26 comments

[ 2.6 ms ] story [ 66.1 ms ] thread
So, how long does a transaction take to verify? Hopefully that's much faster than generating the transaction...
(comment deleted)
Well generating the transactions only takes a few seconds with the Zcoin cryptocurrency: It's a different coin called Zcoin which uses a different zero knowledge protocol and is a lot faster and more secure than Zcash: http://blog.zcoin.tech/zcoin-and-zcash/
Generating the transaction does seem to be very resource intensive!

"On a quad-core benchmark server, generating a private transaction consumes ~3.2 GB of memory and ~50 seconds of compute time. On a 32-core Amazon EC2 server, compute time is around ~30 seconds."

*These figures have changed during development.

That's for creating a transaction. Validating / verifying a transaction takes milliseconds, which is important for the consensus algorithms to work properly.
Transaction verification is identical to Bitcoin, modulo joinsplit verification (which is benchmarked at ~0.035 seconds on a Intel quad-core Xeon E3-1225 v2 3.2GHz).
Generating a private transaction with CredaCash takes 2-3 seconds and 200 KB memory, by design. See comparison at CredaCash.com/compare
I think this will improve with time but I also don't think it matters much. the benefit of the currency is worth the associated time costs.
i kept waiting for him to explain how people could die.
How is Zcash different from Monero and Shadow?
Shadow has too many red flags (PoS etc.) so I focus on Zcash vs Monero.

The disadvantages of Zcash is the trusted setup toxicity which requires trust on people even though they put the name on the line. Another problem is that if a vulnerability is discovered that creates new coins we will never be able to know that it happened and that's by design.

Monero on the other hand doesn't have its full anonym power until RingCT is running on live, which should be Jan 2017. Also Monero is more expensive storage-wise per transaction.

Imo, Monero is the golden mean (so far) for an anonym coin. Zcash even though it has a tremendous academic and cryptographic value with zk-SNARKs, it's too risky when it comes to sacrificing the integrity of the coin supply.

For a better more in-detail comparison check: https://monero.stackexchange.com/questions/83/how-does-moner...

Good link!

In summary,

Zcash ships with a magic number, essentially a public key whose corresponding private key is able to counterfeit ZEC.

In order to mitigate the risk developers shard the keypair generation, such that only one participant needs to destroy their private shard to guarantee destruction of the private key.

More details: https://z.cash/blog/snark-parameters.html

In monero each transaction gets obfuscated with a group of other nodes so that it is very hard to tell which node in that group the transaction came from.

In ZCash it is impossible to tell anything about any transaction- it could have come from any address on the network, and be for any amount.

A ZCash blockchain setup involves a sharded private key that is meant to be deleted. If every single one of the shards is kept by the group of people setting it up, they could mint new coins without anyone knowing. If the set of people setting up the blockchain is large enough it seems unlikely that not a single one would be honest, and that they would all collude later to mint coins without word getting out. However, this attribute has been a source of FUD, especially since many people have now invested in Monero.

Zcash has a marketing budget, hype machine with a 2 year long runway while Monero and Shadow don't.
It seems like a different coin called Zcoin which uses a different zero knowledge protocol could be a lot faster and more secure than Zcash: http://blog.zcoin.tech/zcoin-and-zcash/
No, Zerocoin is an older protocol built by some of the same authors as Zerocash; Zerocash is better in almost every way (better privacy, better performance, etc.)
That can be a problem for mobile wallets.