The Zcash Foundation is delighted to announce the winners of our 2018Q2 Grants Program — 12 projects that will benefit the Zcash ecosystem and community. The Foundation’s Board of Directors has unaminously ratified the recommendations of the Grant Review Committee. (The Foundation originally accepted 13 projects, but one has effectively dropped out. See the update at the end for more details.)
We received 41 initial proposals. The submissions covered a wide range of topics: Analysis and improvement of Zcash security, wallet-building, community outreach, proof-of-work algorithms, online services, second-layer technologies, financial integration, and more. Many emphasized user-experience improvement or novel research.
Extensive discussion public discussion ensued, mostly via comments in the respective GitHub issues. There have been over 460 such comments. (Nearly double what we received last time!) The conversations among Grant Review Committee members and others from the Zcash community helped to shape the proposals by honing their scope. Advice was offered on technical approaches and complementary resources. The process allowed for questions on schedules, budgets, open-source policies, and other clarifications that strengthened the end results.
The complete proposals were further evaluated by the Grant Review Committee, which aimed to weigh all input from the community, guided by the Zcash Foundation’s mission and values. Primary considerations included:
- importance to the community
- likelihood of success
- security implications
- balance of topics (online services, outreach, research, etc.)
- balance of recipient types (individuals, companies, academic)
- balance of solid versus high-risk-high-gain approaches
The Committee also reached out to several proposers to adjust the scope or budget of their submissions. Finally, the committee summarized its conclusions in consensus opinions that portray, for each proposal, the Committee’s recommendation and its detailed rationale. These were submitted to the Zcash Foundation’s Board of Directors, and are now posted in each submission’s GitHub issue.
The total budget for this round of grants was originally $250,000 USD, but we plan to dispense $264,100; the proposals merit extra expenditure. Our thanks to the Research Institute (formerly known as the Blockchain Institute) for doubling our initial budget of $125,000 with their generous matching contribution! (As noted earlier, one project dropped out after this announcement was first written and published. The accurate total is now $254,100. Scroll to the bottom for details.)
The price of Zcash still fluctuates too much for $ZEC to be a useful unit of account for this purpose, but grant awards will be made using Zcash and sent to Sapling shielded addresses. We plan to proceed with disbursements following a final confirmation that all of the grants are within the strictures of our 501(c)(3) status, and that each payment will comply with the relevant United States regulations.
As you peruse the list of grant winners, this note from the Grant Review Committee will be relevant:
Not all of the committee members believe that ASIC-resistant proof-of-work is an optimal (or even viable) approach to achieving mining decentralization. However, relevant submissions were judged under the assumption that the Zcash community is interested in exploring the prospect of ASIC resistance, and this justifies funding a more informed discussion and developing prospective implementations.
The reasoning above conforms with the results from the Foundation’s latest governance process and our corresponding commitments.
The following grant winners are listed in descending order based on the dollar amount awarded. Each project is accompanied by the Grant Review Committee’s consensus opinion, lightly edited for readability. Titles are drawn from the original GitHub submissions. Note that clicking on the link to a full proposal will automatically download a PDF in most cases.
Design and/or help review new PoW scheme
The pseudonymous applicant, Solar Designer, is an expert in proof-of-work functions. He proposes to evaluate the ProgPoW function as an ASIC-resistant candidate for replacing Zcash’s current Equihash function (which by now has highly effective ASIC hardware).
ProgPoW is also addressed and discussed in proposal #15. Under the assumption — on which there is no consensus — that ASIC resistance is desirable and attainable, ProgPoW is a strong candidate. Evaluating its security and performance are crucial, and we believe that the proposer (who has also provided insightful analysis of Equihash in the past) will provide a valuable and well-reasoned perspective.
We suggest adjusting the scope explicitly to include a systematic comparison with other prominent GPU-friendly ASIC-resistant PoW options, such as updated Equihash (to be studied at more depth by proposal #38). For such a comparison, it would be reasonable to cite others’ analysis or claims rather than doing an in-depth evaluation as proposed for ProgPoW. Regardless, putting things in comparative context will be very helpful.
Scholarship for Research on Zero-Knowledge Proofs
The proposer, Benedikt Bunz, is a graduate student working on zero-knowledge proofs and blockchains, and coauthor of the bulletproofs paper. This proposal has two components:
- An open-ended scholarship to pursue several research directions that are promising with respect to privacy-preserving cryptocurrencies (and zero-knowledge proofs in general). This has high potential for advancing the state of the art in pertinent proof systems, given the applicant’s record and training, but is not certain to result in directly useful deliverables.
