AMA - Zcoin $XZC on Zerocoin technology and egalitarian computing (not the same as Zcash) led by Reuben

Who YOU are

I am Reuben Yap, a practicing lawyer and am a partner of a law firm. I mainly do corporate law and government advisories. I also run a VPN company called BolehVPN so have been a big advocate of privacy technologies for the past ten years.
I have been involved in cryptocurrencies since 2013 and have made successful investments in Dash and NEM along with contributing to their respective communities with guides and even merchandise.

Your role

I am Zcoin’s community and communications manager although I am a bit of a Swiss army knife and do whatever that needs doing that doesn’t involve coding. I also help to coordinate the team and keep everyone communicating. I have been involved in Zcoin since October 2016 a mere month after its launch.

The vision of the company

Zcoin aims to solve two main issues of Bitcoin namely privacy and fungibility and the growing threat of miner centralization.

We also strongly believe in the pursuit and continuous development of privacy and decentralization technologies such as decentralized markets and trustless exchanges.

The purpose of the technology and the problem it aims to solve

Our main innovations are being the first coin to successfully implement Zerocoin and also to have a working implementation of MTP a radically new proof of work algorithm that can make mining very memory hard while remaining lightweight to verify.

Zerocoin provides a decentralized trustless laundry so that people can wipe off a coin’s transaction history by doing a Zerocoin mint and spend.

MTP was designed to be an improvement over Equihash by allowing huge amounts of RAM to be used in mining thus stifling ASIC creation. By design it was meant to even scale up to 10 gb while remaining very fast and lightweight to verify meaning nodes only need very low specs to verify the transaction despite it being memory hard.

MTP is currently running on our testnet but academic research is ongoing on ways to improve it.

And any more context you can provide so people can be informed in their questioning.

We are not a Zcash clone in any way! We use totally different technologies. Zerocoin was a predecessor to Zerocash which enjoys certain advantages over Zerocash including most importantly supply auditability, a much shorter time to generate private transactions (thus increasing its use) and using proven cryptography that is used industry wide. You can read more here. We are also exploring the best way to remove trusted setup which appears to be possible using the Sigma protocol.

You can also read more on how our technology compares to other major privacy cryptocurrencies in this post.

Zcoin is not without its ups and downs and we have went through a hack that allowed 388k coins to be generated (and ironically could only be detected because of supply audittability) and a problematic co-founder that is now no longer with us. We’ve since grown from strength to strength and are now bolstered with a strong and motivated team with renewed vigor.

We are releasing our Bitcoin core upgrade to 0.13.2 soon which greatly improves our user experience.

I would be happy to answer any questions you may have on Zcoin :smiley:

6 Likes

You can also find a lot of explanatory videos on our Youtube channel which explains what we do and our technologies in animated form and interviews with me.

Some of you may have also heard of Vertcoin which was founded by our current core dev Poramin Insom. Our initial funding came from angel investors the most prominent being from Roger Ver.

2 Likes

What would you say are the competitive advantages you have over other offerings?

3 Likes

I’m glad you asked!

Let’s first talk about privacy which is one of our primary focuses. First of all I don’t think there is any ultimate solution, I actually go into much more detail here where we weigh both the pros and cons of each privacy mechanism. I however for this post will focus only on the advantages we have.

vs Dash:

Dash’s approach uses a modified version of coinjoin. This involves a degree of trust on the mixer to do the mixing and that it isn’t logging important details of the It also offers a very limited sent of people to ‘mix’ with typically 3 people so that means your ‘anonymity set’ per transaction is only 3. The main problem is the issue of trust of the mixer.

Another drawback is that it requires ACTIVE participants, meaning people have to come on to actively choose to mix in a Coinjoin. This mean delays when trying to mix and may open other type of attacks and analysis. In fact the coinjoin process can be disrupted preventing completion of a coinjoin.

Even with multiple rounds of CoinJoin mixing, recent research (https://arxiv.org/pdf/1708.04748.pdf) shows that a user’s wallet can be identified if they are not careful with browser cookies when making payments because mixing only obscures the transaction links between addresses but does not break them completely.

