Zcash developer and crypto researcher, Encrypted Money at Planetary Scale (tachyon.z.cash)

Project Tachyon: Scaling Zcash with Oblivious Synchronization. seanbowe.com/blog/tachyon-sc…
47
141
612
263,091
Back in ~2012, I sold $30,000 worth of BTC to an anon I met on freenode. I sent him half (!) and he flew out to where I lived with a duffel bag of cash for the other half. I was a teenager, and I felt like a gangster. But it was the dumbest financial mistake I ever made.
38
39
829
96,097
Imagine Bitcoin but 1) it's encrypted, using the most advanced privacy tech in the world built by expert cryptographers, 2) it makes major, continual progress week after week, actually improving and changing. That's Zcash. It's like a wet dream from the old bitcointalk days.
61
101
705
262,064
I've been waiting years for this moment. Zcash has flipped SHIBA INU. But there's much more work to be done. Let's get back to building.
63
77
608
53,197
Zcash already had world-renowned cryptographic expertise (go ask your quant!) but now all our orgs have the resources to hire top notch talent from across the industry. Just a few days ago I hired two more incredible cryptographic engineers for Tachyon. More to come. zillions
54
77
522
72,674
Really excited to have @alex_xiong_ and @colludingnode joining Tachyon full time this week! Our goal is to ship planetary scale to Zcash's encrypted money, starting with the most advanced cryptographic upgrade in Zcash's history next year.
53
52
427
111,775
Zcash has a $1.3 billion dollar anonymity set, built on the best privacy guarantees deployed with existing cryptography. No trusted setup, no obfuscation, and no slowing down. Encrypt your wealth.
43
68
417
75,660
I'm excited to announce that I'm hiring a team focused on shipping Tachyon in Zcash! If you're a Rust engineer who is passionate about privacy, crypto, and high assurance software -- and if you're interested in working on something meaningful -- please get in touch with me.
40
74
426
135,411
I was there for the early bitcoin days and this is just like it. Every time it crashed the IQ distribution of holders shifted rightward immediately. Now we have perps accelerating the process so people like that Wei Zhao guy get liquidated for betting against freedom. Nice.
so basically just buy any and all $ZEC dips? speechless
28
46
397
110,725
I'm happy to announce Sonic, a new zero-knowledge SNARK developed in collaboration with Mary Maller, Markulf Kohlweiss and Sarah Meiklejohn. ia.cr/2019/099
10
127
373
Zcash is humanity's first mathematically fungible asset. Much like when time and space switch places in a black hole, when money crosses the event horizon of a shielded pool its history begins an unstoppable, monotonic march toward indistinguishability.
36
89
354
67,439
Turned 32 today. I agreed to join Zcash almost exactly 10 years ago this week. Just like you can't easily replicate ZEC's fair coin distribution, and you can't buy off our principles, you also can't beat the conviction of die-hard Zcash fanatics. Like @zooko said, we're insane!
62
29
350
37,026
Today, I could not even imagine selling my ZEC to "take profits." Ironically, it would make my quality of life worse, not better, regardless of the price. The most leverage I have to make the world a better place is by making Zcash successful. And so I simply refuse to sell ZEC.
22
35
320
20,677
Tachyon consolidates the entire Zerocash protocol into a single distributed key-value store with an append-only log of test-and-set operations using recursive SNARKs. Almost everything is stripped from a txn before it is recorded, and *all* that remains is pruned.
19
56
316
42,063
I stood up all night working on recursive proofs and architecture for Tachyon, and not only was it more fun than looking at charts, but it spins the flywheel of Zcash that much faster.
24
27
305
14,563
Zcash's story on quantum-resistance is already positive from a privacy perspective, thanks to hard protocol design work over the years. My philosophy is pragmatism: protect our users, but spend our time and resources strategically. Brief thoughts: seanbowe.com/blog/zcash-and-…
14
52
296
43,105
me at 2am: sending my engineer a picture of my whiteboard sprawling with math formulas CT at 2am: bragging about putting shorts on privacy tech zillions
23
25
251
20,910
I am not alone. Everyone who held ZEC until 90 days ago is a devoted follower of Zcash's mission. After all that, we're not going to wake up one day and just be satisfied with a number on a screen. Higher, but more importantly: faster.