- Studying the prospect of a bulletproofs variant of Zcash Sapling, as a way to avoid the need for a parameter setup ceremony. There is no commitment to a concrete implementation.
Inventing and optimizing zero-knowledge proof systems is crucial to financial privacy infrastructure, and specifically to Zcash. Such cryptographic innovation most often originates in open-ended academic research funded by flexible grants and scholarships, such as this proposal by a graduate student.
Bunz and his adviser have already made notable contributions to the technologies underlying privacy-focused payment systems, and have demonstrated a strong research focus on zero-knowledge proof techniques and applications that are relevant to privacy-preserving cryptocurrencies (including both Zcash and Monero).
Some committee members are uncomfortable with funding open-ended research without concrete goals or clear deliverables, and are concerned that while the sponsored research may result in publications of interest to the academic cryptographic community, it may not be geared toward the particular needs of privacy-preserving cryptocurrencies. We recognize an inherent tension between prudent use of funds and the need to support open-ended, high-risk, and potentially high-gain cryptographic research. However, it was open-ended academic research that led to the creation of Zcash and many of its underlying ideas.
Going forward, we suggest that the Foundation considers creating a dedicated funding track for open-ended research, and academic scholarships in particular. Such a track should set evaluation criteria that recognize the inherent unpredictability of such research. It should be explicit about whether grants are scholarship for specific students, or grants at the principal investigator level. It should set expectation on effort level dedicated to the project, and the commensurate costs under standard academic conventions. It should also strive for equal access.
The committee recommends funding this proposal, at a reduced level of $40,000 (to adjust for the intended scale of six months, rather than one year as proposed).
Implementation of Blind Off-Chain Lightweight Transactions (BOLT)
The proposal, by cryptographic engineer J. Ayo Akinyele, is to implement BOLT (Blind Off-Chain Lightweight Transactions), which is a “Layer 2” payment protocol for privacy-preserving cryptocurrencies such as Zcash. BOLT intends to allow individuals to establish and use payment channels for instant payments that do not require an on-chain transaction. This is a promising approach to achieving scalability, analogous to the Lightning network on Bitcoin, while preserving users’ privacy.
We recognize the proposer’s clearly stated approach, strong background, and ability to deliver this important project. We believe that continuing development of BOLT will be beneficial to Zcash, as well as other cryptocurrencies. Funding of the full amount is recommended.
Update of the Equihash Algorithm
- GitHub thread
- Full proposal
- Proposer: CryptoLUX Research Group, University of Luxembourg
- Budget: $25,500
The Equihash proof-of-work function, used by Zcash and forks thereof, was motivated by ASIC-resistance. With its current parameters, it no longer achieves that goal. (At least two ASIC mining products recently entered the market, with a huge efficiency advantage over GPU mining.) This grant is motivated by several crucial concerns:
- What is the potential ASIC advantage with the current Equihash parameters, and to what extent can GPU and FPGA catch up to mitigate the prospect of total ASIC dominance?
- The need for better, open-source mining software for GPU and FPGA. This would mitigate mining hardware centralization, as well as the unfortunate current state where the state-of-the-art GPU mining software is closed-source and proprietary.
- How can the advantage of ASICs versus GPU and FPGA be shrunk with better choice of Equihash parameters or alternative algorithms? This informs the ongoing discussion about PoW changes.
Interest in 2 and 3 is predicated on the desire to achieve mining decentralization by enabling general-purpose mining hardware. It has not been established or universally agreed that this is the optimal approach. (Appealing arguments have been made that ASICs’ high cost of switching increases security via incentives and unavailability of PoW rental.) Nevertheless, the research and development proposed under this grant are worthwhile both in informing that high-level discussion, and in executing a potential decision in favor of ASIC-resistance.
The proposers are well-qualified, including the author of Equihash and an expert in efficient cryptographic implementations, both of whom are renown academic cryptographers. The proposal demonstrates cognizance of the state of the art, challenges, and opportunities.
The budget is reasonable for the amount of work. Timing, deliverables, and budgeting are well-specified. We recommend for the proposal to be funded (in its full proposed scope), and may provide advice on prioritization as the community discussion and complementary research evolve.
GitHub comment on November 4, 2019:
Success of this project depended heavily on GPU/FPGA implementations of Equihash for different parameters. However our project collaborator Dag Arne Osvik failed to deliver such implementations for the project milestones/deadlines. Without implementations further analysis planned for the project was not possible.
The good part is that grant funds stayed with the Zcash Foundation and thus should be available for other projects.
