zec
/
zcash-blog
mirror of https://github.com/zcash/zcash-blog.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Full export from WordPress at https://blog.z.cash (Zcash Blog) - wpghs

This commit is contained in:
Ryan Taylor 2018-08-21 17:39:50 +02:00
parent a083def9d8
commit d36713190c
11 changed files with 176 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_posts/2016-04-15-why-equihash.md
View File

@ -10,7 +10,7 @@ post_date: 2016-04-15 00:00:00
---
In our <a class="reference external" href="/new-alpha-release-equihash-and-founders-reward/">last blog post</a>, we announced that we have started using Equihash as the proof-of-work for block mining in Zcash (<a class="reference external" href="https://github.com/zcash/zcash/issues/27">#27</a>).
<a class="reference external" href="https://www.internetsociety.org/sites/default/files/blogs-media/equihash-asymmetric-proof-of-work-based-generalized-birthday-problem.pdf">Equihash</a> is a Proof-of-Work algorithm devised by Alex Biryukov and Dmitry Khovratovich. It is based on a computer science and cryptography concept called the Generalized Birthday Problem.
<a class="reference external" href="http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/equihash-asymmetric-proof-of-work-based-generalized-birthday-problem.pdf" target="_blank">Equihash</a> is a Proof-of-Work algorithm devised by Alex Biryukov and Dmitry Khovratovich. It is based on a computer science and cryptography concept called the Generalized Birthday Problem.
<div id="why-are-we-using-it" class="section">
<h2>Why are we using it?</h2>
Equihash has very efficient verification. This could in the future be important for light clients on constrained devices, or for implementing a Zcash client inside Ethereum (like <a class="reference external" href="http://btcrelay.org/">BTC Relay</a>, but for Zcash).