13
8
239
9,132
I love when people buy ZEC from people who sell ZEC.
I was there for the early bitcoin days and this is just like it. Every time it crashed the IQ distribution of holders shifted rightward immediately. Now we have perps accelerating the process so people like that Wei Zhao guy get liquidated for betting against freedom. Nice.
9
18
234
28,195
The pace at which things are improving (and the number of independent things that are being worked on) is rapidly increasing in Zcash. But the stage was set for most of this *before* the recent price rise. I cannot fathom how exciting things will be in the months ahead.
17
38
220
9,311
gonna keep tapping this sign every time this happens. zillions
I was there for the early bitcoin days and this is just like it. Every time it crashed the IQ distribution of holders shifted rightward immediately. Now we have perps accelerating the process so people like that Wei Zhao guy get liquidated for betting against freedom. Nice.
15
20
212
34,230
Tachyon has many crucial components, but they're all centered around this new technique that allows Zcash's nullifiers (and everything else about a shielded transaction) to be *pruned* by validators for the first time *without* privacy issues. Huge unlock for scale.
New work with @ebfull on scaling Zcash and Zexe-derived protocols like Aleo and Aztec. zkSNARKs are now a (fantastic) commodity. They were always just one piece of the puzzle: building a secure protocol architecture for "shielded state" manipulation. eprint.iacr.org/2025/2031
7
22
209
17,428
Excited to announce an 80% reduction of proving time and 98% reduction in memory for our next-gen zk-SNARKs! z.cash/blog/cultivating-sapl…
5
91
202
I don't let the ZEC price discourage me when it's down, and I don't let it distract me when it's up. Build, and ship!
11
35
198
19,261
ZEC whales were sound asleep while some derplet panic sold his overleveraged long, the cabal has assured me this will be investigated.
need to shake out all the folks who are worried about short term price movements
7
12
199
26,798
Replying to @criptopaul
1. the cope needed to be this zidelined 2. the zideline needed to cope this hard
13
10
193
12,330
I have some more exciting hiring announcements to make soon 😁, but in the meantime, if you want to contribute to Tachyon and leave a legacy on scalable encrypted money, please go to seanbowe.com/ and reach out!
I'm excited to announce that I'm hiring a team focused on shipping Tachyon in Zcash! If you're a Rust engineer who is passionate about privacy, crypto, and high assurance software -- and if you're interested in working on something meaningful -- please get in touch with me.
13
34
174
35,158
We were able to get the recursion threshold for Halo to below 2^17 mul gates, and the proofs are only 3.6 kB long! Proving time on my desktop is less than 15 seconds and verifying time is less than a second. We'll be updating our paper with a better formalization of the protocol.
6
38
173
first you make it private, then you make it nice, then you make it scale
first you make it work, then you make it nice, then you make it fast.
12
35
197
26,393
Replying to @badcryptobitch
as the BLS12-381 designer I can tell you I just yolo'd and asked some famous cryptographers to doublecheck me. they were like "yeah that's fine" and now it's the center of countless blockchains lol
5
19
153
35,983
str4d and I have a tradition of making the first transaction to move funds into each new shielded pool. It's incredible to think we'll probably never be able to do that again; there is now an ungodly amount of shielded money moving around today.
FIVE MILLION SHIELDED ZEC.
9
20
157
10,100
At first I thought this was a bullpost about future gains, but then I did the math in my head and realized $2000 really does only buy you 3 ZEC these days. (For now!)
8
4
155
16,444
Zcash is the clear leader of cryptographically-strong private unstoppable money. Tachyon resolves the last outstanding scaling challenges inherent to our Zerocash-based protocol *without* compromising on privacy, putting us years ahead of other projects in this space.
7
17
154
24,156
Replying to @beaniemaxi
*Nobody* relies on the initial setup anymore for anything. If that legacy shielded pool were compromised it would affect a negligible amount of ZEC (sitting there untouched for years!) guarded by a turnstile that would detect and block inflation from the pool.
4
8
142
12,615
Aztec's community is demonstrating positive sum thinking, and a devotion to the ultimate goal of privacy. Zcash's success and Aztec's success are *not* mutually exclusive, and we both stand to benefit from each other's cooperation and camaraderie.
