With the launch of the new “Orchard” network upgrade (otherwise known as “NU5”), Zcash has finally made some major changes to the protocol that will enable much better privacy for the majority of Zcash users. But what do things like “Unified Addresses”, “Auto-shielding”, and “no trusted setup” mean for users? How do these changes impact the ability to use Zcash as a tool for financial privacy, and is it now a solid alternative to Monero?
The major changes in “Orchard” #
It can be difficult to wrap your head around what all of these new terms mean, so let’s break things down into simple and approachable terms for each of the major new changes in the “Orchard” upgrade for Zcash and what they mean for users.
Removal of the trusted setup #
One of the most cited aspects of worry for many people in the past when it comes to Zcash has been the “trusted setup”, a ceremony of sorts where multiple people performed special computation in theoretically secure ways to build the set of information necessary to bootstrap the Zcash network. This trusted setup introduced many potential issues, but most importantly meant trusting that the parties involved in the ceremony would not collude to print new coins in a way that would be undetectable to outside observers.
With the introduction of a cryptographic proving system known as “Halo 2” in Orchard, Zcash has been able to do away with this trusted setup entirely and ensure that no one needs to trust the participants of arcane ceremonies any longer. This is a big step towards building better long-term trust, as well as laying the foundation for potential future improvements.
What does this mean for users? #
Thankfully the cryptographic setup process is not something that affects normal usage of Zcash, so you don’t need to worry about any specific behavior or usage when it comes to the new proving system. When your wallet of choice builds transactions involving the new “Orchard” pool you will automatically use this new system.
Unified addresses #
While it remains a frustration to watch as a privacy advocate, Zcash continues to support transactions of many types, privacy guarantees, and versions within their protocol. As such, handling the different types of addresses can be a major difficulty for users, with the ability to use transparent addresses, “Sapling” addresses (the previous shielded pool version), and now “Orchard” addresses.
With unified addresses, however, wallets will be able to generate a single, long address that will tell senders what type of addresses are accepted, what to default to, and how to send to your wallet. This simplifies the user-experience and also defaults all supported wallets to sending fully-shielded transactions by default (the best privacy Zcash has to offer).
What does this mean for users? #
As a user, this means that once wallets update to this new approach, you will be able to share a single unified address that will tell senders all they need to know about sending you funds, no further questions necessary. This also means that wallets will begin defaulting to sending shielded transactions by default (where possible and where supported by both wallets), providing much stronger privacy guarantees for both sender and recipient.
One of the most critical privacy flaws in Zcash to this day remains the requirement for users to take extra steps to gain strong privacy, opening the door to many possible ways to shoot yourself in the foot and reveal important data (or metadata) about your transactions to outside observers. This requirement for users to perform extra steps to gain strong privacy also meant that the vast majority (90%+ at last count) of transactions in Zcash do not fully utilize the high potential privacy guarantees in Zcash.
With the introduction of “auto-shielding” in Zcash (once wallets add support), any funds you receive, even if to a transparent address or an older shielded pool, will automatically be put in the latest and most powerful shielded pool to preserve your privacy from the sender (for future transactions) and from future recipients. When combined with unified addresses, this means that once wallets update to support these features, a much larger percentage of the network should be gaining stronger privacy on one or both sides of each transaction.
What does this mean for users? #
Thankfully, this means you will actually need to jump through less hoops to gain strong privacy in Zcash (once your favorite wallet supports auto-shielding) and will gain the strong privacy potential in Zcash by default. Less steps and less required knowledge means more users gaining financial privacy, a big win!
What should I be careful to do after the network upgrade? #
Unfortunately, the majority of these features are not yet available in wallets outside of the Zcash CLI and so are not available to most users. Once the updates start rolling out to commonly used wallets, you’ll want to keep an eye out for a few things to ensure you gain the best privacy possible from Zcash.
Update your Zcash wallet as soon as these new features are supported #
The new features detailed above are a huge step forward to providing better default privacy when using Zcash, so be sure to update your favorite wallet to support these new features.