Most people do not see Dash’s ‘privatesend’ as a serious anonymity contender and offers basic privacy only.

vs Monero

Monero’s transactions with RingCT are very large. Blockchain isn’t prunable.
Its setup means that with the advent of quantum computing or incorrect implementation, the ENTIRE blockchain is deanonymized retroactively. This happened to Shadowcash. Also something unique to monero was its old 0-mixin transactions (https://eprint.iacr.org/2017/338) caused much of its old txs to be deanonymized. Subsequently fixed and new tx won’t suffer this.
Ring size is limited (defaults to 4). Can be increased to other amounts but much larger cost and may actually make u less anonymous if not many others use that ring size.

Monero’s offering is a solid contender.

vs Zcash

Zcash lacks supply auditability. If there’s a problem with their trusted setup or their implementation, coins can be generated out of thin air which are undetectable.
Very complicated trusted setup
Private TX takes a long time to calculate (almost a minute a modern pc) and also making it much less likely for people to use private tx.
Uses new cryptography that is only used in Zcash and its clones. Not battle tested.

Zcash is very exciting cutting edge tech.

vs Verge

Verge doesn’t have any blockchain anonymization mechanism at all and only relies on TOR integration which can be achieved with other coins (including Zcoin) using TOR as well especially with Bitcoin core’s inbuilt integration. Only IPs are hidden but transactions are completely in the clear.

Their “Wraith” protocol is basically stealth addresses but still doesn’t offer a full solution to blockchain anonymity but is a step in the right direction. Stealth addresses do not protect the transaction flows but merely makes it easy to publish a single address while having it appear as different addresses on the blockchain. It still doesn’t break the linkages between transaction flows but merely addresses the ‘address reuse’ issue.

Zcoin

Zcoin is a balance between high tech, solid cryptography and less risks and usability and scalability.

Anonymity set of many thousands (if not more) with one single Zerocoin mint/spend tx better than Dash/Monero.
Uses RSA cryptography , battle tested that is widely used. if RSA is broken, least of your problems is ZCoin
Supply auditability while still using zk proofs for true transaction breaking
Private tx do not take long to generate a few seconds only.
Trusted setup did not involve the devs at all.
Ability to remove trusted setup with Sigma setup (in research) that is closer to real world implementation that Zcash’s STARKS (which has extremely large proof sizes)
Research into Extended Zerocoin allows many of the features of Zcash.

DECENTRALIZATION

I’ll cover this in a later post. Have to run off for a bit first but it relates to our PoW mechanism MTP.

5 Likes

Awesome! So, tell me a bit more about the founders, how they met, what inspired them to come together and put this project out there. WHat’s their story?

1 Like

Wow someone that knows their coin and project overall. I am like John would love to hear about the founders. A couple of the previous AMA posts in here just seem lack luster compared to yours and Bowhead’s. Zcoin you have my attention.

KYC and AML are going to be major hurdles for any coin of this nature and even with regulators as things are really starting to heat up in this arena. I would love to hear your thoughts on this. Just FYI I work for one of the very institutions that many of these coins are trying to replace. :slight_smile: This topic is fresh on my mind as we just finished installing about 100kW worth of KYC and AML servers into a small portion of my DC.

3 Likes

There were actually two original founders of the project, Poramin Insom and Gary Le (who is no longer part of the project). In fact, Gary’s involvement is something we are not particularly keen to bring up as it was an ugly side of our history (and would eventually come up) but hey this is an AMA so we’ll be open about it.

Poramin Insom is actually the founder of Vertcoin, one of those early generation coins and the first person to do stealth addresses in a QT client. If you look at the Zcoin project, it retains many of the original goals of Vertcoin, being private and also against miner centralization.

His interest in Zerocoin tech actually stemmed from wanting to improve Vertcoin to allow anonymous transactions. Then he was doing his Masters in Security Informatics at John Hopkins University and his paper was under the supervision of Matthew Green (one of Zerocoin’s and Zerocash’s original authors). His paper written together with another student Ankit Sarwal was actually about a practical implementation of Zerocoin.

He released a closed source version Zerovert that was aimed to be part of the Vertcoin family, but it was plagued with performance issues and the Vertcoin community didn’t seem particular supportive of it hence it was then dropped to become a totally new project called Moneta which was then rebranded to Zcoin to reflect its key tech, Zerocoin technology. With angel investor funding, the code could now be open sourced and taken seriously while ensuring Poramin’s work was not wasted.

This interview with Poramin would shed a lot of light of his background and his thoughts on Zcoin.

