Just read the zcash AMA and I came away a bit unconvinced. Some CN related comments in the second page
https://forum.bitcoin.com/post16238.html#p16238It looks like they are very much set with the 10% "Founder's fee" and being pretty much a Bitcoin code base with zero knowledge for enhanced privacy and fungibility. Because of their non threatening stance and some associated names, they will surely be pushed and positioned over Monero with more whales supporting it financially as well as via marketing and networking.
XMR has so much going for it in every way, just not the cash flow it truly deserves.
If you read the blogpost, you will notice that it's 10% of the whole supply, but actually 20% of the blockreward in the first 4 years.
During the first four years, every ten minutes 40 newly created ZEC will go to the miners, and 10 ZEC to the founders.
https://z.cash/blog/funding.htmlHow did zerocash solve the seeding problem anyway?
If it's open source insta-clone it immediately without a "founders fee" and we're all set.
I gather from the AMA that the seeding problem is "solved" by a process which distributes the seed-generation to a set of individuals, where only one individual has to be honest (ie, delete their portion of the key) for the entire thing to be provably secure. Most people will find this sufficient. Some will not.
Regarding the insta-clone idea, I think we've seen how important community/development/publicity/etc is for a coin, so I don't think an insta-clone of ZC would do much actual damage to ZC. Remember when Counterparty implemented Ethereum? What are the relative mcaps of XCP and ETH again?
Also from the AMA it's clear that zcash is going to have some equivalent of Monero's "Viewkey" functionality.
I think what Monero has going for it versus zcash boils down to:
1) It's not built off of Bitcoin's codebase. In my mind, this makes it a much better candidate for a "backup" top-5 coin than junk like Litecoin, Doge, or Dash.
2) I *think* Zcash still has the problem of there being no way to prove that there's not some bug in the system which is creating new coins. There was no mention of this in the AMA (wish I'd seen it in time to ask).
I wouldn't really call that solved, it certainly mitigates the issue but doesn't really solve it. See my reply about it:
The is simply not true, you have to trust that one of the guys from the initial setup is honest. This doesn't mean you do not have to trust you guys at all, which you stated. This is certainly an improvement over the previous setup, but it still isn't trustless. If all the guys of the initial setup collaborate, they could, for instance, still create additional coins and no one would notice.
Since the initial setup will most likely be videostreamed, the names (or at least the faces) of the people at the initial setup will be known. Tell me, what stops a three letter agency from demanding the initial setup guys to collaborate?
One of your engineers (Sean Bowe) acknowledged this (that the setup isn't trustless) as well in an earlier discussion I had with him.
Bottom line is that the initial setup isn't trustless, whereas you are implying it is. This also might be fooling the people that are reading this thread and your answers, thinking the setup is trustless.
I stand corrected if you meant something else with your post.
https://forum.bitcoin.com/ama-ask-me-anything/i-m-zooko-wilcox-ceo-of-the-zcash-company-ask-me-anything-t5413-30.html#p16245In addition to this, they have to prove that the software/hardware used to generate the masterkey isn't compromised beforehand and/or afterhand.
Regarding the viewkey, that was a bit ambiguous to me. It sounded more like they have a key where Alice can prove that she paid Bob. See:
In Zcash, the creator of each individual transaction gets complete control over who can view the contents of the transaction. This is accomplished by each transaction being individually encrypted by an encryption key known only to the creator and the recipient.
There is no other mechanism by which any party can gain the ability to view the contents of transactions other than getting the decryption key from the creator or the recipient of the transaction, or from someone else who has previously received the decryption key. This is a simple, implementable, secure, and understandable mechanism for controlling who can see what. We call it "selective transparency".
Agree with [1].
[2] Yes they still have that problem, there is no way to verify if no additional coins were created.
I could also think of a few other caveats as well (where Monero improves). First of all, using Bitcoin's codebase and porting most of the improvements / upgrades Bitcoin is inherent to continuing on a lot of fundamental issues Bitcoin has.
[1] Zcash will not have a tail emission:
Well, just like in Bitcoin, the mining reward keeps coming for a long time. See the diagram on
https://z.cash/blog/funding.html. There will still be Zcash mining reward for decades. Now, after that reward has diminished so much that it isn't valuable, I hope that transaction fees will have risen to remunerate miners
This will result in severe problems in the future. Stating that there will be Zcash mining rewards for decades is kind of a poor argument, because people take the view / expectation (of no tail emission), discount it to the present and take it into consideration when assessing Zcash.
[2] Zcash will not have a smooth block reward:
I'm rejecting this from Zcoin 1.0 because it doesn't appear to have benefits great enough to overcome the cost of differing from Bitcoin.
https://github.com/Electric-Coin-Company/zcash/issues/143In my opinion, the halving schedule of Bitcoin just creates wild fluctations in price (e.g. bubbles) and (potentially dangerous) large fluctations in hashrate.
