During a recent presentation at the Coinbase offices in San Francisco, Blockstream CTO and Bitcoin Core contributor Greg Maxwell shared his thoughts on Zcash, Monero, and a variety of other privacy-focused alternatives to bitcoin. While Maxwell had generally positive remarks to share about Zcash and Monero, the bitcoin developer wasn’t nearly as kind when discussing some of the other options on the cryptocurrency market such as Dash.
It should be noted that, when discussing these privacy-focused altcoins, Maxwell was referring to the technologies implemented in these alternative cryptocurrencies rather than the tokens themselves.
When first discussing Zcash, Maxwell pointed out that the altcoin uses very modern cryptography to do “some very cool stuff”.
“Effectively, Zcash directly hides the amount and the transaction metadata,” said Maxwell. “And it hides it completely.
According to the longtime Bitcoin Core contributor, the lack of publicly-available transaction amounts and metadata means an observer cannot figure out the linkage between shielded (private) transactions, although Zcash transactions are not private by default.
“It’s basically perfect from that perspective, but you always have to be careful when thinking about just a little perspective at a time,” added Maxwell.
Maxwell also pointed out that Zcash is not unconditionally sound and requires a trusted setup.
“A number of parties have to get together, and if they cheat, they can break the crypto and create unbounded, undetectable inflation,” explained Maxwell. “If there was a crypto break or the trusted setup were broken, [that’s] very bad news.
“They did a bunch of stuff in the Zcash altcoin with having a good ritual to increase trust in the trusted setup, but they have to redo this procedure to upgrade the crypto over time, so it’s a vulnerability.”
According to Maxwell, another issue with Zcash is the never ending growth of the list of spent coins, which must be stored by full nodes and has a negative effect on the system’s ability to scale. In addition to this scalability concern, Maxwell also pointed out that Zcash uses “new crypto on top of new crypto on top of new crypto,” which he clarified doesn’t mean that the system necessarily insecure, just that it’s new.
In Maxwell’s view, the real issue with Zcash is the time that it takes to sign a shielded transaction.
“The real killer right now for Zcash is that the signing speed is horribly slow – we’re talking like minute-scale operations to sign a private transaction,” said Maxwell. “And as a result, Zcash couldn’t plausibly make the private transactions mandatory, so they’re optional.”
Maxwell went on to claim that, due to the time it takes to sign a shielded transaction, very few transactions on the chain are private. Although the raw data shows roughly 24 percent of Zcash transactions are private, Maxwell claimed the real number is closer to 4 percent when you account for the fact that miners are forced to receive new coins via a private address.
“As a result, the anonymity set that this perfect anonymity system is achieving isn’t really all that good,” said Maxwell. “I think it’s a cool thing, and I’m really glad that people are trying it out, but it’s not the kind of proposal that I’d like to take to something like Bitcoin today.”
Monero is an altcoin that originally forked away from Bytecoin, which Maxwell referred to as the altcoin with “probably the scammiest launch” of anything he had ever seen. Having said that, Maxwell pointed out that Bytecoin also had “cool crypto” in it that hadn’t been used in a cryptocurrency up to that point.
Monero uses ring signatures, which Maxwell described as follows: “I am spending one of these four coins, but I won’t tell you which one, and I’ll show you this nonce so I can’t spend [it] twice.”
According to Maxwell, Monero originally had a problem in that the amounts used in transactions were not private. Recently, Monero adopted their version of Confidential Transactions, which blinds the amounts used in transactions, that works with ring signatures. Maxwell explained that this setup is similar to how a combination of CoinJoin and Confidential Transactions would work in Bitcoin.
“This system has the benefits of Confidential Transactions, but it also has the disadvantages of the ring signature [system],” Maxwell said of Monero.
According to Maxwell, Monero shares some issues found in Zcash. For one, Monero also has a forever growing list of spent coins, which has a negative effect on scalability. Additionally, Monero is not unconditionally sound today, but an upgrade could remove that issue.
In terms of a more direct contrast with Zcash, the crypto used in Monero has been around longer, meaning fewer assumptions are made about it.
Another advantage of Monero mentioned by Maxwell near the end of his talk was the fact that the system is private by default.
Other Privacy-Focused Altcoins
Although Maxwell didn’t spend too much time on altcoins other than Zcash and Monero, he did take the time to discuss Dash, which is sometimes brought up in these sorts of conversations. The Blockstream CTO didn’t mince words when it came to this particular alternative cryptocurrency.
“The other cryptographically-private altcoin people talk about a fair bit is Dash,” said Maxwell. “Dash isn’t cryptographically private at all. Actually, I had a slide in the deck that was like, ‘Dash. LOL,’ and nothing else. It’s snake oil, and I’m just sort of beside myself about it.”
Maxwell went on to explain that Dash basically has a CoinJoin implementation, which doesn’t require the creation of a new cryptocurrency (it’s already used in Bitcoin on an opt-in basis).
“They’ve done this insecurely many times in the past, I have no clue if the current version is secure or not,” Maxwell added. “It’s not really on the same level as something like Zcash or Monero. Maybe it’s better than doing nothing. I don’t know.”
Other than Dash, Maxwell also pointed to some “devastating failures” in other privacy-focused cryptocurrencies, such as Zcoin and Shadowcash. With Zcoin, there was a bug that allowed an attacker to create new Zcoin tokens out of thin air and sell them on an exchange before anyone noticed. In the case of Shadowcash, it turned out that the system actually offered no privacy improvements at all due to a bug.
Maxwell pointed out that Monero also had a severe issue with their original RingCT implementation, which made it through the peer-review process at the Ledger journal; however, according to Maxwell, this issue was discovered by someone at Blockstream and the Monero team themselves before it was implemented.
“It’s difficult to distinguish snake oil from real stuff and vet claims,” said Maxwell of privacy in cryptocurrencies more generally. “It’s a new area [with] not too many experts [and] lots of people who sound like experts.”
Image from Pixabay.