Gary actually found Poramin and contacted him over an e-mail on the possibility of working together. If you know Poramin, he’s a brilliant coder and a amazingly warm person. However he tends to shy away from the public limelight. Gary offered to fill in this gap by being the public face of Zcoin and doing everything necessary to make Zcoin a success including looking for funding and marketing and it was Gary who found the initial angel investors for the Zcoin project. This was how the partnership came about. Gary is well spoken and a recipient of the Thiel Fellowship so at the time he seemed to be a good partner for the project and to his credit he did manage to secure the initial funding. Poramin trusted him and left him to handle all the legal and marketing side while Poramin did ALL THE CODING.

When Zcoin finally launched, there were quite a few issues in relation to the funding with Gary refusing to show proof to Poramin that Poramin’s share of the funding was still intact (as he had only received a very small percentage of it). That combined with a general lack of interest in the project by Gary (he just wasn’t around) and a dump of his own share of the founder’s wallet which crashed the price led us to believe that Gary wasn’t in it for the long term. With him still retaining the vast majority of the initial seed funding for the project and him dumping the Zcoin he got, it wasn’t a pretty picture.

Till this day, we still suffer a little bit from the reputation damage caused by this incident but have moved on and proven ourselves.

We made a very hard decision to hard fork him out and bring in a new investor, Tim Lee to provide that initial funding so that Poramin can continue working on the project. With Tim Lee’s funding, we were able to bring in new developers and team members on board and basically get the project moving. He also assisted greatly in building a very strong community in China and getting us listed on the BTC38 exchange together with Roger Ver’s assistance. Gary attempted to start his own fork but the community, pools and exchanges rallied behind our side and since then we only have some remnants from his abandoned website and a forked Github from us. Beyond some initial confusion caused by his website, social media accounts and Github, we consider the chapter closed and since then have had zero interaction with Gary.

Poramin remains very committed to Zcoin and in implementing new features to the project. Coding the Zerocoin implementation wasn’t easy (and still isn’t). Coding MTP from scratch from an academic paper isn’t easy. And Sigma, and Extended Zerocoin are all basically things that have not been coded for. He aims to not only challenge himself but to make Zcoin an innovative and balanced privacy coin. This is why development of Zcoin might seem slow to some but seriously, coding a totally new PoW mechanism as complex as MTP is not a matter of just of using a new hashing algorithm or chaining a bunch together. Even Equihash took a lot longer to do. Backed up with very talented developers like Aizensou, SN, Tadhg and our miner dev djm34, we are working now with renewed vigor.

In fact we are starting to get a lot of interest when people realize that we are not a Zcash fork and offering genuinely new solutions. Most people when they come across our project go, “WHY ARE YOU GUYS SO UNDERVALUED?”. We’re working to improve the user experience right after this and upping our marketing efforts so we’re certain that once this is done, our true value will be recognized.

3 Likes

I don’t pretend to be an expert on KYC and AML but of course we do recognize the challenges that privacy coins face though I am also keen to hear your thoughts on the issue!

We have been talking within our team on this informally and have some ideas. Even our interaction with exchanges have been quite informative.

I think if anyone is going to use Zcoin on a centralized regulated exchange, there is of course going to be AML/KYC involved and therefore a loss of privacy. This cannot be avoided no matter what tech you use even if you have a ‘privacy on by default’. In fact, having Zcoin transactions operate on one layer only functioning just like Bitcoin with the Zerocoin tech on another layer merely wiping the transaction history, seems to be more well received by exchanges since it is easier to justify it as a ‘transparent’ transaction akin to just using freshly mined coins which have the same characteristics as coins that have been generated from Zerocoin spend transactions.

There are two ways to approach it:

One way to explore this is how Dash is attempting to do this though we don’t think this is an ideal solution. It kinda feels like surveillance. However it is an option that is open for Zcoin.

Depending on how regulation develops, the only way to truly combat this is through the use of decentralized or p2p exchanges. Monero’s approach on p2p exchanges is worth looking this in establishing its own form of ‘localbitcoins’ but even this isn’t completely fool proof given that it is still a centralized service.

We are looking seriously into atomic swaps which would allow people to convert from one coin to another in a trustless manner without needing an exchange especially with the big ones like Ethereum and Bitcoin. This way, Zcoin can indirectly utilize other coin’s other established fiat gateways and do this even within the wallet. Exchanges cannot stop this unless they stop cryptocurrencies altogether.

