Since it’s inception, Bitcoin has been the dark-web currency of choice. However, signs are showing it is losing prominence in that arena. Due to the public nature of Bitcoin’s blockchain, it has proven to not be as anonymous as once believed. Detailed blockchain analysis of Bitcoin transactions can actually be used to break Tor anonymity. Bitcoin’s fungibility has also been affected for the same reasons (exchanges not accepting BTC from certain addresses).

It is these specific failures of the Bitcoin protocol that have led to the development of cryptocurrencies focused primarily on anonymity and privacy. Some of these include Monero (XMR), Zcash (ZEC), Dash (DASH), Bytecoin (BCN), and Komodo (KMD).

It is important to note that a cryptocurrency transaction has three aspects: the sender’s address, the receiver’s address, and the amount being sent. In Bitcoin, all three of these are public and traceable through cross-referencing. Therefore a successful private cryptocurrency should provide anonymity on all 3 facets of the transaction.

In this article, I will be be discussing the two most popular anonymous cryptocurrencies: Monero and Zcash. I will briefly explain each coin at a somewhat technical level, followed by a comparison of their pros, cons, and risk factors. I will then discuss which of these two I believe will become more relevant in the long term. This article assumes you have a somewhat basic understanding of how blockchains work and operate.

Monero

Started in April 2014, Monero is a Proof-of-Work (PoW) cryptocurrency that is based on the CryptoNote protocol. It’s PoW utilizes a hashing algorithm called CryptoNight that makes it more resistant to ASIC development.

Protocol Technicals

Monero achieves anonymity on all three facets of its transactions through ring signatures, stealth addresses, and Ring CT which was implemented later.

Ring Signatures: Ring signatures are used to mask the address of the sender. It works by having multiple parties sign the transaction, making it impossible to determine who the original signer was.

Stealth Addresses: Stealth addresses are the way in which the receiver’s address is masked. It works by having the sender create a random one-time address that is based on the receivers published address. Therefore, only the receiver and sender are able to determine where the Monero was sent.

Ring CT: Ring Confidential Transactions (Ring CT), was implemented in early 2017 to provide better anonymity for transaction amounts. For a more technical explanation the paper describing this in detail can be found here: https://lab.getmonero.org/pubs/MRL-0005.pdf

Monetary Policy

Monero’s current supply (as of 2/15/18) is 15.7 million, and will reach its cap of 18.4 million around May of 2022. An interesting feature of Monero’s money supply is that once the 18.4 million amount is reached, ~158,000 Monero will be released each year in perpetuity. Below is a graph showing the Monero emission curve compared with Bitcoin (which caps at 21 million in the year 2140).

This means that Monero will have about 17% inflation between now and 2022, with a continuous decreasing rate of inflation per annum (starting at around 0.92%). Monero’s decision to have a perpetual inflation amount (and in turn a decreasing inflation rate), is significantly different than most other cryptocurrencies which have fixed supplies.

Development & Community

The Monero developers, led by Riccardo Spagni, are funded exclusively through donations with many of the developers working as volunteers. Monero has a rich open source development environment with 5,968 Code Repository points (per cryptocompare.com). They also have a very active and enthusiastic community with 115k subscribers to r/Monero with over 800 comments per day.

Zcash

Zcash was released in October of 2016 as a Proof-of-Work cryptocurrency that uses the Equihash hashing algorithm. Zcash uses a zk-SNARK protocol which utilizes zero knowledge proofs to achieve ultimate anonymity.

Protocol Technicals

Zcash has what is widely considered the most bleeding edge cryptography available: special zero-knowledge proofs called zk-SNARKs. To avoid going into too much detail, a zero-knowledge proof is, according to Wikipedia, a “method by which one party can prove to another party that a given statement is true, without conveying any information apart from the fact that the statement is true.” A zk-SNARK is then an iteration on this concept in which no interaction is needed between the two parties.

