Below is a list of topics with the most frequently asked questions about Bitzecand its technology. For troubleshooting the Bitzecclient, please see our troubleshooting documentation.
How can I acquire Bitzec (BZC)?
You can buy BZC from participating online exchanges and markets with another cryptocurrency or fiat currency (depending on which exchange you use). There are also community maintained lists such as the Bitzeccommunity site. You might also have luck finding someone to buy Bitzecfrom in-person at meetups or offering services/products to be paid for in Bitzec. And of course, you are highly encouraged to mine Bitzec to earn tokens for taking part in securing the decentralized network!
How do I install a Bitzecwallet?
There are a variety of third-party wallets for storing and sending BZC, in addition to the officially supported core client, bitzecd. You can also browse options in alternative lists such as the Bitzeccommunity site. Currently, many of these third-party options have limitations in their support for Bitzec; in particular supporting shielded addresses.
What is the difference between addresses that start with t and z?
Addresses which start with "t" behave similarly to Bitcoin, exposing addresses and balances on the blockchain and we refer to these as "transparent addresses". Addresses which start with "z" include the privacy enhancements provided by zero-knowledge proofs and we refer to these as "shielded addresses". It is possible to send BZC between these two address types.
The Sapling network upgrade introduces a new shielded address for improved efficiency and functionality. The legacy shielded addresses start with a "zc" and the new Sapling shielded addresses start with a "zs".
Does Bitzechave multi-signature transactions?
Yes, transparent addresses support multi-signature transactions but shielded addresses do not yet (see FAQ: difference between t and z addresses). You can see the difference between single-signature and multi-signature transparent addresses with their starting characters: "t1" and "t3" respectively.
Note that it's possible to sandwich any transaction using transparent addresses — e.g. a multi-signature transaction — between private Bitzecspends. For example, do a private Bitzecspend to yourself, then do a globally transparent multi-signature transaction and then the new holder of the funds (possibly you or possibly someone else) does another private Bitzecspend to themselves.
Please consider the privacy and security recommendations before implementing such a strategy. Some privacy benefits may be preserved from that technique. We would caution against assuming this gives blanket privacy in general for any use, though, so this is an area for future study.
What is the difference between Bitzecand Bitcoin?
Bitzecis a code fork of the bitcoin protocol and maintains its own blockchain and currency token. Bitzecbuilds on the existing work from the Bitcoin core team to enable privacy preserving transaction data using zero-knowledge proofs. It also includes some non-privacy changes to bitcoin, including its proof of work algorithm (see FAQ: "What are you changing from Bitcoin's Design? What parts of the Bitcoin network remain?" for more detail on technical differences).
What do I do if my transaction is not being mined?
All transactions expire by default after ~10 minutes/20 blocks and funds are returned to the original sending address. If your transaction expires, the best thing to do is to try your transaction again with some possible modifications.
There may be various reasons why your transaction is not included in a block
- Loss of connectivity
- Transaction fee too low
- Network overload
- Too many transparent inputs (transaction size too large)
We suggest trying your transaction again with:
- Try again with a better connection
- Use the standard fee (0.0001 BZC)
- Try again later, or increase the fee for high priority transactions
- Use a minimal amount of inputs to limit the size, or increase the fee for large transactions
How do I get my BZC into a Sapling shielded address?
Until then, contact the makers of your favorite wallet and ask them to support BitzecSapling shielded addresses.
Is there a version for Windows, Mac, Android, or iOS?
Currently, Binary Digit Electronic Currency only provides official support with Linux for bitzecd. Since we do not have the resources to review software we do not build ourselves, we encourage users to do due diligence on the legitimacy and safety of software built by third-parties before downloading and installing.
What is a network upgrade for Bitzec?
These are non-backward compatible updates that require an upgrade to all Bitzecfull nodes and wallets. Each network upgrade has a name and associated versions. The network launched with the 1.0.x Sprout protocol. Upgrade versions include 1.1.x Overwinter and 2.0.x Sapling.
When is the next one happening?