6
22
139
14,841
We have the resources, the world-class expertise, the project-wide alignment and a decade-long track record of deploying bleeding-edge cryptography that has repeatedly changed the entire ZK landscape. It's time to build, ship and win.
4
12
130
9,584
With Orchard, Zcash will be the first cryptocurrency that offers fully shielded transactions without the monetary base soundness relying on a setup ceremony. (Fully shielded means actual on-chain privacy, not weak decoy-based schemes.)
Replying to @zodl_co
NU5 represents the largest network upgrade in #Zcash history, launching the Orchard shielded payment protocol and utilizing the Halo proving system to remove reliance on complex setup ceremonies. electriccoin.co/blog/announc…
8
32
123
I actually thought Bitcoin was going to moon, so why did I do it? I told myself that I was "just selling half" and many of these common tropes. But when you "take profits" once, you'll do it again and again, coasting on the derivative of what would have been parabolic gains.
2
3
131
8,431
More hires to come! In the meantime, we're also bringing on some community interns. @lucidzk is being sponsored by an anonymous ZEC donor to contribute to Tachyon part time! Stay tuned for more info about how you can contribute as well.
2
2
119
15,445
there's almost nothing less cypherpunk than personal attacks against someone widely regarded by cryptographers. if you find yourself surrounded by people willing to do that, congrats: you discovered crypto hell
11
14
118
9,402
The story for how Halo came about resulted from months and months of failed attempts and perseverance, but the discovery was more nuanced than this and involved @feministPLT and @str4d too! I've tried to use my experience as a lesson for how to discover stuff. A thread. 1/n
Replying to @zodl_co
3/5 "I said, hey everybody, make sure that Sean has plenty of time to think about this. ... I was like, I think there's a 60% chance that he's going to come upon like the greatest breakthrough ever if we leave him alone.
2
31
102
If you want to use zk-SNARKs in your project, I've written a Rust library for performing MPCs for zk-SNARK public parameters! docs.rs/phase2/0.2.2/phase2/…
1
31
105
For example, there is no quantum computer or powerful AI that will be able to look back at the Zcash blockchain 1000 years from now and figure out who made every fully shielded transaction. That information, among other things, never even touches the ledger. It's already gone.
3
21
111
15,054
Zcash's privacy model treats your counterparty as the adversary; they know at least as much as any observer. Shielded transactions leak *nothing* to your counterparty, and therefore your privacy is unaffected by which address type they provide.
4
19
110
5,822
I think we can begin to deploy major improvements to Zcash *very soon* which incorporate these ideas and increase transaction capacity for shielded transactions significantly. It won't even require a new shielded protocol! That's Project Tachyon.
11
15
119
5,946
Replying to @pseudotheos
4
17
103
common misunderstanding. ZEC market does not close, it's a cryptocurrency
The daily close with this bearish engulfing candle for #ZEC is typically an indication of more downward movement to come.
12
7
105
26,171
Some scattered thoughts and wild gesticulations about what Tachyon may look like from the perspective of the Zcash consensus protocol, in contrast with the other shielded protocols: seanbowe.com/blog/tachyactio…
5
21
99
21,218
we're definitely not beating the allegations (zillions)
Replying to @ebfull
I've asked the cabal to manifest this on the chart.
8
8
99
6,924
Replying to @in4crypto
This is my redemption.
2
5
97
5,271
Replying to @vikrantnyc
This is embarrassing for you to be promoting and asking for other people to take seriously. None of it is accurate, it's timecube rambling slop. Orchard has no trusted setup whatsoever.
5
5
94
2,484
This is a totally different vantage point for Zcash to be working from. We're starting from something that is already extremely private toward something that *also* scales to the entire world. That's why world experts in cryptography and privacy believe in Zcash and few others.
2
14
95
6,847
Really excited that my first hire @MariusMargulus (formerly Penumbra) started his first day today!
I'm excited to announce that I'm hiring a team focused on shipping Tachyon in Zcash! If you're a Rust engineer who is passionate about privacy, crypto, and high assurance software -- and if you're interested in working on something meaningful -- please get in touch with me.
13
9
95
8,360
No joke, #Zcon0 is the best conference I’ve ever been to. I can’t walk five feet without having an incredibly useful conversation about cryptography or writing formulas on scratch paper.
