Freedom and safety begin with privacy.
No one should be forced to expose their income, spending, or net worth just to transact.
Not to corporations. Not to governments. Not to red teams. Not to anyone.
When your money is tracked, your freedom is capped and your safety is put at risk.
Surveillance money gives tyrants and thugs leverage. Private money disarms them.
Privacy isn't secrecy. It's autonomy and safety.
Zcash uses zero knowledge proofs, specifically zk-SNARKs, to enable fully private transactions.
Unlike Monero, which uses decoys to obscure the real transaction, Zcash transactions reveal nothing (hence the "zero" in zero knowledge).
The sender, receiver, and amount are all cryptographically hidden.
Old-school zk-SNARKs were heavy, slow, and required trust. Zcash evolved past them.
With the Halo 2 proof system and soon Project Tachyon, Zcash can now scale to billions without servers knowing anything, without compromising speed.
Zcash gives you a choice:
Zcash has evolved through three major shielded pools, each one more private and scalable than the last.
Today: in the process of deprecation. Wallets like Zashi auto-migrate users away from it and toward the most private and secure option.
Sapling is still supported, but being sunset. New UX steers users away from it.
Orchard is the default in modern Zcash wallets today.
We can't know who's using shielded ZEC - by design. But we can measure how much ZEC is shielded. And it's rising fast.
Why?
Expect this to go parabolic.
Turnstiles are how Zcash reconciles privacy with transparency.
Every shielded pool has its own accounting gate:
They're especially crucial for older pools with trusted setups (Sprout/Sapling). Thanks to turnstiles, even if a flaw existed, any inflation would be detectable.
No.
The system is now truly trustless.
In 2018, a vulnerability in the Sprout pool could have allowed an attacker to mint coins undetected.
Other major cryptocurrencies have also suffered from inflation bugs:
key image checks, potentially removing coins from circulation or enabling double-spends. It was patched after a responsible disclosure.
Inflation bugs aren't rare. What sets Zcash apart is that its turnstile design ensures shielded pools can be audited indirectly. So even in the presence of privacy, you'll know if inflation occurred.
Tachyon is a new architecture from Zcash cryptographer Sean Bowe. It's designed to bring private money to everyone on Earth.
Most crypto projects talk a big game about scaling to billions. For privacy coins, it's not hype, but survival. A "private" system that only few can access isn't private at all.
Today, most wallets offload work to remote servers. That helps with speed but kills privacy. You get convenience but the server sees everything.
Tachyon flips that.
It uses novel cryptograph to let untrusted servers help without learning anything. Your wallet syncs fast. The server can't tell what's yours. Not even a hint.
State contention and accumulation around the nullifier set has also been removed. Allowing private transactions to run in parallel.
No more trade-off between privacy and usability. No bottlenecks and no giving up control to get performance.
unstoppable private money
— mert | helius.dev (@0xMert_) April 2, 2025
now at scale
super impressive way to scale zcash here by Sean — love it
Privacy is back https://t.co/9JfZ6WkeDJ
Not 100% sure yet, but I’m about 70% sure that this dense technical talk that Sean Bowe just gave reveals a fundamental breakthrough in blockchain technology that will still be in use a hundred years from now.https://t.co/BU5INKom8k
— zooko🛡🦓🦓🦓 ⓩ (@zooko) March 4, 2025
Monero uses decoys to hide real transactions, mixing them with fake ones. This method seems clever, but in practice, is fragile, inefficient, and increasingly obsolete.
Monero assumes observers can't distinguish real outputs from decoys. This is false.
When some spends become known, they expose others. Over time, the anonymity set shrinks. This retroactively weakens historical privacy - something Zcash's model avoids.
Decoy based systems increase transaction size. Monero's chain grows fast, making it harder to run full nodes and undermining decentralization.
Monero developers have explored migrating to zero-knowledge proofs. They recognize that probabilistic privacy isn't future-proof.