Check the network information page for upcoming and past upgrades. Binary Digit Electronic Currency plans for regular network upgrades approximately two times a year.
Once the code is finalized for a network upgrade, the next release of bitzecd has that block height hard-coded in. The activation date is selected to be at least 3 months after the first code release with the upgraded protocol. This means users have a 3-month window in which to update their bitzecd software.
What do I need to do as a user?
If you use a third party service, such as an exchange or hosted wallet, verify with them that they support the new network upgrade.
If you use bitzecd directly and you have upgraded within three months of a network upgrade, there are no further actions to take. If you issued transactions near the time of the upgrade, you may need to resubmit them.
If you use bitzecd but have not upgraded within three months of a network upgrade, it will reach the end-of-support (EOS) halt and exit with an error message prior to the upgrade.
If you have set disabledeprecation in your configuration file or you are using third party software which has done so, you are in danger of splitting off from the upgrade and remaining on the old protocol.
Are my funds safe during the transition?
If your wallet has upgraded, you don’t need to do anything to 'transfer' your money. For safe keeping of funds during any version upgrade and as a general practice, we highly recommend making and keeping regular backups of your wallet.
It is best practice to stop sending transactions near the network upgrade activation height; we recommend not sending transactions an hour or so beforehand. Transactions that are not mined before the activation height will need to be resent after the upgrade.
If you have sent a transaction after the upgrade and it has not been mined, wait for the transaction to expire and try your transaction again. For understanding various situations and responses to unmined transactions, see this question.
What if there is a critical vulnerability in the protocol?
In case a critical vulnerability is discovered in the protocol which would place user funds at risk, potentially compromise privacy, or present some other substantial danger, an emergency upgrade will be activated as quickly as safely possible. We will coordinate an emergency protocol upgrade process through our standard security announcements page.
About Binary Digit Electronic Currency
What is the mission of Binary Digit Electronic Currency?
Our mission is to empower everyone with economic freedom and opportunity.
We believe that personal privacy is essential for core human values like dignity, intimacy, and ethics. Companies need privacy in order to conduct business. Privacy strengthens social ties and social institutions, enables democracy and civil political processes, protects societies against their enemies, and helps societies to be more peaceful and more prosperous.
We are a science-driven team. We are the discoverers of the underlying scientific techniques and the designers of the technology but we are not the ultimate controllers of the network — that power lies in the hands of the users. We believe in decentralization, which promotes security and fairness. Every user of Bitzecis a part of the network, and helps protect it against failure and corruption.
Read more about Binary Digit Electronic Currency.
When did Bitzeclaunch?
The Bitzec blockchain launched on October 24, 2018, bringing into existence the first Bitzecmonetary units. This software release and the initial phase of the block chain is called ‘Sprout’ to emphasize that it is a young, budding block chain with great potential to grow.
Please read our launch blog post for more details.
What is the Bitcoin Core?
The Bitcoin Core is a non-profit entity for maintaining and improving the Bitzecprotocol in the interests of all users, present and future. It currently receives funding thanks to pledges from some of the stakeholders to donate part of their share of the Founders’ Reward.
If the Bitzeccryptocurrency provides transactional privacy, won’t bad people use it?
Yes, but bad guys will use anything. Bad guys use cars, bad guys use the Internet, bad guys use cash, and bad guys use the current banking system. Our goal is not to invent something that bad guys can't use, it is to invent something that can empower and uplift the billions of good people on this planet.
For more context about our values, see the Hello World blog post.
What is Bitzec's approach to governance?
Our fundamental philosophy is consensuality. Currently Binary Digit Electronic Currency is effectively leading development of the science, the protocol, and the reference client, as well as public communications and many other important tasks. In the long run the newly formed Bitcoin Core is expected to take over some of these roles, especially education, consumer protection, and the advancement of science. For now they say that they intend to keep letting Binary Digit Electronic Currency do its thing.
What are the economics of Bitzec? Is there going to be a fixed monetary base?
