You're reading the Keybase blog.
There are more posts.

November 17, 2016

Keybase chooses Zcash

Some background

At Keybase we've gotten quite a few requests to add altcoin X to public profiles: Ethereum, Ripple, Stellar, Litecoin, Dogecoin, Namecoin, and many others.

Those coins have useful properties, but Bitcoin is the only one that people have actually adopted for person-to-person transfers. If you want to send your friend $5 or $5,000, it's better to use BTC because it's more liquid, less volatile, and more accepted.

Here's a screenshot of a friend's Keybase account with a bitcoin address:

Our integration is pretty simple: you can see that Filippo signed a bitcoin address onto his profile. If you know him by any of the usernames on that list, you can safely send him money. Technical info including his signature: here

Major privacy issues

Anyone can see Filippo has received and sent 3.7128 BTC (~$2500 USD) on blockchain.info. This is public info. In fact, by looking at the bitcoin blockchain, you get to know all this about Filippo:

  • how much $ he's getting
  • when he's getting it
  • where it's going next
  • when it's going out
  • and even which addresses sent to him!...which in turn may have reputations

It's a mess.

In many ways, bitcoin is inferior to cash.

Failed solution: per-sender addresses

Why not just give a different address to everyone?

Answer: this only solves some of the problems. It disconnects your address from your identity, but anyone you transact with can study your other transactions.

Your bitcoin address can be drawn into charts like this, to find clusters of information:

Imagine many of those nodes are known people, known websites, known services.

A more focused example

Here's a hypothetical view of you receiving money from 2 people, and sending to 3:

In the above scenario, your mom can guess you sent money to a sex shop. And she also knows you got money from 2 unsavory characters, because their addresses are in turn connected to other unsavory characters.

This fuzzy region between 100% privacy and 100% transparency is what Bitcoin experts call Taint.

Worse, the white supremacist, who knows your real, actual home address from the return label on their eBay purchase, can guess what charities you support and where you buy your sex toys. He lives in your town, by the way. Uh-oh.

The sex toy shop knows you gave to UNICEF so that feels good.

User experience

Finally, usability. Sending someone money should not start with a call for them to call you back.

Alice: Hey Lucas, I need a bitcoin address so I can pay you back for the vegan fried buffalo wings.

3 days later...

Lucas: Oh Alice, you're too kind. Here's my address: 1shUCkadckRock3245...

1 day later...

Alice: Oh, about time ffs. Ok, money sent. Next time let's use Venmo.

Enter Zcash -

Zcash recently launched.

Zcash fixes the privacy issues, while retaining the usability we want: just post an address on your profile once, and that's it. Let the money flow in.

Zcash has 2 kinds of addresses, t-addresses, which are transparent, like bitcoin addresses. And z-addresses; the "z" is for "zero knowledge."

z-addresses are perfect for a public profile.

A z-address offers you the following:

  • the sender cannot tell anything else about your address: who else has sent to it, how much balance it has, or what you've done with the money they've sent you.
  • when you spend the money, the recipient can't tell where it came from.

z-addresses really are absolutely perfect for signing into a public profile.

If your ultimate goal, as the recipient, is to own and hoard BTC, you can always convert some of your incoming Zcash to bitcoin.

Zcash was started by an impressive team. It's brand new but we at Keybase really are cheering for them. We hope for a future in which Zcash and bitcoin thrive together.

That's really it.

Zcash isn't about doing dark things with your money, it's about disconnecting the people you transact with from each other. Zcash is a digital simulation of real, physical dollars. And because an address can be published with privacy, it's lower friction that bitcoin.

We just updated the Keybase app to support posting either a z-address or t-address. Here's Mike M., a Keybase team member, and our first adopter:

If you'd like to send him some money, have at it.

HN users: those PM'ing me for an invitation.... in the FAQ there is a temp code to skip the queue. We'll turn that code off in a day or two.


FAQ

Is it safe?

It's too early to say anything with confidence. If there's a bug in Zcash, that could mean these privacy promises are false. You could lose your money. Or extra money could be minted or double-spent.

What's more, we'll never reach 100% confidence. Six people were trusted to make and then burn temporary keys in the creation of Zcash - if all six of them were compromised or if they conspired together, Zcash could be counterfeited.

Why allow posting a transparent t-address at all?

Some people may prefer the transparency, which is why Zcash has t-addresses. For example, for tip jars or donations. Money sent to a t-address can still then be cleansed by sending later to a z-address.

Great! How do I add an address from the command line, using the Keybase app?

# how to add z123456789abcdef... to your profile
keybase cryptocurrency add z123456789abcdef...

That will sign the address into your signature chain and into Keybase's Merkle tree. You can also use your profile page on the Keybase.io website, which will tell you how to generate a signed statement using GPG.

What Zcash wallet software should I use to generate an address?

If you're on Linux, you should run the official Zcash server/client.

If you're on Windows or Mac, you might just want to wait a bit or check the z.cash forums. Or play with it in a virtual machine running Linux.

Can I join Keybase now?

We still have an invitation queue. But if you're interested in Zcash and want to jump the line, you can download the app and use the invitation code "zcash" during signup.


This is a post on the Keybase blog.