An alternative approach to analyzing anonymity in cryptocurrencies
- GitHub thread
- Full proposal
- Proposer: George Mason University and Boston University researchers
- Budget: $25,000
The proposal is made by a team of researchers from George Mason University and Boston University. Their offer is to analyze small-anonymity-set approaches and develop formal definitions for them, by using differential privacy techniques. Once the formal definitions are formulated, they plan to propose a new, provably secure construction for an anonymous cryptocurrency.
The Zcash Foundation would like to support development in small-set privacy techniques as they are popular among users, and protecting user privacy is the Foundation’s guiding star. Formal definitions and formally secure protocols, unlike the ad hoc approaches used by the industry right now, can get solid privacy guarantees against any adversarial strategy (if assumptions made about adversarial capabilities and environment are reasonable and practically achievable).
With that in mind, and also considering clearly written proposal text with well-defined milestones and deliverables, we recommend funding this proposal.
Open source zcash blockchain analysis platform (development and hosting)
- GitHub thread
- Full proposal
- Proposer: Blockchain Exploration Research Group, Wrocław University of Science and Technology
- Budget: $22,000
The Blockchain Exploration Research Group proposes an online platform for analyzing Zcash transactions, to help researchers investigate on-chain Zcash data effectively and and reproducibly.
Even after t-addresses are deprecated, lots of statistical information will still be extractable from the blockchain. Having this tool available will enable researchers, for example, to find parameters that are estimable and comparable with other cryptocurrencies.
The following reservation was raised: There have already been three papers showing the flaws of users interacting with t-z addresses (here is one instance). It is crucial for the proposers to focus on facilitating novel discoveries, and to strike for useful information even after the eventual deprecation of t-addresses. For example, consider how network-layer information can be captured and conveyed by the tool.
We recommend funding this proposal.
Add Zcash Support to the Anypay Merchant Payment System
This proposal comes from Anypay, a point-of-sale gateway that allows retail stores to accept cryptocurrencies as payment. The team requests funding to expand their infrastructure to enable Zcash payments.
This is an experienced team of developers and engineers who have worked for recognizable and reputable tech companies, and already have a working cryptocurrency point-of-sale which supports using other well-known cryptocurrencies, including Bitcoin, Dash, and Litecoin.
Unfortunately, as noted by the proposal, only four merchants out all of those that use Anypay take Zcash. If the plans in this proposal are achieved, Zcash payments will be more accessible for both users and merchants. Enabling the point-of-sale system and app to be configured to accept z-addresses will drive adoption and have significant long-term value. The clear vision for the user interface is encouraging; it demonstrates that commercialization is a real priority.
The Grant Committee feels that it is important to encourage the use of Zcash at brick-and-mortar stores. We believe that the Anypay system is capable of putting Zcash in more retail locations, and with support could expand beyond their current scale.
Advanced Zcash Blockchain Analysis
- GitHub thread
- Full proposal
- Proposer: CryptoLUX Research Group, University of Luxembourg
- Budget: $18,000
Proposed by the CryptoLUX Research Group at the University of Luxembourg, who were also awarded a Zcash grant in the fourth quarter of 2017. The team suggests a research grant to continue their empirical analyses of the Zcash blockchain.
CryptoLUX plans to leverage several techniques known for deanonymizing and linking transaction information together, along with some novel approaches that the Committee recognizes to be valuable. These approaches include studying Zcash-specific ideas like note conversion from Sprout to Sapling as well as more general ideas that may provide more broad results.
We recognize that the proposed approach by CryptoLUX is likely to produce an interesting and valuable analysis. We recognize the strong background of the proposing team, and we recognize their capability of accomplishing their goals. Funding of the full amount is recommended.
Support Overwinter and Sapling in Riemann
James Prestwich and Rachel Rybarcyzk from the company Summa are working on a library called Riemann. The library is for constructing transactions on Bitcoin-based blockchains. The team is asking for funding in order to support Overwinter and Sapling.
Developing such library infrastructure is important for facilitating third-party applications. Moreover, this library builds on the third-party Rust reimplementation of parts of the Zcash protocol, and bolstering such independent reimplementations is an important component of the Foundation’s decentralization and privacy values.
We thus recommend funding this proposal. The budget was reduced to $10,000 with the proposer’s consent.
