17

The ZCash protocol has both basecoins which are traceable and Zerocoins which are anonymous. Basecoins can be converted into Zerocoins but the conversion itself is visible on the blockchain.

Could a Monero sidechain be built with Monero as the base token and Zerocoin as the anonymous token?

Would such a sidechain be more private than ZCash itself due to the anonymity that Monero will bring as the base new token?

Essentially I am asking if the ZCash protocol would be more private if the traceable basecoin was replaced with Monero. Please differentiate your answer as either before or after the introduction of RingCT if it impacts the answer.

Smart Kid
  • 6,563
  • 2
  • 36
  • 62
Greg Hastings
  • 375
  • 1
  • 8
  • Maybe you should change "ZCash" in the first question to "Zerocoin" since "ZCash" appears too ambiguous. My understanding is that it would make more sense to exchange XMR with the anonmyous token(Zerocoin) rather then the non anonymous basecoin. – stke Jul 23 '16 at 12:20
  • 1
    @stke rewarded for clarity. I am asking about replacing the non anonymous basecoin with Monero. – Greg Hastings Jul 23 '16 at 22:21
  • thanks a lot, I get it now :-) hoping for some interesting answers too. – stke Jul 24 '16 at 10:45
  • Zerocoin is an entirely different protocol. Zcash's protocol is based on Zerocash. Also the "basecoin" terminology from the Zerocash paper is obsolete; we now refer to "shielded" or "transparent" value. – Daira-Emma Hopwood Feb 19 '17 at 05:21

2 Answers2

16

Yes it's definitely possible, but why create a whole new coin for that? A better idea would be to create a Zerocoin sidechain (post RingCT) for Monero that allows people to move their Monero into the sidechain, mix it and send it to anyone else on the sidechain, and then pull it back out.

This would avoid the massive risk associated with ZCash's trusted setup because the sidechain would never have much value in it, and so the worst that can happen is an attacker can drain whatever is in the sidechain at the point that they find an exploit.

Riaan Swart
  • 1,058
  • 7
  • 13
  • 2

    move their Monero into the sidechain, mix it and send it to anyone else on the sidechain, and then pull it back out.

    .... because....?

     – Ginger Ale Oct 20 '16 at 00:45
5

Another option would be to add a zero-knowledge protocol option, with no side-chain at all. This might be the least code-bucks for the most privacy-bang.

aminorex
  • 333
  • 3
  • 5