20
_posts/2016-11-29-zcash-private-transactions.md
View File

@ -25,7 +25,7 @@ Suppose :math:`\mathsf{PK}_1` is Alice's address and she wishes to send her 1 BT
Now suppose each note also contains a random 'serial number' (aka unique identifier) :math:`r.` We will soon see this is helpful for obtaining privacy. Thus, the database may look like this.
:math:`\mathsf{Note}_1=` :math:`(\mathsf{PK}_1,r_1)`, :math:`\mathsf{Note}_2=` :math:`(\mathsf{PK}_1,r_1)`, :math:`\mathsf{Note}_3=` :math:`(\mathsf{PK}_2,r_2)`
:math:`\mathsf{Note}_1=` :math:`(\mathsf{PK}_1,r_1)`, :math:`\mathsf{Note}_2=` :math:`(\mathsf{PK}_1,r_2)`, :math:`\mathsf{Note}_3=` :math:`(\mathsf{PK}_2,r_3)`
A natural first step towards privacy would be to have the node store only "encryptions", or simply hashes, of the notes, rather than the notes themselves.
@ -64,7 +64,7 @@ More precisely, she does the following.
<li>She randomly chooses a new serial number :math:`r_4` and defines the new note :math:`\mathsf{Note}_4=` :math:`(\mathsf{PK}_4,r_4).`</li>
<li>She sends :math:`\mathsf{Note}_4` to Bob privately.</li>
<li>She sends the nullifier of :math:`\mathsf{Note}_1,` :math:`\mathsf{nf}_2=` :math:`\mathbf{HASH}(\mathsf{r}_1)` to all nodes.</li>
<li>She sends the hash of the new note :math:`\mathsf{H}_4=,` :math:`\mathbf{HASH}(\mathsf{Note}_4)` to all nodes.</li>
<li>She sends the hash of the new note :math:`\mathsf{H}_4=` :math:`\mathbf{HASH}(\mathsf{Note}_4)` to all nodes.</li>
</ol>
Now, when a node receives :math:`\mathsf{nf}_2` and :math:`\mathsf{H}_4,` it will check whether the note corresponding to :math:`\mathsf{nf}_2` has already been spent, simply by checking if :math:`\mathsf{nf}_2` already exists in the nullifier set. If it doesn't, the node adds :math:`\mathsf{nf}_2` to the nullifier set and adds :math:`\mathsf{H}_4` to the set of hashed notes; thereby validating the transaction between Alice and Bob.
<table class="fixed-table docutils" border="1"><colgroup> <col width="53%" /> <col width="47%" /> </colgroup>
@ -97,27 +97,21 @@ Now, when a node receives :math:`\mathsf{nf}_2` and :math:`\mathsf{H}_4,` it wil
This is where <em>Zero-Knowledge proofs</em> come to the rescue:
In addition to the steps above, Alice will publish a proof-string :math:`\pi` convincing the nodes that <em>whomever published this transaction knows values</em> :math:`\mathsf{PK}_1,` :math:`\mathsf{sk}_1,` <em>and</em> :math:`r_1` <em>such that</em>
<ol>
<li style="list-style-type: none;">
In addition to the steps above, Alice will publish a proof-string :math:`\pi` convincing the nodes that <em>whomever published this transaction knows values</em> :math:`\mathsf{PK}_1,` :math:`\mathsf{sk}_1,` <em>and</em> :math:`r_1` <em>such that </em>
<ol>
<li>The hash of the note :math:`\mathsf{Note}_1=` (:math:`\mathsf{PK}_1,` :math:`r_1)` exists in the set of hashed notes.</li>
<li>:math:`\mathsf{sk}_1` is the private key corresponding to :math:`\mathsf{PK}_1` (and thus, whomever knows it is the rightful owner of :math:`\mathsf{Note}_1`).</li>
<li>The hash of :math:`r_1` is :math:`\mathsf{nf}_2`, (and thus, if :math:`\mathsf{nf}_2` - that we now know is the nullifier of :math:`\mathsf{Note}_1` - is not currently in the nullifier set, :math:`\mathsf{Note}_1` still hasn't been spent).</li>
</ol>
</li>
</ol>
&nbsp;
The properties of Zero-Knowledge proofs will ensure no information about :math:`\mathsf{PK}_1,` :math:`\mathsf{sk}_1,` or :math:`r_1` are revealed by :math:`\pi`.
<h3>The main places above where we cheated or omitted details</h3>
We emphasize that this has been an oversimplified description, and recommend the <a class="reference external" href="https://github.com/zcash/zips/blob/master/protocol/protocol.pdf">protocol spec</a> for full details.
Here are some of the main things that were overlooked:
<ol>
<li style="list-style-type: none;">
<ol class="arabic simple">
<li>The hashed notes need to be stored not just as a list, but in a Merkle tree. This plays an important role in making the Zero-Knowledge proofs efficient. Moreover, we need to store a <em>computationally hiding and binding commitment</em> of the note, rather than just its hash.</li>
<li>The nullifier needs to be defined in a slightly more complex way to ensure future privacy of the receiver in relation to the sender.</li>
<li>We did not go into details on how to eliminate the need for a private channel between sender and recipient.</li>
</ol>
</li>
<li style="list-style-type: none;">The nullifier needs to be defined in a slightly more complex way to ensure future privacy of the receiver in relation to the sender.</li>
<li style="list-style-type: none;">We did not go into details on how to eliminate the need for a private channel between sender and recipient.</li>
</ol>

2
_posts/2017-05-01-release-cycle-and-lifetimes.md
View File

@ -71,4 +71,4 @@ Please reach out to us with any feedback on this new release policy. You can fin
</table>
</div>
</div>
</div>
</div>

2
_posts/2017-09-22-release-cycle-update.md
View File

@ -27,4 +27,4 @@ As we stated previously, once a version is deprecated via the end-of-support hal
At block 193076, all nodes running version 1.0.9 which do not have the <cite>-disabledeprecation=1.0.9</cite> flag set to opt out of end-of-support halt will automatically shut down. These nodes should already be receiving a related message about the upcoming version deprecation.
Of course we recommend that instead of using the configuration to disable deprecation of 1.0.9 that node operators <a class="reference external" href="https://z.cash/download.html">update</a> to the most recent version of <cite>zcashd</cite> or another well-maintained implementation. Client and network security improvements are often addressed in releases so it's a good idea to always stay updated with the most recent version. If there is a particular reason why you cannot update or do not want to, please reach out to us in the <a class="reference external" href="https://chat.zcashcommunity.com">community chat</a> or by <a class="reference external" href="mailto:info@z.cash">email</a> so we can better understand your needs. We're also happy to answer any questions about the release cycle or deprecation policy and will communicate any future changes to these processes we deem beneficial.
Of course we recommend that instead of using the configuration to disable deprecation of 1.0.9 that node operators <a class="reference external" href="https://z.cash/download.html">update</a> to the most recent version of <cite>zcashd</cite> or another well-maintained implementation. Client and network security improvements are often addressed in releases so it's a good idea to always stay updated with the most recent version. If there is a particular reason why you cannot update or do not want to, please reach out to us in the <a class="reference external" href="https://chat.zcashcommunity.com">community chat</a> or by <a class="reference external" href="mailto:info@z.cash">email</a> so we can better understand your needs. We're also happy to answer any questions about the release cycle or deprecation policy and will communicate any future changes to these processes we deem beneficial.