Do not enable receiving to transparent addresses #
If you’re prompted when starting to use an upgraded wallet, disable transparent addresses wherever possible. Even though Zcash can provide strong potential privacy, using transparent addresses is similar to using Bitcoin and leaks immense amounts of information to outside observers. Whenever possible, avoid receiving using transparent addresses to preserve your privacy and that of the sender.
Do not send to transparent addresses #
If you want to send funds to someone and they send you an address starting with a “t”, ask them to send you a unified address or an “Orchard” address to ensure you gain the strongest privacy possible.
How does Zcash compare to Monero as a tool for privacy? #
With all of these major changes, many people will start comparing Zcash to Monero again to ascertain which is the right tool for them. While comparisons are tricky as the best tool for you will depend on your threat model and personal preferences, we can break down some of the key aspects of how useful these tools are purely for transacting and leave aside the differences in security mechanisms, driving ethos, and decentralization.
Privacy by default #
One of the most important aspects of privacy tools is how well they protect users no matter their knowledge level or tech savvy.
Monero remains the king of protecting all users, no matter what wallet they use, their knowledge level, their tech savvy, or anything else. Monero enforces sane defaults for all users via the protocol, meaning you don’t need to jump through any extra hoops or use a specific wallet to get the “latest and greatest” privacy and security when transacting.
Zcash has taken a major leap forward in this category, however, and if all wallets adopt the new features (they are still optional but are now included in the new wallet SDK (or software development kit)) Zcash should be comparable in it’s approach to Monero, but the uptake of these features remains to be seen.
Ease of use #
Another major hurdle for adoption and usage of privacy tools is how easy they are to use compared to the non-private alternatives. A user shouldn’t need deep technical knowledge or a full understanding of on-chain privacy in order to gain strong privacy guarantees.
Monero also continues to take the lead in this category, as again it’s enforcement of sane, unified defaults means that users have very little to think about when transacting and are very thoroughly protected. While in Zcash, even after the upgrade, users will need to be wary of sending to transparent addresses, understand unified addresses, and ensure they only use wallets that have updated to support the new features, Monero implements the same privacy for every user - no matter what.
This advantage means that even if your grandma picks up a Monero wallet she will gain strong on-chain privacy. Thankfully Zcash again is taking large potential leaps here, and if all wallets update properly this should be greatly improved due to unified addresses and auto-shielding.
Absolute privacy on-chain #
The last major category is one that is often the core focus of advocates for privacy coins like Zcash and Monero, and is where Zcash truly hits its stride (when used properly).
If both tools are used properly, I do believe that Zcash has a minor lead in absolute privacy provided to its users. This retains the gargantuan caveat of only applying if the transaction is using the latest shielded pool for inputs, is sending to an address in the latest shielded pool, and funds have not been recently shielded/are not quickly unshielded after receiving. If all of these qualifications are met, Zcash’s use of full-set input ambiguity (inputs can plausibly be any existing output on-chain) provide theoretically superior hiding of the true spend in each transaction, though Zcash and Monero use similar approaches to hiding amounts and preventing address-based heuristics using one-time addresses.
In practice this difference in privacy provided is negated for most users by all of the caveats above, but I hope that after this upgrade and once wallets are fully up to date the strong potential privacy of Zcash will be realized by far more of its users.
It’s also important to note that Monero’s privacy is extremely strong in its own right and has a much more battle-tested and time-tested record of protecting user privacy on the forefront of the war on privacy - the darknet. Monero’s approach to hiding the true spend in each transaction (known as ring-signatures) provides extremely strong plausible deniability and continues to be improved over time, including an increase in per-transaction privacy coming in the network upgrade in July, and will make a massive leap forward with the protocol improvement currently in development, Seraphis.
This upgrade for Zcash is the biggest in its history, and poses the potential for a massive leap forward in user privacy when transacting with Zcash. While a lot of the real-world impacts remain to be seen and will require upgrades to wallets and infrastructure across the ecosystem, Zcash has laid the ground for a much more useful tool for protecting your privacy and is starting to become a useful tool overall no matter your technical acumen.
The “Orchard” upgrade brings big improvements to trustlessness, address management, and default privacy guarantees to Zcash if broadly adopted and are an exciting development. Alternatives to powerful existing tools like Monero are always a positive, and users stand to benefit from projects with disparate technical approaches over time.