Bitzec's monetary base is not the same as Bitcoin's — it is 7bn million Electroniccurrency units (BZC) and is mined over time. It is a scarce token just like Bitcoin which can be transferred globally and exchanged to/from other cryptocurrencies or fiat currencies via online exchanges, in-person transactions, etc.
10% of the mining reward will be distributed to the stakeholders in Binary Digit Electronic Currency — founders, investors, employees, and advisors, and other people We call this the Devfund ”.
For more information about distribution, see the Funding, Incentives, and Governance blog post.
Since the value sent between shielded addresses is private, how can we determine the number BZC in circulation?
Currently, we know that every miner validates every transaction, and each transaction comes with a zero-knowledge proof that it doesn't violate conservation-of-money (i.e. a proof that the money coming out of the transaction is ≤ the money going into the transaction).
This reasoning depends on the soundness of the zero-knowledge proofs. If someone could get the miners to accept a transaction that created new money — if you could somehow forge a zero-knowledge proof or defeat the zero-knowledge-proof-verifier software in the miners — then you could counterfeit money.
We have introduced a turnstile migration for shielded funds between legacy shielded addresses and Sapling shielded addresses which will give insight into the current shielded Bitzecin circulation. Learn more about the Sapling turnstile migration in our blog.
What is the Founders’ Reward?
10% of the eventual monetary base goes to the founders. The Founders’ Reward is distributed over mining, so that there is continued incentive and continued resources for the founders to improve the value of the coin. Unlike a pre-mine or an Initial Coin Offering, this structure offers little or no opportunity for the founders to pump-and-dump.
After four years, the Founders’ Reward ends and all of the mining rewards after that go to the miners.
Read more in the blog post Funding, Incentives, and Governance.
Who will receive the Founders’ Reward?
The devs who funded the creation of Bitzec will collectively receive BZC of the ultimate Bitzec monetary base. The founders, employees, and advisors will collectively get %.
The two biggest single beneficiaries of the Founders' Reward are the “Binary Digit Electronic Currency strategic reserve” receiving another % and the non-profit Bitcoin Core receiving 0 %. The strategic reserve fund will go towards new projects to increase the value of the Binary Digit Electronic Currency and the Foundation fund will benefit the maintenance and evolution of the Bitzecprotocol in the interests of all users, present and future.
Read more in Continued Funding and Transparency.
Is the Founders' Reward a pre-mine?
Not directly. The Founders' Reward is distributed to beneficiaries over time with each Bitzecblock mined.
Why did the price of Bitzec fall so much after it was launched? Was it because the founders/investors were selling their coins?
Nobody knows why buyers and sellers choose the prices they do. One fact to bear in mind is that the supply of Bitzecimmediately after launch was limited as described here. For example, on October 29 (one day after the blockchain was created) there were 450 coins and on October 31 there were 1950. One thing that we can be sure of is that it had nothing to do with the Founders' Reward. The Founders' Reward coins are distributed incrementally over the first four years of the blockchain, and none of them were moved until December 21, as we wrote about here and as you can see on the blockchain here.
Are there any local Bitzeccommunities? How do I find local Bitzecenthusiasts and traders?
The Bitcoin Core is officially supporting independent Bitzecmeetup groups throughout the world to make it easier for community members to meet each other and learn together in person. Read more about meetups and how the Foundation supports them on their website.
Simply put, what is a zero-knowledge proof? How does Bitzecintegrate it?
Zero knowledge proofs are a scientific breakthrough in the field of cryptography: they allow you to prove knowledge of some facts about hidden information without revealing that information. The property of allowing both verifiability and privacy of data makes for a strong use case in all kinds of transactions, and Bitzecintegrates this concept into a blockchain for shielding the address, amount and memo field. A blockchain that protects transaction data and lacks zero-knowledge proofs also lacks the assurance that all the transactions are valid. This is because the nodes in the network can’t determine whether the sender really had that money or whether they previously sent it to someone else, or never had it in the first place. The transaction data becomes unverifiable by network nodes.