Poster Art Series promoting Zcash and Financial Privacy
Proposed by Howard Loo, a Zcash advocate who wants to further awareness of the cryptocurrency through art and media. Loo seeks funding to pay professional artists to create a series of posters to educate the public about the importance of financial privacy and promote Zcash as a tool for achieving it. The end product will be a series of posters, suitable for printing and framing, downloadable for free from the Foundation’s website. The Foundation will be free to disseminate printed copies of the posters if it so chooses.
The Grant Review Committee thought this proposal was clear and the amount requested is reasonable for high-quality original artwork. Most felt that this would be a low-risk proposal with the potential to create helpful promotional materials to advocate for the use and adoption of Zcash. Full funding of this proposal is recommended.
Fork electrum to zcash and enable shielded transactions
Electrum is a popular Bitcoin wallet, one of the first to have a basic GUI. It does not have the most attractive interface, but the code is believed to be solid and can serve as a base for building future wallet applications. Having a version of Electrum for Zcash would be bolster the ecosystem and potentially serve as a tool for other wallet builders.
The proposer is Mikael Johansson, who said that he’d be able to complete the basic t-address integration within a “few weeks,” while requesting up to five months (at a monthly rate of $2,000) for z-address integration. Since Sapling is so close and the spec is not quite ready, we feel that this proposal could move forward with funding for only t-address support and one month of the developer’s time.
We recommend funding this proposal, at a reduced level of $2,000 corresponding with the reduced scope.
The proposer is Eric Vaughn, the developer of PayWithZ.cash website, a community resource which lists merchants and stores that accept Zcash for payment. Currently it is a basic one-page website with poor design and hard-to-read formatting. Vaughn’s plan is to update the site, and he seeks help with hosting expenses. He offered several options for how the funds could be spent.
We recommend the basic funding for three years of ad-free hosting ($360) and Eric’s personal work to redesign the website using WordPress ($700), coming to a rounded total of $1,100.
Congratulations to all of the winners! We extend our gratitude to everyone who submitted a proposal, regardless of whether it was accepted, and everyone who participated in the discussions on GitHub or elsewhere. The Zcash Foundation, the Grant Review Committee, and the Zcash community at large are excited to see these projects move forward.
Grant winners are expected to provide monthly updates to the Zcash Foundation’s general mailing list and otherwise be forthcoming in communicating their progress. The Zcash Foundation will issue regular reminders of this requirement to grant winners. However, we have no method of actually compelling compliance.
The 2018Q2 round of the Grants Program was originally announced in April, 2018, and we appreciate the applicants’ patience in awaiting final decisions.
Update added on February 27, 2019:
The ifdefelse team has failed to respond to repeated outreach about delivering the awarded funds. After several months, the Zcash Foundation is considering ifdefelse’s silence to be a withdrawal from eligibility. The $10,000 will be devoted to future Zcash Foundation efforts. We have preserved the original ifdefelse section of this blog post below, and the full changelog can be reviewed on GitHub.
ProgPoW: A programmatic (dynamic) Proof-of-Work algorithm tuned for commodity hardware
The pseudonymous team ifdefelse developed ProgPoW, an alternative proof-of-work algorithm that aims to be ASIC-resistant but GPU-friendly. Under this proposal (in its revised form), the team will integrate ProgPoW with Zcash, in the sense of releasing a proof-of-concept fork of the Zcash node software using ProgPoW instead of Equihash, as well as compatible open-source mining software and an operating testnet. The project will facilitate empirical evaluation of the difficulty and network behavior of such an integration.
As noted earlier, not all of the reviewers believe that the notion of ASIC-resistance is an important one to cryptocurrencies, but we gave submissions related to proof-of-work and ASIC-resistance the benefit of the doubt, judging these submissions under the assumption that the Zcash community is interested in ASIC-resistant developments.
Within this space, the committee sees the ProgPoW as having high potential merit. We observe that ProgPoW is considered by many in the community to be a promising alternative to classic proof of work, and an interesting variation of GPU-friendly ASIC resistance. We recognize the large body of work contributed by ifdefelse in developing an implementation of ProgPoW. We also observe that ProgPoW is being considered for use in Ethereum, with experimental integration underway.
We believe that the suggested prototype integration of ProgPoW with the Zcash code base will significantly further the ongoing discussion of potential PoW changes in Zcash, by demonstrating the technical feasibility, identifying difficulties, enabling experimentation with dynamics of hardness adjustment under various loads, and also — should ProgPoW be chosen for future Zcash network upgrades — reducing the time for developing that upgrade.
Thus, funding of this proposal is recommended. Moreover, we encourage the Zcash Foundation to support complementary efforts to independently evaluate the security properties of ProgPoW, either within or beyond the Grants Program.