2
_posts/2017-11-20-new-release-1-0-13.md
View File

@ -27,4 +27,4 @@ Summary of the changes included in this release:
</ol>
We're encouraging all users and miners to update to this new version. See our <a class="reference external" href="https://z.cash/download.html">download</a> page and the <a class="reference external" href="https://github.com/zcash/zcash/wiki/1.0-User-Guide">1.0 User Guide</a> for more information.
For a more complete list of changes, see our <a class="reference external" href="https://github.com/zcash/zcash/milestone/63?closed=1">1.0.13</a> GitHub milestone. To follow our progress, watch <a class="reference external" href="https://github.com/zcash/zcash/milestones">the GitHub project</a> and <a class="reference external" href="https://forum.z.cash/">join the forum</a>.
For a more complete list of changes, see our <a class="reference external" href="https://github.com/zcash/zcash/milestone/63?closed=1">1.0.13</a> GitHub milestone. To follow our progress, watch <a class="reference external" href="https://github.com/zcash/zcash/milestones">the GitHub project</a> and <a class="reference external" href="https://forum.z.cash/">join the forum</a>.

8
_posts/2018-07-13-whats-new-in-sapling.md
View File

@ -11,7 +11,7 @@ post_date: 2018-07-13 22:03:46
---
The next major upgrade of Zcash, codenamed Sapling, is scheduled to activate in October 2018. The specific block height has not yet been determined.
Sapling represents over two years of protocol design and engineering with cryptographic breakthroughs that improve the performance and functionality of shielded (encrypted) transactions. Currently, most Zcash transaction use transparent addresses that function in the same way as Bitcoin. This is largely due to the computational cost of proving that shielded transactions are valid. With Sapling, we move one (giant) step closer to moving toward the ubiquity of shielded addresses.
Sapling represents over two years of protocol design and engineering with cryptographic breakthroughs that improve the performance and functionality of shielded (encrypted) transactions. Currently, most Zcash transaction use transparent addresses that function in the same way as Bitcoin. This is largely due to the computational cost of proving that shielded transactions are valid. With Sapling, we move one (giant) step closer toward the ubiquity of shielded addresses.
<h2>Performance for Shielded Transactions</h2>
<h4>Changes</h4>
Today, if you create a new z-address it'll look something like this:
@ -22,17 +22,17 @@ A z-address generated after Sapling activation will look something like this:
<pre><span class="blob-code-inner"><span class="pl-s">zs1z7rejlpsa98s2rrrfkwmaxu53e4ue0ulcrw0h4x5g8jl04tak0d3mm47vdtahatqrlkngh9sly</span></span></pre>
This new, shorter address starts with "zs" and is called a <em>Sapling</em> z-address. The legacy Sprout z-addresses will continue to function after Sapling activates, but will later be deprecated in favor of this new address.
<h4>Implications</h4>
Payments involving the new Sapling z-addresses can be constructed in as little as a few seconds and with only 40 megabytes of memory. Exchanges, mobile wallet wallet providers, vendors and other 3rd parties will now be able to support shielded addresses.
Payments involving the new Sapling z-addresses can be constructed in as little as a few seconds and with only 40 megabytes of memory. Exchanges, mobile wallet providers, vendors and other 3rd parties will now be able to support shielded addresses.
The increased use of shielded addresses will improve the effective privacy for the entire network.
<h2>Decoupled Spend Authority</h2>
<h4>Changes</h4>
All shielded transactions require the creation of a <a href="https://z.cash/technology/zksnarks.html">zero-knowledge proof</a>. Today, the hardware that constructs the proof must also be in possession of the spending key that authorizes the transaction. Sapling changes this by allowing the hardware that constructs the proof to be independent from the hardware that signs the transaction.
All shielded transactions require the creation of a <a href="https://z.cash/technology/zksnarks.html">zero-knowledge proof</a>. Today, the hardware that constructs the proof must also be in possession of the spending key that authorizes the transaction. Sapling changes this by allowing the hardware that constructs the proof to be independent from the hardware that signs for the transaction.
<h4>Implications</h4>
Enterprises can perform an inexpensive signature step in a trusted environment while allowing another computer, not trusted with the spending key, to construct the proof. Additionally, hardware wallets can support shielded addresses by allowing the connected computer to construct the proof without exposing the spending key to that machine.
<h2>Improved keys</h2>
<h4>Changes</h4>
Shielded addresses currently support an <a href="https://blog.z.cash/viewing-keys-selective-disclosure/">incoming viewing key</a>. Holders of an incoming viewing key for a shielded address are able to see the value of all incoming transactions and the memo field. They cannot see the sending address and cannot spend the funds.
Shielded addresses currently support an <a href="https://blog.z.cash/viewing-keys-selective-disclosure/">incoming viewing key</a>. The holder of an incoming viewing key for a shielded address is able to see the value of all incoming transactions and the memo field. They cannot see the sending address and cannot spend the funds.
Sapling extends the capability of the viewing key to include visibility into outgoing transactions for a shielded address. Visibility includes the transaction value, memo field and target address.
<h4>Implications</h4>

