Mining pool censorship could make Zcash “mostly unusable”

Mining pool censorship could make Zcash “mostly unusable”

There is evidence that the second largest Zcash mining pool is censoring shielded (private) transactions. If more pools begin censoring shielded transactions it would make the privacy coin “mostly unusable,” according to one analysis.

Mining pool censorship

Lev Dubinets, a former software developer at AWS, noticed that F2Pool—the second largest Zcash mining pool, which controls 18 percent of the network hashrate—has been censoring private transactions since April 2017.

According to Dubinets, out of more than 86,000 shielded transactions year-to-date F2Pool only mined 120 of them. Given the pool’s hashpower it should have mined roughly 15,000 shielded transactions. These numbers indicate that F2Pool is likely opting not to mine shielded transactions.

“Shielded transactions are underrepresented by F2Pool by three orders of magnitude,” stated Dubinets.

Reason for excluding shielded transactions

There are a few theories as to why F2Pool is choosing not to include shielded transactions in mined blocks. Dubinets speculates that it could stem from regulatory concerns, but even that seems unlikely. Miners normally are incentivized to include as many fee-bearing transactions as possible in a mined block.

Reuben Yap, the COO of privacy coin Zcoin, theorizes the choice could stem from fundamental challenges related to processing shielded transactions.

“My initial guess was that F2Pool engineers determined that not processing shielded transactions gave them some advantage in mining blocks (in a similar vein to mining empty blocks). Or that it was something to do with not wanting to deal with the complexities of verifying the zk proofs. Wang Chun’s recent post on Twitter indicates it to be the latter”

In response to inquiries on potential censorship, Wang Chun, the owner of F2Pool, implied the exclusion was out of laziness rather than malice.

If more pools come to a similar conclusion it could become problematic for the Zcash network. If additional pools censor shielded transactions it would make Zcash “mostly unusable,” as said by Dubinets.

Opt-in by default?

One longstanding controversy around Zcash is the team’s choice to make shielded addresses optional. Unlike some other privacy coins, such as Monero, which obfuscate transaction by default, ZEC users must actively choose to send private transactions.

Research published this May by researchers from the University College of London identified that only 6.3 percent of transactions are shielding, which takes a public “t-address” and converts it to a private “z-address.” Only 0.3 percent of transactions are “private,” which is a transaction between two shielded z-addresses.

Many responses to Dubinets’ analysis were critical of Zcash’s “opt-in” privacy feature. There are many privacy-concerned users that would prefer that shielding be enabled by default.

“There are two approaches which privacy coins take, one is to have privacy opt-in and the other to have privacy on by default. Although an incident like this is an argument to have privacy on by default to make it difficult for miners to censor transactions, there are many other considerations at play. For example, allowing transparent transactions allow easier adoption in many ecosystems such as exchanges and wallets and also can serve to allow traceability where required (for e.g. for tracking charity payments) giving the coin more utility. ZK-proof privacy systems also do not suffer as much as decoy based privacy systems when privacy is opt-in since the anonymity set is always increasing,” said Yap.

Potential fixes

CryptoSlate reached out to Dubinets for suggestions on how the Zcash protocol could tackle the issue of miner-related censorship.

“A solution would be to make z-addresses easier to use and cheaper to spend. Hardware wallets like Ledger still don’t support z-addresses because they can’t generate proofs on a device with so little memory and compute power.”

That isn’t to say the Zcash team isn’t making progress towards making its privacy features more accessible. Following Sapling, the RAM and CPU requirements for generating proofs have decreased significantly, and further improvements are planned by the Zcash team.

Dubinets concluded:

“I hope that one day z-addresses are first class citizens, proof generation is very cheap, and that the Zcash team and community will consider removing t-addresses. Until then, more wallets and tools should be built that are ‘z-address first’ like Zepio Wallet. Users should use z-addresses more. Miners should avoid pools that censor and instead favor pools that have a stated commitment to privacy.”

Zcash | ZEC

Updated: Jun 7 at 1:52 pm PDT
$84.13
7.39%

Zcash, currently ranked #23 by market cap, is up 7.39% over the past 24 hours. ZEC has a market cap of $564.04M with a 24 hour volume of $368M.

Chart by CryptoCompare

Zcash is up 7.39% over the past 24 hours.

Filed Under: Mining, Price Watch, Zcash
Mitchell Moos

Mitchell is a software enthusiast and entrepreneur. His first startup built algorithms for optimizing cryptocurrency mining. Prior to CryptoSlate, Mitchell was a project manager at a firm that built distributed software on Hyperledger. In his spare time he loves playing chess and hiking.

View author profile

Commitment to Transparency: The author of this article is invested and/or has an interest in one or more assets discussed in this post. CryptoSlate does not endorse any project or asset that may be mentioned or linked to in this article. Please take that into consideration when evaluating the content within this article.

Disclaimer: Our writers' opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.