The other long term solution which is a challenging one but probably the best one is combining and encouraging with the use of decentralized market places. This makes it hard to stop completely as it lessens the need to convert to fiat. Right now, decentralized market places like OpenBazaar are still hard to use and technical but hopefully with time a ‘crypto’ only economy can develop. Nothing is stopping items being listed for cryptocurrency denominated in fiat value on the market place so you can still get whatever goods you want and yet merchants get to pay their fiat costings.

4 Likes

So back to one of our USPs, decentralization.

A key first component to this is a fair Proof of Work that cannot be dominated by specialized hardware like ASICS. Now there has been many attempts at this and many coins touting ‘ASIC-Resistant’ PoWs.

There are a few approaches to this.

The first one was chaining various algorithms together such as tried by x11 in Dash. This obviously wasn’t effective and there are ASICS for x11, x13, x14 and x15. So chaining algorithms isn’t really all that effective.

Others as attempted by some coins (and Zcoin in its early days with its Lyra2 implementation) is to have the parameters that are automatically adjusted all the time (for eg. in accordance with block height) making it a moving target. However this makes mining rather unpredictable and also doesn’t solve the load on verifiers and isn’t flexible to adapt to changing situations.

The most widely accepted one is making the algorithm memory hard as used in Scrypt (128 kb) , Cryptonight (2mb) whereby the idea is that it will be memory limited and incorporating memory that is expensive. Ethash does this but also favors GPUs incredibly. The problem with many of these schemes is that increasing the memory required meant that it increased the load on verifiers who need to allocate those memory to verify it thus limiting the amount of memory they could specify in the mining algorithm. This is why Scrypt has ASICS with its insignificant use of memory because increasing the memory meant it became too heavy to verify.

MTP is a completely new type of PoW whereby a miner can be required to use massive amounts of memory (2 gb in reference implementation but can be even increased to 10 gb) while remaining lightweight to verify by nodes, reducing the need for powerful CPU nodes and protecting the network against transaction spam attacks against nodes. The high memory requirement also makes it less attractive to botnets (as is a problem with Cryptonight), since its use would be much more noticeable to an infected computer.

MTP is currently working on our testnet however we are awaiting for updates from the authors of MTP to address some attack vectors and also optimizations. We have an ongoing 10,000 USD + 2,500 USD MTP bounty whereby there has been some excellent submissions by Marc Bevand to improve MTP and has increased the scrutiny over the PoW. The authors of MTP expect to have a revised paper sometime in October and find the best ways to do this and it may just be some patches and a parameter adjustment so we are hopeful that we can launch MTP on main net soon after the paper’s release. Fingers crossed!

3 Likes

We are not going to rush any announcements on Znodes until we are sure we can deliver on the deadline. The last time we tried to give exact timeframes leaded to a lot of pressure to deliver burning the team out and making the release not as polished as we would like.

Doing finishing touches on the core upgrade then Zerocoin + GUI update + fixes but will have started Znode coding by then which shouldn’t take too long when compared to the other tasks. Still on track as according to our roadmap but Sigma may be delayed a little since it is a very huge undertaking and we would like to focus on polishing the product before opening more new things.

3 Likes

For my questions your answer was sufficient. I was mainly looking to see that you at least understood them and were talking about them. I know many many people in this field investor or otherwise that dream of a completely anonymous system, but we all know that the major powers to be are not going to let that fly. Hence why that track cash deposits into bank accounts over a certain amount for people conducting illegal activities to keep it in hard cash. Crypto’s enable far more good than bad and I hope it stays that way.

So my next question is more about marketing the coin. Because any coin that has a developed a completely anonymous method is going to get a very dark tinge to it as the unscrupulous start using it. Do you have any plans to fight a bad public image due to that?

Remember I want to see cryptos and even anonymous crypto’s succeed but we are entering a new era with them and thus new hurdles. So i am trying to ask questions that are not necessarily a problem at this moment and from what i have seen are typically not in the white paper or on some website.

3 Likes

First, thanks for this fantastic AMA.

What happened to it? The hacker got all those coins for free or were you able to ‘destroy’ those coins?

3 Likes

Any story around the logo creation and design? I’m always fascinated by that type of stuff.

2 Likes

Yeah we actually have some strong gusses on who it was, a person who was trying to develop his own Zcoin fork, Castellum (which he has since deleted many traces of it) and he looked at it and found the bug. This was way back when Poramin was working alone on the code and the bug was overlooked. We have now taken several steps to allow us to catch this problem a lot faster and also have more eyes and have gone through a first round audit of the Zerocoin code. The results of that first look have actually resulted in many improvements including to not just the implementing Zerocoin code, but the libzerocoin software library itself.