Zcash enables optional features to enable privacy for transactions including the sender, receiver, and amount. Zcash addresses beginning with a “t” (t-addrs) are considered transparent, and are similar to bitcoin transactions. “Shielded” transactions are used with addresses beginning with a “z” (z-addrs), and these are considered to be fully anonymous. It’s important to note that as of December 2017 only 4% of Zcash transactions were being shielded.

With a z-addr, zk-SNARKs are used to hide the outputs to and from the z-addr. Therefore a transaction from a t-addr to a z-addr would show the ZEC leaving the t-addr but the output would be hidden to the z-addr. The graphic below is from the Zcash official website showing the interaction between the two address types.

(https://blog.z.cash/anatomy-of-zcash/)

Another important point regarding Zcash is the trusted setup that was needed at the genesis of Zcash in order to enable the zk-SNARKs. To do this there needed to be a ceremony in which 6 participants essentially used shards of private keys to “setup” the network, in which after they were destoryed. The identity of the participants was public, and there is no reason to believe that any kept their respective key shards. The participants included some of the most prominent computer scientists and cryptographers in the space, they are:

Andrew Miller — Zcash Foundation Board Chairman Peter Van Valkenburgh — Director of Research Coin Center John Dobbertin (pseudonym) Zooko Wilcox — Zcash founder and lead developer Derek Hinch Peter Todd — Bitcoin core developer

While the ceremony was considered successful, is it important to note that if it was compromised in any way, it would allow someone to essentially create Zcash at will. And due to Zcash’s anonymity of amounts through their z-addrs, it would be extremely hard to detect.

Monetary Policy

Zcash happens to have the same supply schedule as Bitcoin, however there are 2 important caveats. First, 10% of the 21,000,000 total Zcash will be given to the founders/developers, in compensation for development costs and such. The 2.1M coins are distributed quicker than the natural release of the coins, with all 2.1M being given to the founders by ~2021. Second, since Zcash started in October of 2016, it is more than 7 years behind Bitcoin’s inflation rate, which just began tapering off in the last few years.

For that reason, Zcash has and will have a very high inflation rate, with the supply increasing by 600% over the next 7–8 years. This dramatically increased supply should put significant downward pressure on the price.

Development & Community

The Zcash developers, led by Zooko Wilcox, get funded through the 10% founders reward that gets paid out through 2021. This reward is very significant with the founders getting about 1440 ZEC per day (or $576,000 based on today’s prices). Zcash’s GitHub community is strong with 6,792 Code Repository points (according to cryptocompare.com) and 400 subscribers. Zcash also has 12,000 subscribers to its Reddit page with about 81 comments per day.

Outlook Comparison

Now we’ve gone over the fundamentals of both Monero and Zcash, I will now stand them up against each other based on a few categories: Core technicals, adoptability, monetary policy, development & communities, and external risk factors.

Core Technicals

While both Monero and Zcash z-addrs provide essentially full anonymity for their users, they do so in very different ways. In Monero, all addresses and amounts are fully visible, however it is impossible to determine who owns which address, who they are sending funds to, and how much that amount is. With Zcash’s shielded transactions, all information regarding the transaction is hidden.

However, while Monero transactions are always anonymous, Zcash is only fully anonymous when sending between two z-addr. When a transaction is sent from a t-addrs to a z-addrs and vise versa, there is a degree of publicity that many people are not satisfied with. The other thing to note is that less than 5% of Zcash transactions involve z-addr (which is to mean that many people using it do not mind or care about the public nature of the t-addrs.

Adoptability

At first glance, Zcash appears to be significantly further along on the adoption curve than Monero. Most wallets support Zcash, and both Ledger and Trezor provide support for it. However, these only support t-addr, which for all intensive purposes is identical to Bitcoin, which makes it easy to provide support for. Z-addrs support requires significantly more wallet development than do t-addrs.

Monero on the other hand does not have the ability to turn its privacy on or off. Due to the complexity of its blockchain, the development of SPV or lightweight wallets that still ensure a proficient degree of privacy is difficult. This is why Monero (along with z-addr) have been much slower to gain support for traditional mobile and hardware wallet apps. However, progress has been made and we are expected to see a Monero compatible hardware wallet in 2018.

