened anonymity.
That said, in situations where anonymity can defend against targeted attacks on private data, you’re better off being one of two million people who could have made a payment for a private medical procedure in San Francisco versus being one of three people, two of which live on the other side of the world. The size of this set matters, and the mixing strategies that other cryptocurrencies use for anonymity provide a rather puny one in comparison to Zcash. This is not to say these other methods are worthless, there are tradeoffs inbetween the two, but Zcash has a distinct advantage in terms of transaction privacy and as a result, anonymity.
If you want to avoid companies building profiles of people (especially those who pay for individual services such as psychiatry, drug rehabilitation, etc.) based on public blockchain data, using Zcash can help. Shielded addresses are indistinguishable from all other shielded addresses in the system.
For more information on these concepts, see A Shielded Ecosystem blog post.
What are SNARK public parameters? How did the Zcash Ceremony generate the SNARK parameters securely?
A set of public parameters are required for generating the proofs required to validated private transactions. The process of generating these public parameters (commonly referred to as “paramgen”) also produces a by-product (which we have nicknamed the “toxic waste”) that could be used to subvert the block chain by creating fake coins that are indistinguishable from real ones (the relationship inbetween the public parameters and this toxic waste is similar to that inbetween a public key and a private key). It is therefore significant that this toxic waste be securely demolished.
We designed a process whereby the job of generating the public parameters was split inbetween a number of people, each of whom generated a lump of the parameters during what we refer to as the Zcash Ceremony. These chunks were then brought together and combined to create the public parameters. As long as one of the people involved in generating the parameters ruined their portion of the “toxic waste”, there is no way to subvert the parameters.
For technical details on these parameters and documentation of the Ceremony including participants’ destruction of “toxic waste” shards, see our Parameter Generation explainer page.
If the Zcash Ceremony was compromised, could the attacker compromise user privacy?
No, even if an attacker fully compromised the Zcash Ceremony, this would not give them the capability to penetrate the privacy of Zcash shielded addresses. Shielded addresses are protected solely by mathematics (modern encryption) and do not rely on anything else for their privacy. (On the other palm, such an attacker could counterfeit Zcash. See the FAQ entry “What are SNARK public parameters?” about that.)
What functionality do shielded addresses have? What are the limitations?
Shielded addresses (addresses that embark with a “z”) are the component of Zcash which suggest privacy by encrypting sender, receiver, balance and a memo field. The introduction of our encryption scheme introduced some limitations on usability which those familiar with other cryptocurrencies may notice. One limitation in the current version the Zcash client includes a limitation on spending inputs: for any transaction involving one or more shielded address, there can be only one input (however, outputs are not restricted). Additionally, shielded addresses have higher resource requirements (RAM) and no multi-signature support. Overtime, we intend to improve on these limitations and will explain any upgrades in our release announcement updates.
Note that coinbase transactions which pay out block prizes and transaction fees to miners require translucent addresses for accounting purposes and we do not intend to switch this in the future. These coinbase transactions to miners do, however, include an extra requirement that their subsequent spend goes to a shielded address.
Are only a petite fraction of Zcash users using shielded addresses? Does anyone use Zcash’s privacy features?
Since some third-party wallets only support semi-transparent addresses, we’re eyeing an effect on the number of shielded addresses in use. While the ratio has been steadily improving since launch, we expect the number to increase even quicker over the future as we proceed to improve usability of shielded addresses.
Here is a table showcasing the number of shielded and unshielded transactions per hour/day/week/month. And here are historical stats about shielded and unshielded transactions in the most latest one hundred blocks over the life of the blockchain so far (about six months).
Note that a big part of the shielded addresses used are due to the concensus rule requirement of coinbases to be shielded when very first spent. This was in order to provide a assured privacy-set. If you make a shielded Zcash transaction today there is actually a very large privacy-set of possible previous transactions which could be inputs to your transaction.
In the long run we intend to improve the functionality of Zcash shielded addresses and to deprecate Zcash semi-transparent addresses, so that all transactions are shielded and so that the user practice is simpler.
Could quantum computers break Zcash?
Large quantum computers, if and when built, would be capable of violating an encryption scheme used by Zcash. Consequentially, an attacker with access to such a computer could identify the amount and encrypted memo (but not the origin) of transactions sent to shielded addresses that the attacker knows. Note that shielded addresses don’t emerge on the blockchain, and those collective privately would not be vulnerable. In addition, large quantum computers would be able to loser zk-SNARK verification, and thus counterfeit ZEC.
Both of these attacks would require quantum computers with thousands of qubits (capable of solving discrete-logarithm problem), which are at least decades away from today’s state of the art by most experts’ estimates.
Scientists at the Zcash company, and academia, are actively researching postquantum-secure alternatives to the affected cryptographic components (see issue #805). We plan to monitor developments in postquantum-secure components, and if/when they are mature and practical, update the Zcash protocol to use them.
How will Zcash be created?
Like Bitcoin, Zcash is a mined cryptocurrency, which means that fresh ZEC will be created each time a block is added to the Zcash block chain. Fresh blocks will be created toughly every one hundred fifty seconds (Two.Five minutes). The monetary supply curve will mirror Bitcoin’s, except that, because Zcash’s blocks will be mined four times as frequently as Bitcoin’s, the number of ZEC created per Zcash block will be a quarter the number of BTC created per Bitcoin block. The very first weeks after Zcash launch will be in a “slow-start” mining period.
Is Zcash proof-of-work? What mining algorithm do you use? Is it ASIC resistant?
Yes, since launch, Zcash has been based on proof-of-work. Maybe the community will choose to switch it to proof-of-stake or something someday. We cannot predict what the community or communities will ultimately determine about such things but are very much open to improvement and evolution.
We are presently using Equihash as the proof-of-work for block mining in Zcash. Equihash is a proof-of-work algorithm devised by Alex Biryukov and Dmitry Khovratovich. It is based on a computer science and cryptography concept called the Generalized Bday Problem. Please read the Why Equihash blog post for more details.
The algorithm is presently not economically implementable in ASIC. We’re still evaluating whether we think it will stand against custom-made hardware (“ASIC”) implementation long-term.
What will the average block time be?
Two.Five minutes (150 seconds)
How many ZEC will be made per block?
After the slow-start period, 12.Five ZEC will be mined per block. Each four year period (or 840,000 mined blocks), the ZEC creation amount will halve (from 12.Five to 6.25 to Three.125 to 1.5625 and so on).
See the question What is slow-start mining? for details on the slow-start period.
What is the maximum block size?
What is the difference inbetween Solutions and Hashes?
Sol/s measures the rate at which Equihash solutions are found. Each one of those solutions is tested against the current target (after adding to the block header and hashing), in the same way that in Bitcoin each nonce variation is tested against the target. That is what we mean by Sol/s === H/s – they are measuring the same thing, and it is the same metric that everyone already uses for other PoW algorithms.
Put another way, measuring Sol/s in Zcash is exactly the same as measuring TH/s in Bitcoin (overlooking the “T” scaling factor, which is merely a product of the relative speeds of the PoWs and the relative numbers of miners).
What is slow-start mining?
In order to minimize the influence of any unforeseen problems during the launch of Zcash, the amount of ZEC each time a block was mined embarked at zero and step by step ramped up to 12.Five ZEC after thirty four days. The slow-start period ended on December 1st, 2016.
Where should I ask a question that is not answered on this page?
The best place to ask questions is our community forum. We’ll add more common questions to this document as we become aware of them.