17
_posts/2018-07-25-bitgo-adds-zcash.md Normal file
View File

@ -0,0 +1,17 @@
---
ID: 3292
post_title: BitGo Adds Zcash
author: Josh Swihart
post_excerpt: ""
layout: post
permalink: https://blog.z.cash/bitgo-adds-zcash/
published: true
post_date: 2018-07-25 12:12:23
---
<img class="aligncenter size-full wp-image-3293" src="https://blog.z.cash/wp-content/uploads/2018/07/Bitgo.png" alt="" width="1980" height="616" />
<a href="https://www.bitgo.com">BitGo</a>, a market leader in institutional-grade cryptocurrency security, today announced support for Zcash. BitGo provides the highest level of security, compliance and custodial services. It is the world's largest processor of on-chain bitcoin transactions — processing 15% of all global bitcoin transactions and $15 billion per month across all cryptocurrencies. The company has a customer base that spans more than 50 countries and includes the world's largest cryptocurrency exchanges.
<em>"We are working hard to offer our institutional clients the most complete portfolio of digital currencies," said Ben Chan, CTO, BitGo. "Zcash is a compelling digital currency that many hedge funds, exchanges and customers have been asking for because of its emphasis on privacy. We are glad to deliver a secure multi-signature implementation to store Zcash today."</em>
BitGo represents a growing number of industry leaders that have recently announced support for Zcash. Already this year, <a href="https://blog.z.cash/hello-circle/">Circle</a> and <a href="https://blog.z.cash/gemini-announces-support-for-zcash/">Gemini</a> announced support for Zcash after <a href="https://www.dfs.ny.gov/about/press/pr1805141.htm">receiving approval from the NYDFS</a>. <a href="https://blog.z.cash/coinbase-exploring-zcash/">Coinbase recently announced</a> it is exploring adding Zcash for its 20+ million customers. We at the Zcash Company are excited that leaders like BitGo are adopting Zcash and that people are awakening to the benefits of financial privacy. We believe the <a href="https://blog.z.cash/whats-new-in-sapling/">upcoming Zcash Sapling upgrade</a> will fuel greater adoption of Zcashs privacy features.