Now whether or not this optional privacy feature is a positive or a negative is yet to be seen. My opinion is that optional privacy is not ideal due to the fact that most people won’t bother, leaving those that do use it looking suspicious. For that reason I think Monero has an edge here.

Monetary Policy

I separate the Monetary Policy into two parts: near term inflation rate and miner compensation post block reward.

As far as near term inflation goes Monero is miles ahead of Zcash. Zcash will have over 600% inflation over the next 7–8 years while Monero will have ~20% over that same period. Looking at the Supply % issued based on Y2050 supply (courtesy of onchainfx.com), Monero currently has 70.12% with Zcash only having 16.17%. While this isn’t the be all end all, it definitely should weigh into the near term decision on investing into either of these coins. Zcash is going to have a lot more downward price pressure thanks to its extreme supply increase in the near to mid term.

The second thing regarding these two coins monetary policy is their future miner compensation plans. Zcash plans to work similarly to Bitcoin, in that miners will be compensated through newly minted coins up until transaction fees take over as the primary compensation model. Monero on the other hand will continue to perpetually reward miners through a fixed amount per block. While either method could prove to be better, I personally think that Monero has the advantage here.

While we ultimately don’t know how this fee only compensation method will work, Monero’s decision to add a permanent inflation amount could prove to be a smart decision. While some people dislike this aspect of Monero, the inflation rate will be so low that I don’t find it to be an issue.

Development & Community

Monero and Zcash have similar Github commits and community sizes from what I have observed. The main point here I believe is how the development teams are being compensated. While the Monero development team is funded solely through donations, the Zcash team takes 20% of the Zcash reward up until 2021 (leading to 10% of the total Zcash supply).

On one hand, this is in favor of Zcash mainly due to the fact that the Zcash developers have, as Taleb would say, “skin in the game”. However, there are two problems I foresee. First, the amount of money the developers are getting is somewhat ridiculous. They are receiving about half a million dollars a day in ZEC, which could rise exponentially as the crypto market grows (which I expect it to in the next 3 years). Second, with 2021 only three years away there would no longer be financial incentive for the developers to work on the project. Donations could occur however with the amount of money they have already made I personally would be annoyed if they asked for donations. However the Zcash foundation could resolve this by locking some ZEC allowing them to maintain their skin in the game.

Despite the fairly excess amount of compensation, I think having a developer payout is important, especially for developmentally intense cryptos like Monero and Zcash.

External Risk Factors

Taking a step back, there are a number of risk factors that are relevant to Monero and Zcash outside of each other. Remembering that the primary use case for anonymous cryptocurrencies arose from failures of Bitcoin, significant privacy improvements for Bitcoin could be a risk factor.

While nothing is certain, there are some technologies have the potential to greatly help Bitcoins privacy issues. Two that come to mind right away are Lightning Network and MimbleWimble. However I personally believe that there will always be a use case for cryptocurrencies focused on anonymity, it’s still important to consider risk factors such as this.

Conclusion

Overall, both Zcash and Monero have very solid fundamentals that give them long-term viability. However, I believe Monero to be the better choice in the long run for three main reasons.

The first is the fact that Monero transactions are always private, where in Zcash the privacy feature is optional. It makes sense to me that the anonymous crypto of choice should always be private. Even though this makes Monero slower in adoption, I think wallets will actually work to include Monero support before z-addrs support, especially due to community demands.

The second reason, despite being fairly circumstantial, is community. Based on my observation, the Monero community is much stronger than the Zcash community. This a very powerful thing with open source protocols, especially cryptocurrencies which try to satisfy MoE and SoV.

Lastly, I like Monero’s inflation model despite the fact that many people look at is as a negative. I think maintaining miner compensation through newly minted coins is a solution that has long term viability, whereas moving to a transaction only model in a PoW system is unproven.

For those reasons I expect Monero to be the primary anonymous cryptocurrency of choice over the long term. If you have any questions or comments please leave them below.