[3] Zcash will incur the same blocksize issue as Bitcoin, they plan on simply porting everything regarding blocksize from Bitcoin:
We're still thinking about our plan for Blocksize, scalability, transaction fees, and mining incentives. We'll post as soon as we have a concrete proposal. Our current not-at-all-concrete thinking is to follow Bitcoin and learn from the experience of Bitcoin, and to help if we can. By the time we're ready to launch Zcash 1.0, Bitcoin will probably have deployed:
* segwit, and
* larger block sizes, and
* Lightning Network
In addition Bitcoin might deploy other relevant scalability improvements as well. Or, maybe by the time we Zcashers get to that stage, we Bitcoiners will have decided not to deploy some of those mechanisms, or maybe we'll have tried to deploy some of them and learned that they didn't work as well as we hoped.
In any case, our general thinking for Zcash scalability is to re-use ideas and source code from Bitcoin as much as possible.
[4] Due to their "Founder Reward" it is highly likely that Zcash will be subject to FinCEN and therefore miners will be qualified as MSBs, see this discussion:
https://forum.bitcoin.com/ama-ask-me-anything/i-m-zooko-wilcox-ceo-of-the-zcash-company-ask-me-anything-t5413.htmlHello Zooko,
I'm interested in reading your goals and motivations for taking on anonymity in general or anonymous digital cash specifically as your priority project?
Haven't you seen the
new laws coming (eventually in all Five Eyes countries I've heard from reliable sources)
that will ban end-to-end encryption?
To that end do you expect to support a viewkey or other way that users individually or a global backdoor, so that Zcash can be compliant with the lurch towards a 666 NWO which seems to be rapidly taking form now (and I assert will accelerate with the full global contagion sovereign debt collapse 2017 -2020)?
I am all for the ideology, but I am also pragmatic. We as society may have to fight with social networking and the political-economic revolution of a DIY economy, e.g. self-publishing, 3D printing, etc.. I have been looking at the
concept of a decentralized social network. Any comments?
Sincerely,
TPTB_need_war
AnonyMint
Shelby Moore III
Bold my emphasis. The proposed legislation in the United Kingdom does not ban end to end encryption. What it does however is to require those companies that provide
proprietary encryption products to retain a back door key and make this back door key available to law enforcement.
http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/11970391/Internet-firms-to-be-banned-from-offering-out-of-reach-communications-under-new-laws.html?utm_campaign=Echobox&utm_medium=Social&utm_source=Twitter#link_time=1446482200 There is a critical difference here in that FLOSS end to end encryption tools remain perfectly legal and secure while proprietary end to end encryption tools would have a back door. This is not unlike the FinCEN guidance in the United States
https://www.fincen.gov/statutes_regs/guidance/html/FIN-2013-G001.html where proprietary development funding models for crypto currency (using the emission to fund development) will likely lead to a legal requirement for MSB registration while FLOSS development funding models can retain their decentralized virtual currency designation and avoid the MSB registration requirement. In Canada there was a proposed law that did not pass that required providers of email servers to retain records for law enforcement with an
exception for those who ran their own mail server from their own homes.. A more relevant question to ask would have been: Given that you plan to use a portion of the emission over the next 4 years to fund your company, have you registered as an MSB with FinCEN or have you obtained guidance from FinCEN that MSB registration is not required in your case?
The pattern here is starting to become apparent. Click I agree on some company's terms for the use of proprietary software and become a slave, click I do not agree and use FLOSS tools instead and remain free.
Thanks ArticMine.
Yes I am aware that the proposed legislation in the UK (also afaik similar legislation proposed in the USA, UK, Canada, and Australia) only applies to service providers who offer encrypted services, not to open source code which users independently obtain, compile, and run on their own initiative. I was vaguely aware of this pending legislation and then I became more focused on it during my private discussions last month with the GadgetCoin team who have a P2P streaming technology named Streemo. The governments are not stupid to try to ban activity they can't possibly enforce (thus making the government look impotent), i.e. the government can't monitor/enforce against what each private citizen does in their home.
But I argue effectively the direction is to ban end-to-end encryption in general that does not provide a back door to national security agencies. The government can regulate the ISPs (internet service providers) and ban end-to-end encryption protocols that do not include a decryption key for national security agencies.
I have also explained that using home computers as servers over asymmetric upload bandwidth home ISPs is a Communist economic plan (as I warned Bittorrent back in 2008 and offered them an economic solution for their tit-for-tat algorithm but they ignored me). And that protocols which allow illegal activities from unregulated home servers will be banned by ISPs and hosting providers. If you know of any technology to hide a protocol's patterns such that ISPs can't identify it, please enlighten me. There is some discussion of "Censorship resistance" in
section 2.4 of Synereo's white paper, but that still seems to be inadequate.
Simply put, it is impossible to fight the government when there are choke points in the system which the government can effectively regulate. This is just common sense.
I added the following to that question for Zooko:
[5] Zcash cryptography is in its infancy stage and has not been vetted yet, therefore it's more prone to "errorrs". By contrast, the cryptography behind Monero is quite mature and has been vetted over time.
There are probably some more caveats, but this is what I could think of currently (next to the Zcash vs Monero comparison we already had).