3
8
81
If you're a trader drawing all those fib lines all over the ZEC chart and you're not using Zeckendorf's theorem, what are you even doing?
6
5
90
3,459
Replying to @ebfull @lucidzk
Bonus: We're also sponsoring the Zypherpunk Hackathon! @mert will have more updates available about that over the next couple days.
announcing the first-ever Zypherpunk Hackathon for Zcash what: build cool shit, win cash, start startups where: online when: Nov 10 - Dec 1 what's next: we need sponsors! to sponsor, click the link in the next tweet for builders, no action; just brainstorm until the 10th
2
3
84
6,482
Drug dealers and criminals captured by network effects and three-card monte tricks are not enlightened privacy and cryptography experts to take your cues from. Unless you're as naive as they are, use your brain instead.
14
10
103
15,766
what's happening here? typical halfpipe pattern ztable lads
8
3
85
5,185
Replying to @marcuslayerx
I didn't end up poor, I just didn't end up a billionaire. But I probably would not have contributed much to cryptography if I got rich from Bitcoin and felt like I was too good to be in the trenches fighting for cypherpunk values.
4
4
86
4,637
Ragu for Orchard: Recursion Al Dente seanbowe.com/blog/ragu-for-o… This is part of a (long) series of technical blog posts I'll be writing about my progress on the Tachyon project for scaling Zcash!
9
18
73
15,264
trying to test out CrossPay on @zashi_app but my favorite merchants accept ZEC already
3
4
74
2,910
This is broken and a simple attack demonstrates it: the prover can (internally) rearrange its coefficient and group element vectors so that they still correspond with the polynomial commitment but represents a new polynomial. Protocol still passes after this, so it must be wrong.
#ePrint Kevlar: Transparent, Efficient, Polynomial Commitment Scheme with Logarithmic Verification and Communication Costs on Efficient Groups: FYC Lu ia.cr/2022/702
5
12
70
In many ways Zcash's shielded transactions bump up against the information-theoretic boundary of what it means for something to be private. It's not perfect but in many meaningful ways we simply cannot make it any "more private."
2
3
67
2,649
Replying to @genzcash
👀
1
3
71
2,056
Succinct ZKPs are one of those things for which even seasoned veterans who have worked with the math for over a decade still occasionally pause and reflect: "I can't believe this actually works." Sometimes it feels like it wouldn't but for the hand of God pushing the pencil.
4
10
69
3,105
I've asked the cabal to manifest this on the chart.
3
1
72
9,404
Replying to @Mudit__Gupta @zooko
I really disappointed you'd make such an ambiguous point about such a nuanced subject. Especially given the context and the fact you're at Polygon.
1
3
68
3,069
Replying to @oxngon @genzcash
The first sentence in the post IS accurate. It doesn't matter if Monero has everyone on the planet using it. Each individual Monero tx is, for all practical purposes, not really anonymous at all. More users doesn't change the equation.
4
15
68
6,560
When you publish a new academic paper, and you get swamped with emails from "investment groups" that want to invest in your "whitepaper"...
5
7
62
What do these metadata leaks you're referring to have to do with on-chain privacy guarantees against quantum adversaries? Metadata isn't stored on chain, you're trying to have two discussions at once.
2
1
68
1,591
Replying to @arjunkhemani
tricky, since in the future I don't want to own any Bitcoin
6
7
67
7,631
new rule: if your paper is about building something using SGX, put SGX somewhere in the abstract so it can be ignored by people who think SGX is garbage
2
4
61
The privacy point is important, too. We wouldn't have shipped Zcash with a trusted setup if privacy would be at risk. The whole point was to maximize along the privacy dimension and make reasonable tradeoffs on everything *else*, which at the time meant a trusted setup. No more!
1
3
62
2,239
The next thing to build is another generation of Zcashers and privacy maxis. 👀
5
5
56
2,120
There are ways to improve, particularly at the boundaries where it comes into contact with the rest of the world. But to be certain about your privacy you *must* start by using shielded Zcash. You almost cannot even begin otherwise.
