The Problem with Transparent Blockchains
On Bitcoin or a transparent Zcash t-address, every transaction is permanently recorded on a public ledger. Anyone with the blockchain data can see exactly how much value moved, from which address, and to which destination. This is not privacy — it is a permanent, immutable financial surveillance record.
Zcash's shielded protocol solves this with zero-knowledge proofs — a way of proving a statement is true without revealing any information about why it's true.
What Is a Zero-Knowledge Proof?
Imagine proving you know the solution to a puzzle without showing the solution itself. That's the core idea. In Zcash's case, the "solution" is the private transaction details (sender, receiver, amount). The "proof" convinces every network node that the transaction is valid — no double-spending, correct total — without revealing those details.
Zcash uses a specific type called zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge), which are both compact and fast to verify, making them practical for a blockchain.
Notes: The Basic Unit of Shielded Value
In the shielded pool, ZEC is held as encrypted "notes." A note is a record of value owned by a specific private key. When you send shielded ZEC, you:
- Spend (nullify) one or more existing notes
- Create one or more new notes for the recipient(s)
- Generate a zk-SNARK proof that the total input equals total output minus fee
The blockchain only records the proof and commitment — enough to verify validity — but nothing that reveals the underlying amounts or addresses.
What the Blockchain Actually Stores
| Data Type | Transparent Transaction | Shielded Transaction |
|---|---|---|
| Sender address | ✅ Public | ⌠Hidden |
| Receiver address | ✅ Public | ⌠Hidden |
| Amount | ✅ Public | ⌠Hidden |
| Transaction validity | ✅ Verifiable | ✅ Verifiable (via proof) |
| No double-spending | ✅ Enforced | ✅ Enforced (via nullifier) |
The Role of Viewing Keys
One elegant feature of Zcash's privacy model is selective disclosure. Each shielded address comes with an associated viewing key that can be shared with trusted parties (e.g., an accountant or regulator) to reveal transaction details for that address — without granting spending authority. This enables compliance without sacrificing general privacy.
Sapling vs Orchard: Protocol Evolution
Zcash has upgraded its shielded protocol twice. Sapling (2018) made shielded transactions fast enough for mobile wallets. Orchard (2022, via NU5) introduced Halo 2 proofs, which removed the trusted setup ceremony requirement entirely. Both protocols are active; newer wallets default to Orchard.
Is It Truly Private?
Within the shielded pool, yes — z-to-z transactions are cryptographically opaque. The main privacy caveat is the shielding and deshielding steps: the act of moving ZEC from t-address to z-address (or back) is a public event, though the amounts and ultimate destinations remain hidden once inside the shielded pool.
For maximum privacy: receive ZEC at a t-address, shield immediately, and only transact z-to-z from that point. See our beginner's shielding guide for the practical steps.