29
_posts/2018-08-09-zcash-perspectives.md Normal file
View File

@ -0,0 +1,29 @@
---
ID: 3316
post_title: Zcash Community Perspectives
author: Josh Swihart
post_excerpt: ""
layout: post
permalink: https://blog.z.cash/zcash-perspectives/
published: true
post_date: 2018-08-09 14:27:05
---
<img class="aligncenter size-full wp-image-3317" src="https://blog.z.cash/wp-content/uploads/2018/08/perspectives-banner.png" alt="" width="1440" height="810" />
Earlier this year, people in the Zcash ecosystem participated in <a href="https://z.cash.foundation//blog/zcon0-recap/">Zcon0</a>, the first conference for the Zcash community. The conference brought together an eclectic group of brilliant thinkers, cryptographers, engineers, cryptocurrency founders and financial leaders to beautiful Montreal for three days. We met in hotel conference rooms, hallways, restaurants, parks and bars to share progress, challenge ideas and inspire one another. We explored a wide range of topics, including incentives, governance, scaling, circuits and elliptic curves. If you were there, you know how good it was.
While the main sessions were <a href="https://www.youtube.com/playlist?list=PL40dyJ0UYTLK507afWUMgzUYeh-i4qQWS">live-streamed</a>, much of the conversation happened off the main stage. Over the course of the conference, we sat down with various members of the community to capture their perspectives on topics like protocol governance, usability, <a href="https://blog.z.cash/whats-new-in-sapling/">the upcoming Zcash protocol upgrade</a>, regulation, market sentiment, challenges and, of course, privacy.
In the coming weeks, well be releasing short videos (via <a href="https://www.youtube.com/playlist?list=PLVm6KZ09QEQw3EvlfI-NcZUJ5NzFUyqxY">YouTube</a> and <a href="https://twitter.com/zcashco">Twitter</a>) of these conversations with members of the Zcash Company founders and engineers as well as community thought leaders, including <a href="https://twitter.com/ljxie">Linda Xie</a>, <a href="https://twitter.com/_jillruth">Jill Carlson</a>, <a href="https://twitter.com/rubengsp">Ruben Galindo</a>, <a href="https://twitter.com/jz_bz">JZ</a> and <a href="https://twitter.com/valkenburgh">Peter Van Valkenburgh</a>.
<h4><strong>Today weve released the first two videos in our Perspectives Series</strong></h4>
Zcash Company CTO <a href="https://twitter.com/least_nathan">Nathan Wilcox</a> on designing for privacy.
[embed]https://youtu.be/xyNbW5Mdhrw[/embed]
Ethereum Founder and Chief Scientist <a href="https://twitter.com/VitalikButerin">Vitalik Buterin</a> on the importance of privacy.
[embed]https://youtu.be/gcV9KlnW-dc[/embed]
You will find both these and the upcoming videos on the <a href="https://www.youtube.com/playlist?list=PLVm6KZ09QEQw3EvlfI-NcZUJ5NzFUyqxY">Zcash YouTube playlist entitled Perspectives.</a>
We hope that these and upcoming perspectives will inform, inspire and challenge you. Let us know what you think. Post responses and perspectives of your own. Lets continue to meet, and talk, and educate, and spur one another on.