1
1
59
2,773
bellman, pairing and various other crypto projects I've written in Rust are all being relocated and refactored into the zkcrypto org on github: github.com/zkcrypto
2
20
53
I also never stated perfect privacy, but what does hold is on-chain anonymity against quantum adversaries even when such an adversary knows your address; the source of all funds is protected unconditionally.
1
1
59
1,673
I've been working on an implementation of the Sonic MPC for BLS12-381, to give succinct zero-knowledge to everyone with minimal trust. There are some new techniques and ideas that I want to explore with a wider community before we begin. DM me if you're interested in helping!
6
8
57
Not mentioned in the article, but the original versions of the PLONK paper were actually vulnerable to this as well; two years ago I brought this exact vulnerability up to the authors and the paper was revised.
Your code might be vulnerable! Our cryptography team has discovered a number of Fiat-Shamir vulnerabilities affecting proof systems such as Bulletproofs and PlonK. Check out this blog series for details and contact us if you think your codebase might be… blog.trailofbits.com/2022/04…
4
13
53
cazcazious coin
2
2
58
1,715
Just published 0.1 of the bls12_381 Rust crate. Aims to be a lightweight, no_std compatible implementation of BLS12-381, with nearly everything constant time, and performance comparable with other high speed implementations... without any `unsafe` code. docs.rs/bls12_381/
2
11
53
Sonic doesn't require a trusted setup for each circuit, but only a single setup for all circuits. The setup never has to end, so it can be secured indefinitely by accumulating more contributions. (Only one previous contributor must be honest.)
4
12
51
Replying to @ercwl
what's your zaddr eric, need to conspire a little bit
3
3
55
4,503
There’s an obscure breed of cryptographer that spends almost all their research effort on attacks and rarely builds anything or offers up anything of their own to be similarly scrutinized. Since they never make mistakes they are smug assholes about everyone else’s mistakes.
6
53
One of the major bottlenecks for scaling Zcash is the mechanism our protocol uses to prevent double-spending. Shielded transactions have to be indistinguishable, so we make them reveal a "nullifier" that all full nodes have to keep track of forever to prohibit their reuse.
2
61
6,327
Many are aware that secp256k1 forms a curve cycle with another curve. We noticed something weird though: there are isomorphic curves hiding in plain sight in both of the fields! 😮 In this article @feministPLT and I dig into the math that causes this: hackmd.io/@dJO3Nbl4RTirkR2uD…
5
19
53
Replying to @ZKnowl3dg3
Zcash is my future. :)
1
9
47
4,687
Replying to @vikrantnyc
No, if you post an inflammatory claim like that and then much later delete your post without expanding (if only to inform others), you're boosting egregiously false claims and not being a reliable signal. That hurts people's trust in you and your motivations.
3
2
52
1,072
He eventually passes out against the plexiglass. My favorite photo of him.
3
6
48
Replying to @vikrantnyc
This follows a trend where you baselessly speculate about things that contradict *basic* facts about Zcash. You'll beclown yourself and then delete your post on X afterwards without explanation, once again. Yes, asking "Comments?" and linking to this non-ironically is pathetic.
1
1
51
916
For the first time in years I'm excited because every problem that has cropped up can be solved with standard tricks that we had previously exhausted. It seems that working in this model frees all the techniques back up again.
1
2
56
3,063
This paper was the main driver of over ten years of my life (career, engineering, research) and I'm so happy the authors are getting the credit they deserve!
Congrats to my co-authors Eran Tromer, @secparam, Christina Garman, @MadarsV, Allesandro Chiesa, @EliBenSasson for winning a “test of time” award at IEEE S&P for Zerocash!
3
47
3,773
And of course, @ElectricCoinCo built a healthy environment to do research without management pressure and a fantastic team of researchers and engineers! 28/28
1
7
41
Replying to @mineZcash
"pump and build" i like that.
3
45
712
Replying to @MicahZoltu
I was on bitcointalk back then and I don't remember us all wanting Bitcoin to become useless and ossified. We all kept thinking of ways to improve it and upgrade it to solve problems and make the world better.
2
4
46
2,086
Anonymity isn't about taking elaborate means to obfuscate your actions, it's just people doing the least to distinguish themselves from each other. Security by obscurity not only doesn't help but it can even cause you to stand out more.
3
6
42
4,439
Replying to @mert
sell the rumor, sell the news
1
1
43
1,908