RT @naval: Bitcoin is insurance against fiat. ZCash is insurance against Bitcoin.

Been brushing up on the discourse and I’ve decided that every single person is richer than me is a greedy bastard and every single person poorer than me is a loser. I and only I have the exact right amount of money.

Joining the PGPZ community. Verification code: PGPZ-7C7FBEE2FD community.pgpz.org

Why not just use zcash?

wow zcash just absolutely blew past its ATH in hashrate security keeps increasing. kindly stop this at once so I can order more miners and retire my grandchildren

You’ll all buy zec at the price you deserve

All of you in the crypto cheap seats can keep dunking on Zcash for 'crashing' to the price six weeks ago, or you can instead learn something and spend your energy helping get your own crypto house in order for the AI & quantum risks ahead

RT @zooko: x.com/i/article/206309591285…

Mert gives the most honest Zcash risk/reward framework, bear case and bull case, no sugarcoating: "Worst case: minting in the orchard pool. Race to get out. $5M — probably made whole. $1B — I don't know. That starts getting complex. I'm not gonna sugarcoat that. Underwrite it in your risk model." "Bull case: network upgrade, pools migrated, you verify yourself there was no exploit. Then Project Tachyon — formally verified, quantum proof, scalable shielded pool."

Ironically, this short term makes it safer to put more in circuits. I’d rather trust FV’d code than non FV’d code And circuits with their clear specs are uniquely easier to FV than raw rust to FV languages

The choice is clear, panopticon cash or auditing of supply via migrations. I’m obviously going to chose the latter. Thanks to formal verification now being viable, checking the circuits really will just be checking a simple spec.

To get ahead of scams, if you're interested in donating to me for finding the Zcash bug, my addresses are in this post or in my replies below (be careful to check the exact username for lookalike scammers). Nothing else has been approved by me. Note: I intend to apply for a bounty through a Zcash coinholder grant, so donations are much appreciated but not necessary! Zcash: u1k6y9wpyc5m5ec3wz49ny9chewklyexn8rdj7928n3zswh0gwl0gh3zwwg37p76j7vrrv8s0dj8rhjfc49pg9yv9mjdea2sn86tnjh99a9424cdvw3aadyz8v40ddancr7e4kjzw07qhrcdez3d9sycx89f87vjw7eaxys2aktsm57tkp t1eykDAemzff7oPAA2E43Z47iawATB4bZRy Solana: D6c34hRcmhkHMXaAhoPXgVw9JYrh84saeSfYnk7ZSjeW ETH: 0x1b8203102aE3469a67E78FF9a78d8A5cC7E7e769 BTC: bc1qtxqv8fzj2pnewj2y5l8nh4ur4rkrvm2kv6mlp9

To put a finer point on it: the people who would actually face a loss if the bug were exploited are shielded holders, not transparent holders (99% of people on exchanges). Transparent holders would not be affected at all. If you're a shielded holder and you're worried about this bug, game theory says to unshield before the pool gets drained. It's essentially free and reduces your risk. So while markets are freaking out, shielded holders--who might actually face the loss--are not (only 1% of the 30% shielded pool has unshielded), which is the clearest signal that the people with skin in the game are not actually worried that this bug was exploited. The size of the shielded pool is the prediction market on this bug.

There's a lot of confusion about the recently patched Zcash bug. Here's how to actually understand it. If the bug had been exploited before the patch (very unlikely it was), it would have looked like the shielded pool getting drained. Whoever minted the counterfeit shielded ZEC would want to sell fast, before anyone else found the same bug. And remember, the market for ZEC is almost entirely transparent ZEC, not shielded. You can't dump freshly minted shielded ZEC on Binance or Coinbase without unshielding it first. The losers in that scenario are shielded holders who sit still. The transparent portion of Zcash is fully visible, so it's trivial to enforce that transparent ZEC never exceeds max supply. If you try to unshield more than the cap, you'll get stopped at the door. So if you hold transparent ZEC (anyone trading, on an exchange, or doing price discovery on ZEC) there's no marginal effect on you. The loss falls entirely on shielded holders. The team's next step is a new turnstile and a fresh shielded pool in the coming upgrade, which will confirm the shielded pool was not inflated. Think of it as taking headcount at the end of the field trip--that will make sure no extra kids snuck onto the bus. But while AI found this bug, AI will also deliver the fix for the whole category: formal verification. I'm very bullish on this as the path to harden all software across the industry. Formally verified cryptography can't have implementation bugs by construction. Right now AI is surfacing vulnerabilities across all our software--browsers, OSes, and blockchains are no exception. We're in the awkward adolescence where every wart is getting magnified and put on full display. But formally verified software is the only path forward for mission-critical software, and Zcash has put it front and center on their roadmap to deliver. Privacy is too important not to. (Dragonfly holds $ZEC and continues to. I'm personally an investor in ZODL.)

In the age of AI, formal verification is the way forward for securing software and Zcash is leading the way. Zcash will introduce formal verification in the next network upgrade, making "print money" bugs in shielded pools impossible. Encrypted money with provable correctness is unstoppable.

Privacy is an insane goal. We invent this brand new field of zero knowledge proofs, and prove a precise clock-work of statement perfectly correct. There is an existential risk, that "one addition" was missed in the clock-work. Formal verification solves this risk.

It was not practical to do this kind of verification until very recently, with LLMs that can generate the proofs instead of humans hand-writing them. (The proofs don't even have to be readable by humans, they can be pure slop, as long as the smaller theorems are correct.) The first real formally verified (end-to-end) cryptographic protocols appeared about last year, written by hand at great expensive, and were for relatively simple protocols.

In 6 months, everyone will be shocked at seeing privacy scale with no shielded sync. Chilling in a brand new formally verified pool, featuring recursive proofs, and unconditional PQ privacy. This bug ends up as a mass education event, and rallying call to formally verify.

Really excited to audit the Orchard pool's supply with a very elegant and wonderful approach @ShieldedLabs suggested. More about that later today. But it's funny that the whole time we're fixing it I'm going be paying bills etc. with my Orchard funds! I love it. 😆

Fascinating to see how certain individuals are spinning as a negative the fantastic work by the Zcash developer community to identify and remediate a vulnerability The AI-enabled assault on blockchains is here and I'm proudly on Team Zcash