45
_posts/2018-08-14-completion-of-the-sapling-mpc.md Normal file
View File

@ -0,0 +1,45 @@
---
ID: 3312
post_title: Completion of the Sapling MPC
author: Sean Bowe
post_excerpt: ""
layout: post
permalink: >
https://blog.z.cash/completion-of-the-sapling-mpc/
published: true
post_date: 2018-08-14 21:01:21
---
Zcash's next major upgrade, codenamed Sapling, will be <a href="https://blog.z.cash/whats-new-in-sapling/">activated later this year</a>. One of our final goals before activation is the completion of a <a href="https://en.wikipedia.org/wiki/Secure_multi-party_computation">multi-party computation</a> ceremony which produces the <a href="https://z.cash/technology/paramgen.html">public parameters</a> that our shielded transactions depend on.
We're happy to announce the completion of this ceremony! In total, nearly 200 people contributed either directly to the ceremony or to its development, coordination and review. We're including the final parameters in our 2.0.0 release of Zcash later this week.
<p style="text-align: center;"><img class="alignnone wp-image-3331" src="https://blog.z.cash/wp-content/uploads/2018/08/neal-300x300.jpg" alt="" width="175" height="175" /> <img class="alignnone wp-image-3332" src="https://blog.z.cash/wp-content/uploads/2018/08/hudson-300x225.jpg" alt="" width="233" height="175" /> <img class="alignnone wp-image-3333" src="https://blog.z.cash/wp-content/uploads/2018/08/andrew-300x169.jpg" alt="" width="311" height="175" /></p>
<p style="text-align: center;"><em><sup>Images from three Powers of Tau participants: (from left) <a href="https://twitter.com/NealJayu/status/934804507271319554" target="_blank" rel="noopener">Neal Jayu</a>, <a href="https://twitter.com/hudsonjameson/status/930994082444447746" target="_blank" rel="noopener">Hudson Jameson</a> and <a href="https://motherboard.vice.com/en_us/article/gy8yn7/power-tau-zcash-radioactive-toxic-waste" target="_blank" rel="noopener">Andrew Miller and Ryan Pierce</a></sup></em></p>
<h2>Ceremonies</h2>
Zcash's underlying zero-knowledge proofs require some system parameters to be constructed. If these parameters are compromised, an adversary could create counterfeit Zcash coins. In our original launch of Zcash, we defended against this by <a href="https://z.cash/blog/the-design-of-the-ceremony.html">deploying</a> a multi-party computation protocol. The protocol has the property that only one of its participants must be honest in order for the final parameters to be secure.
In the original ceremony, we only had six participants due to scalability issues of the protocol. In addition, due to the sensitivity of the process to protocol aborts, participants did not apply a wide diversity of individual countermeasures to defend against compromise.
Last year, we published a <a href="https://eprint.iacr.org/2017/1050">new protocol</a> for constructing the parameters which is designed to scale to a large number of participants. Unlike the original protocol, a participant can contribute to the ceremony at any time, and they do not need to be in custody of secrets during the entire duration of the ceremony.
Additionally, the new protocol is split into two pieces: a circuit-agnostic phase called the <strong>Powers of Tau</strong>, and a circuit-specific phase that we <a href="https://blog.z.cash/sapling-mpc/">announced</a> several months ago. This allows the broader public to take advantage of the parameters we produced in order to build their own zk-SNARK protocols with scalable MPCs.
<h2>Powers of Tau</h2>
The Zcash Foundation <a href="https://z.cash.foundation/blog/powers-of-tau/">facilitated</a> and hosted the Powers of Tau ceremony, which took place between November 2017 and April 2018. It accepted 87 contributions from cryptographers and members of the community. Only one of these contributions needs to be honestly constructed for the parameters in this phase to be secure.
The diversity of this ceremony was significant. Participants used a wide variety of hardware and operating systems, and many destroyed their hardware afterward. Anyone was allowed to participate either by asking directly or publicly requesting to participate via a mailing list.
Most of the participants <a href="https://github.com/ZcashFoundation/powersoftau-attestations">wrote</a> about their experience and the unique countermeasures they deployed. Andrew Miller and Ryan Pierce famously <a href="https://motherboard.vice.com/en_us/article/gy8yn7/power-tau-zcash-radioactive-toxic-waste">flew in a plane with radioactive material</a> to seed their random number generator. Filippo Valsorda wrote an <a href="https://github.com/FiloSottile/powersoftau">independent implementation</a> of the ceremony code in Go. Devrandom developed a <a href="https://github.com/devrandom/trust-rust">trusted build environment</a> for the Rust code.
You can read more about this ceremony <a href="https://z.cash.foundation/blog/conclusion-of-powers-of-tau/">here</a>, along with instructions for how to verify its results.
<h2>Sapling MPC</h2>
The Zcash Company hosted the MPC for constructing Sapling's final zk-SNARK parameters. We <a href="https://blog.z.cash/sapling-mpc/">announced</a> the ceremony in May and accepted contributions through early August. In all, this ceremony accepted <a href="https://github.com/zcash-hackworks/sapling-mpc/wiki">over 90 contributions,</a> of which only one must be honestly constructed for the success of this phase.
The final parameters are now available <a href="https://storage.googleapis.com/sapling-mpc/params">here</a>. You can verify the parameters using the <code>verify</code> utility in the <a href="https://github.com/zcash-hackworks/sapling-mpc/blob/master/src/bin/verify.rs">sapling-mpc repository</a>. Just as in the Powers of Tau ceremony, we applied a random beacon which you can read about in the <a href="https://lists.z.cash.foundation/pipermail/zapps-wg/2018/000380.html">zapps-wg mailing list</a>.
All of the participants can run this verifier and check that it outputs a hash that their software produced when they contributed to the ceremony. This allows them to confirm that the final parameters include their contribution. These hashes are also listed, along with the participants, <a href="https://github.com/zcash-hackworks/sapling-mpc/wiki">here</a>.
<h2>Conclusion</h2>
We're now ready to move ahead with the Sapling upgrade. The parameters produced by these ceremonies are historic: The Powers of Tau and the Sapling MPC are the largest multi-party computations ever performed.
We'd like to thank the community for participating and improving the quality and security of Zcash and all protocols that build on top of zk-SNARKs.
We'd also like to thank Jason Davies and Ian Munoz for their efforts in coordinating the ceremonies, and the Zcash Foundation for hosting the Powers of Tau.