Zcash cofounder @zooko on why Monero’s current privacy architecture can’t work:
— Arjun Khemani (@arjunkhemani) January 31, 2025
“The Monero devs are trying to upgrade Monero to have the strong kind of privacy—basically modeled on the Zcash style. That’s a project they’ve been working on for a while now.
Humans generate… pic.twitter.com/P6MXmQwg65
Monero's decoy-based system has fundamental flaws that make true privacy impossible.
Its weaknesses have been repeatedly exposed, allowing users to be traced.
Recently, Japanese police analyzed Monero transactions to arrest 18 scammers, proving once again that it doesn't work as promised.
🔗 Learn more about Monero's privacy limitations in this piece from Wired:
No.
Although Monero's "privacy" is always enabled, it's not as strong as Zcash's zero-knowledge system.
Monero relies on blending your transaction with decoys. Over time, patterns emerge and partial information leaks can let attackers link transactions.
Zcash's approach avoids these issues by never revealing sensitive info in the first place.
Zcash's privacy isn't on by default but it's more robust than Monero's.
Adoption has been gated by UI complexity, mobile unfriendliness, and lack of hardware wallet support.
With Zashi, Keystone, and Tachyon, those barriers are crumbling.
In privacy preserving cryptocurrencies, anonymity sets are often used as shorthand to express how well your activity is hidden among others. But this concept is often oversimplified.
An anonymity set isn't simply "how many transactions yours could be confused with." More precisely, it's "how many different users your transaction could plausibly be linked to." This subtlety matters because in Zcash and Monero, transactions are obscured in fundamentally different ways.
| Metric | Zcash (Orchard) | Monero |
|---|---|---|
| Anonymity set per spend | ~5.57 million | 16 per input |
When you make a shielded transaction in Zcash's Orchard pool, the protocol proves (cryptographically and in zero knowledge) that:
"I'm spending some note among these 5.57 million, without revealing which."
No decoys. No sampling. The entire shielded pool becomes the search space.
In short: Zcash hides your action among everything the protocol could ever plausibly spend.
But this anonymity set only applies at the time of the spend. It can't grow retroactively.
Every Monero transaction input uses a ring signature: a cryptographic method that blends one real input with 15 sampled decoys. These decoys are drawn from recent outputs on chain.
So even though you nominally have a 1-in-16 cover, the actual anonymity may be much lower.
This also makes Monero vulnerable to intersection attacks, where linking multiple transactions can drastically reduce the possible source set.
Monero advocate Riccardo Spagni (a.k.a. fluffypony) recently claimed that Zcash's privacy depends on how many people are actively using it.
You literally haven’t address what he raised in any way.
— Riccardo Spagni (@fluffypony) May 4, 2025
It doesn’t matter if ZCash’s magical cloud of privacy is perfect in every way. If only 1000 people enter the cloud that is your entire anonymityset. You can then remove users who clearly couldn’t have committed the…
This is factually incorrect. Here's why:
Zcash's shielded transactions use zk-SNARKs to prove, in zero knowledge, that a note exists in a cryptographic structure called a Merkle tree. When you make a shielded spend in Orchard (Zcash's most advanced pool), the protocol proves:
"This note is one of the X existing notes in the pool, and it hasn't been spent yet."
As of May 2025:
It does not matter how many people are transacting today.
The anonymity set is defined cryptographically, and it always grows.
Zcash's anonymity set is cumulative, not reactive.
| Feature | Zcash | Monero |
|---|---|---|
| Anonymity Set | 5.57M+ notes (as of May 2025), ever-growing | 16 (1 real + 15 decoys), fixed per input |
| Defined By | Cryptographic commitment tree (Merkle) | Protocol rule + sampling algorithm |
| Grows Over Time? | Yes, monotonically | No, fixed |
| Decoy Reuse/Linkability | None (zero-knowledge proof) | Possible via chain analysis |
Because historically:
But that's changing. New wallets like Zashi:
Zcash always had strong cryptography. Wallets are now catching up.