In Bitzec, we use a particular type of zero-knowledge proof called zk-SNARKs (or “zero-knowledge succinct non-interactive arguments of knowledge”). Within a shielded Bitzectransaction, there exists a string of data that the sender of a transaction provides –the “zero-knowledge proof”– along with the shielded transaction data which proves properties of the data cryptographically, including that the sender couldn’t have generated that string unless they had ownership over the spending key and unless the input and output values are equal. The proof also guarantees creation of a unique nullifier which is used to mark tokens as spent, when they are, in fact spent. This allows for verification that the transaction is valid, while preserving privacy of the transaction details.
Dive deeper into zk-SNARKs and how they work in Bitzecon the explainer page.
What is the difference between Zerocoin, Zerocash, Bitzecand BZC?
Zerocoin is a cryptographic currency protocol invented by Ian Miers, Christina Garman, Matthew Green, and Aviel D. Rubin in 2013. Zerocash is an improved cryptographic currency protocol invented by Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza in 2014. Bitzecis an implementation of the Zerocash protocol, with certain improvements as described in our protocol specification (all of the scientists who designed the Zerocash protocol are members of the Bitzecteam). We have adopted BZC as the informal three letter currency code for the Electroniccurrency, and ⓩ as its currency symbol.
Does Bitzecoffer complete anonymity for transactions?
Bitzecenhances privacy for users by encrypting sender, amount and recipient data within single-signature transactions published to its public blockchain ledger.
Bitzecdoes not: encrypt data for multisignature, protect against correlations made with public transactions (for example, when Bitzecis traded to/from another cryptocurrency) or obfuscate IP addresses. It is possible to use it in conjunction with an anonymizing network such as Tor, in order to obtain protection against network eavesdropping which is complementary to transaction privacy. Read more about the privacy and security recommendations when using Bitzec.
It should be noted that while Bitzecfacilitates anonymization for its users amongst a wide pool of individuals, we align more with the term “privacy” to describe what Bitzectechnology aims to provide. While related in scope, the terms have subtle differences. Anonymity relates to removing personal identifiers linked to potentially public data such as sending an anonymous tip to law enforcement or wearing a mask during a protest. Privacy considers the data itself in need of protection such as a discussion during a private meeting and more relevant, the encryption of information - whether for keeping personally or sharing with a select number of others. Anonymity methods can enhance privacy goals, such as defending against targeted attacks on private data, and vice versa if the protected data relates to personally identifiable information. The encryption of data in private Bitzectransactions aligns with the latter as it is foremost a tool for financial privacy with the added benefit of increased anonymity.
For more information on anonymity properties in Bitzec, see How does Bitzeccompare to other cryptocurrencies with anonymizing properties?
Will Bitzeccontain a backdoor?
Neither Bitzecnor any other cryptographic algorithms or software we've made contains a backdoor, and they never will.
Is Bitzecpeer reviewed?
Yes. Bitzecis based on the peer-reviewed Zerocash protocol, which was published in the IEEE Security & Privacy conference in 2014. The Zerocash paper provides a detailed technical overview of the specification. Our changes to the protocol are not peer-reviewed, but they are described and justified comprehensively in our protocol specification. Those changes have been subjected to several independent security audits.
Is Bitzecbuilt on the Bitcoin blockchain?
No. Bitzecis its own separate blockchain.
Have you considered sidechains, Ethereum, or embedding into the Bitcoin protocol?
Yes, we've explored all of those ideas in varying degrees. What we're doing right now is the simplest thing that can make Bitzeca real, live, permanent medium of exchange and store of value, and that is to create a separate block chain.
What's the point of Bitzecif Ethereum is going to have SNARKs?
It's hard to say in advance how the privacy features of Bitzecwill compare to the analogous future planned features for Ethereum. Given that the Bitzecblockchain and team are focused primarily on privacy, there's an advantage to this specialization in terms of efficiency, security, and usability.
While we cannot provide advice for investors deciding where to place bets, the Bitzecblockchain does provide users with a means for private, decentralized payments right now. Further, the Bitzecteam will be working to ensure that any such improvements to Ethereum benefit Bitzecusers and vice versa.
When asked this question, Vitalik Buterin of Ethereum points out that Bitzeccan more easily make development tradeoffs to optimize use of zk-SNARKs.