44
_posts/2018-08-16-new-release-2-0-0.md Normal file
View File

@ -0,0 +1,44 @@
---
ID: 3356
post_title: 'New Release: 2.0.0'
author: Sean Bowe
post_excerpt: ""
layout: post
permalink: https://blog.z.cash/new-release-2-0-0/
published: true
post_date: 2018-08-16 23:35:58
---
We're happy to announce the release of Zcash 2.0.0, the first Sapling-compatible version of the Zcash node software!
<h2>Sapling Activation</h2>
<h3>Mainnet</h3>
This release is consensus-compatible with the Sapling network upgrade, and so we're encouraging all users and miners to upgrade as soon as possible. The first block of Sapling will be block 419200, which is expected to be mined on the 28th of October 2018, the second anniversary of Zcash's official launch. You can read more about the Sapling network upgrade <a href="https://blog.z.cash/whats-new-in-sapling/">here</a> or on the <a href="https://z.cash/upgrade/sapling.html">Sapling Network Upgrade</a> page.
<h3>Testnet</h3>
Sapling will activate on the testnet at block 280000, which is expected about a week after this release. Sapling had previously activated on testnet, but because changes were made to the consensus rules your node will automatically roll back and proceed on the Overwinter testnet branch until Sapling activates again at the new height.
<h2>Other Notable Changes</h2>
<h3>Experimental Sapling RPC Support</h3>
This release contains only experimental support for Sapling RPC functionality. Full support for Sapling RPC functionality will appear in the 2.0.1 release.
Developers must specify <code>-experimentalfeatures</code> and <code>-developersapling</code> to use the existing functionality on testnet after activation. Alternatively, developers can use these features in regtest mode.
<h3>Fix Peer Banning Bug Introduced In Overwinter</h3>
After Overwinter activation, nodes syncing from a block height prior to the activation height (347500) experienced slow syncing due to a peer banning mechanism that was introduced to mitigate against a class of DoS attacks from Sprout nodes. This fix replaces the use of peer banning with behavior to ignore invalid transactions.
<h2>Summary of the Changes Included in this Release</h2>
<ol>
<li>Set the Sapling activation height for mainnet and testnet. (<a href="https://github.com/zcash/zcash/pull/3469">#3469</a>)</li>
<li>Adopted the official Sapling system parameters. (<a href="https://github.com/zcash/zcash/pull/3448">#3448</a>)</li>
<li>Added support for rollbacks of testnet. (<a href="https://github.com/zcash/zcash/pull/3443">#3443</a>)</li>
<li>Added experimental wallet support for Sapling z-addresses. (<a href="https://github.com/zcash/zcash/pull/3273">#3273</a>, <a href="https://github.com/zcash/zcash/pull/3353">#3353</a>, <a href="https://github.com/zcash/zcash/pull/3392">#3392</a>, <a href="https://github.com/zcash/zcash/pull/3429">#3429</a>, <a href="https://github.com/zcash/zcash/pull/3396">#3396</a>, <a href="https://github.com/zcash/zcash/pull/3458">#3458</a>)</li>
<li>Added experimental support for building Sapling transactions. (<a href="https://github.com/zcash/zcash/pull/3417">#3417</a>)</li>
<li>Added experimental support for Sapling note encryption and decryption. (<a href="https://github.com/zcash/zcash/pull/3324">#3324</a>, <a href="https://github.com/zcash/zcash/pull/3391">#3391</a>)</li>
<li>Accept the transaction expiry height as a parameter to RPC call <code>createrawtransaction</code>. (<a href="https://github.com/zcash/zcash/pull/3336">#3336</a>)</li>
<li>Prepared the codebase for <a href="https://github.com/zcash/zips/pull/157">ZIP 32</a> integration, including bumping the Rust compiler version to 1.28. (<a href="https://github.com/zcash/zcash/pull/3447">#3447</a>)</li>
<li>Begin checking the zk-SNARK parameter hash when loaded into memory. (<a href="https://github.com/zcash/zcash/pull/3441">#3441</a>)</li>
<li>Always record the best Sapling anchor on disk even if it is for the empty tree, because rollbacks may occur. (<a href="https://github.com/zcash/zcash/pull/3463">#3463</a>)</li>
<li>Fixed a bug where nodes may ban peers during synchronization before network upgrade activation. (<a href="https://github.com/zcash/zcash/pull/3410">#3410</a>)</li>
<li>Backport upstream improvements to <code>InitialBlockDownload</code>. (<a href="https://github.com/zcash/zcash/pull/3263">#3263</a>)</li>
<li>Update the mainnet checkpoints to improve the speed of initial synchronization. (<a href="https://github.com/zcash/zcash/pull/3246">#3246</a>)</li>
</ol>
We're encouraging all users and miners to upgrade to this new version.  See the <a href="https://z.cash/download.html">download</a> page for more information.
For a more complete list of changes, see the <a href="https://github.com/zcash/zcash/milestone/73?closed=1">2.0.0</a> GitHub milestone. To follow our progress, watch <a class="reference external" href="https://github.com/zcash/zcash/milestones">the GitHub project</a> and <a class="reference external" href="https://forum.z.cash/">join the forum</a>.
&nbsp;

