Zcash Privacy to Have Vulnerability, Researchers Say

Four researchers from University College London have identified patterns in certain kinds of Zcash transactions that weaken their anonymity
10 May 2018   1764

George Kappos, Haaroon Yousaf, Mary Maller and Sarah Meiklejohn found that when coins move from "unshielded" to "shielded" and back to "unshielded" addresses, they lose much of the anonymity that zcash users expect. The team noted that "relatively simple heuristics ... reduce the size of the overall anonymity set by 69.1 percent." This is reported by Coindesk.

Note that ZCash, positioned as one of the most promising and respected confidential crypto currency, offers two types of addresses: "T-addresses" are transparent and unprotected, transactions and balances are publicly available. In turn, "Z-addresses" are protected and invisible to the general public.

Thus, transfers from one unprotected address to another are completely public, whereas transactions between protected addresses are almost anonymous (only time marks and commissions related to mining are displayed).

At the same time, researchers found that transactions involving different types of addresses are much less confidential. So, if you want, you can get information even about Z-addresses, the report says. 

Our heuristics would have been significantly less effective if the founders interacting with the pool behaved in a less regular fashion. In particular, by always withdrawing the same amount in the same time intervals, it became possible to distinguish founders withdrawing funds from other users.
 

The University College London Research Team

These transactions (as well as similar ones carried out by the miners) are caused by the necessity of holding ZCash coins through secure Z-address pools before they can be used for other operations.

Researchers also noted that they told the founders about the problems found before the publication of the report, which has already led to a change of patterns. In turn, the founder of ZCash Zooko Wilcox and marketing director Josh Swihart in the reciprocal message congratulated the university team.

It is valuable to understand how much privacy is lost when using shielded addresses as a pass-through mechanism, but using it in that way is not recommended. Instead, store your Zcash in a shielded address.
 

Zooko Wilcox and Josh Swihart

Zcash

Wilcox and Swihart said that planned upgrades to the zcash protocol would lessen the risks to anonymity identified in the reasearch.

1st Alternative Zcash Client to be Created by Parity

The responsibility for the continued development and support of the new client called Zebra will be with the Zcash Foundation
18 June 2019   494

The leading developer of solutions for the Ethereum ecosystem, Parity Technologies, presented the first alternative client for cryptocurrency Zcash.

A new client called Zebra is designed to improve the security of the Zcash network. So, if the original Zcashd client will not be able to operate for some reason, the blockchain will be supported by nodes on Zebra.

In addition, with the help of an alternative client, developers will be able to identify bugs and eliminate defects in consensus.

The community wins across the board, as there are now more core developers working on clients, with more interests represented and clients taking different approaches on how to build apps on top. Zcash can now boast a more diversified community that can effectively tailor experiences for Layer 2 developers as well as end-users.
 

Fredrik Harryson
CTO, Parity Technologies

The responsibility for the continued development and support of the Zebra will be with the Zcash Foundation.