From our talks with Bittrex, the hacker was actually quite smart about it, broke it down into many different Bittrex accounts and liquidated in a very controlled fashion. As they were all sold on the open market on Bittrex, it would be unfair to those who bought it if we reversed it and in fact, in a way it has helped spread out the distribution (if you want to look at it positively). This isn’t like the DAO where the funds were locked up and easily traceable but here they actually had been sold on open exchange already.

A full detailed post and disclosure of the bug can be found here:

2 Likes

I think privacy/anonymity doesn’t necessarily need to have a dark tinge to it when marketing it. VPNs used to be in the same boat but are now seen as an essential part of privacy in the wake of many of the Snowden leaks. Though admittedly, the word privacy sure beats anonymity in that sense.

In fact, I think the majority of users who want privacy/anonymity are not people with ill intent. They just want financial privacy or fungibility of their money. The last thing people want is for coins that were tainted in some other crime to be traced back to them raising ‘civil forfeiture’ issues.

If we see privacy as a basic right which is now thankfully starting to gain public recognition, I don’t see why anonymity/privacy should have a negative connotation. When people ask me, “so why do we need privacy?” I often give the analogy of not wanting people to hear you sing in the shower, or to know your Google searches which when taken out of context can be damaging. For example if I Google searched “rabbit porn” just out of curiosity to see what would come up, I don’t necessarily want the world to know this even if it was innocent.

As long as marketing focuses on privacy as a basic human right and protecting yourself, I think we can avoid the ‘darker’ sides. :stuck_out_tongue:

2 Likes
  1. How you can get “10% of total supply” for development funding when all coins need mining?
  2. Do we have a way to estimate number of Zcoin users? (eg: counting number of Zcoin wallet address or something)
  3. We need 300 bytes for a normal TX --> mean 10^10 transactions need 3TB. How a miner can store all of its in a normal disk? Can we compress, or prune, or something similar? Could you detail it, pls.
  4. Which GPU is best for mining when Zcoin use MTP algorithm? Can you list some :smiley:

Thank you!

2 Likes
  1. Indeed the coins need mining but a part of the block reward goes to pre-defined wallets. This is actually 20% of the mining reward for the first 4 years which then stops but this represents 10% of total eventual supply. This is similar to what ZCash uses. In this way we keep the team self funded during the important years of development until it can mature and stand on its own and keeps the devs focused on the task rather than trying to drum up funding and also we can be transparent about where we are getting our funds from. We have several full time programmers working with us which is important to keep the dev tasks moving.

  2. I don’t think there is an accurate way to do this since just like Bitcoin, you can always generate more addresses so unless you do some sort of blockchain analysis, then probably not.

  3. This transaction size is actually exactly the same as Bitcoin. 10^10 is 10,000,000,000 transactions. Bitcoin today only has 260 million. Note that both Bitcoin and Zcoin’s blockchain can be pruned which is another benefit of using Bitcoin’s core which means we can adapt whatever scaling improvements there are to Bitcoin.

  4. We have some unoptimized versions at the moment but it isn’t clear which is better. We have paid a bit more attention to Nvidia first since they are easier to work with than AMD but this may change. We will only know once the final parameters and paper is released from the original MTP authors who are coming up with a revised version of MTP to address some attacks and performance optimizations.

4 Likes

Actually, the logo came about from a guy called Greg Hardesty aka glitch (greg@glyph.it) whom I believe is an American based in Italy who really liked the project and offered to help us design a branding image around it. He agreed to accept Zcoins as his remuneration and we think he did a really good job. We’ve been following his color scheme and logo ever since but will be changing around the website and design a bit to give it less of a ‘matrix, hacker feel’ to a more approachable and friendly imagery while retaining its general color scheme.

3 Likes

glad to see dev teams taking the time and really facing/answering community like this, adds much more faith to the coin.
I think you guys will do great and znode + MTP is gonna be shoot the coin up to the moon!

2 Likes

I was actually looking to invest in this coin a while ago and that was around the time your team was having issues as you mentioned above and was scarred away from project. I appreciate you explaining what happened. I will give this project another look now that I see you are moving forward with the project.

1 Like

💰 YEN · DCTV ·️ Bitcoin Lambo · 10 Days of Bitcoin ·️ CEO's Brainpan 🧠