26
_posts/2018-08-17-perspectives-on-sapling.md Normal file
View File

@ -0,0 +1,26 @@
---
ID: 3365
post_title: Perspectives on Sapling
author: Josh Swihart
post_excerpt: ""
layout: post
permalink: >
https://blog.z.cash/perspectives-on-sapling/
published: true
post_date: 2018-08-17 14:00:06
---
<img class="aligncenter size-full wp-image-3317" src="https://blog.z.cash/wp-content/uploads/2018/08/perspectives-banner.png" alt="" width="1440" height="810" />
Last week we introduced a video series called <a href="https://blog.z.cash/zcash-perspectives/">Perspectives</a>. These short interviews were conducted at <a href="https://z.cash.foundation//blog/zcon0-recap/">Zcon0</a> on various topics relevant to the Zcash community.
Yesterday, the Zcash Company <a href="https://blog.z.cash/new-release-2-0-0/">released the first Sapling-compatible Zcash node software</a> and announced that Sapling activation is set at a block height of 419200, which is expected to occur on Zcashs second birthday, Oct. 28, 2018.
Sapling is a major protocol upgrade. Due to recent cryptographic breakthroughs, shielded (or private) addresses and transactions will soon be supported by mobile and hardware wallets, exchanges and payment processors. This will greatly improve the adoption of privacy and bring us closer to our vision of empowering everyone with economic freedom and opportunity.
For this weeks Perspectives, were highlighting Sapling. Zcash engineers <a href="https://twitter.com/ebfull">Sean Bowe</a> and Ariel Gabizon provide an overview of some of the detail and expected benefits with this upgrade, including proof-construction improvements, new zk-SNARK parameters, and delegated proving.
[embed]https://youtu.be/KECoajyj8v8[/embed]
[embed]https://youtu.be/zPFhr546oYc[/embed]
All videos in the Perspectives series are available on the <a href="https://www.youtube.com/playlist?list=PLVm6KZ09QEQw3EvlfI-NcZUJ5NzFUyqxY">Zcash YouTube channel</a>. If you missed it, last weeks Perspectives focused on privacy. Take a look at thoughts from <a href="https://youtu.be/xyNbW5Mdhrw">Zcash CTO Nathan Wilcox</a> and <a href="https://youtu.be/gcV9KlnW-dc">Ethereum Founder and Chief Scientist Vitalik Buterin</a>.