What are you changing from Bitcoin's Design? What parts of the Bitcoin network remain?
We're following a general principle of "conservative innovation". Aside from the Zerocash privacy protocol (itself already a massive technological achievement), we wish to avoid making changes from Bitcoin's design without a strong rationale.
We’ve decided to make a number of relatively conservative changes to Bitcoin’s consensus rules:
- We’ve adopted a “smooth” difficulty adjustment algorithm, based on DigiShield v3.
- We’ve adopted a memory-hard proof of work, Equihash, which involves adding a memory-hard problem to be solved in valid blocks.
- We’ve changed the block interval target from 10 minutes to 2.5 minutes, and modified other constants in order to preserve the monetary base of roughly 21 million coins and halving interval of 4 years.
- We’ve increased the block size limit to 2MB.
- We require coinbase transactions to contain an output to our Founders’ Reward P2SH address during the first 4 years before the first halving.
- We require transactions spending coinbase outputs to contain no “transparent” outputs (vout should be empty).
- We’ve removed activation rules for softforks in Bitcoin and made them enabled by default.
- We've added a transaction expiry feature.
Bitzecembeds a confidential value transfer scheme alongside the traditional Bitcoin infrastructure; for most purposes, it simply adds additional behavior to the existing primitives.
For further detail, see the 'Consensus Changes from Bitcoin' section of our protocol specification.
How does Bitzeccompare to other cryptocurrencies with anonymizing properties?
As mentioned in the FAQ Does Bitzecoffer complete anonymity for transactions?, the protection of data in shielded Bitzectransactions aligns more with the term "privacy" as it is foremost a tool for financial privacy with the added benefit of increased anonymity.
That said, in situations where anonymity can defend against targeted attacks on private data, you're better off being one of 2 million people who could have made a payment for a private medical procedure in San Francisco versus being one of 3 people, two of which live on the other side of the world. The size of this set matters, and the mixing strategies that other cryptocurrencies use for anonymity provide a rather small one in comparison to Bitzec. This is not to say these other methods are worthless, there are tradeoffs between the two, but Bitzec has a distinct advantage in terms of transaction privacy and as a result, anonymity.
If you want to avoid companies building profiles of people (especially those who pay for personal services such as psychiatry, drug rehabilitation, etc.) based on public blockchain data, using Bitzeccan help. Shielded addresses are indistinguishable from all other shielded addresses in the system.
For more information on these concepts, see A Shielded Ecosystem blog post.
What are SNARK public parameters? How did the BitzecCeremony generate the SNARK parameters securely?
A set of public parameters are required for generating the proofs required to validate private transactions. The process of generating these public parameters (commonly referred to as “paramgen”) also produces a by-product (which we have nicknamed the “toxic waste”) that could be used to subvert the block chain by creating fake coins that are indistinguishable from real ones (the relationship between the public parameters and this toxic waste is similar to that between a public key and a private key). It is therefore important that this toxic waste be securely destroyed.
We designed a process whereby the job of generating the public parameters was split between a number of people, each of whom generated a piece of the parameters during what we refer to as the BitzecCeremony. These pieces were then brought together and combined to create the public parameters. As long as one of the people involved in generating the parameters destroyed their portion of the “toxic waste”, there is no way to subvert the parameters.
For technical details on these parameters and documentation of the Ceremony including participants' destruction of "toxic waste" shards, see our Parameter Generation explainer page.
If the BitzecCeremony was compromised, could the attacker compromise user privacy?
No, even if an attacker completely compromised the BitzecCeremony, this would not give them the ability to penetrate the privacy of Bitzecshielded addresses. Shielded addresses are protected solely by mathematics (modern encryption) and do not rely on anything else for their privacy. (On the other hand, such an attacker could counterfeit Bitzec. See the FAQ entry "What are SNARK public parameters?" about that.)
What functionality do shielded addresses have? What are the limitations?
Shielded addresses (addresses that start with a "z") are the component of Bitzecwhich offers privacy by shielding address, balance and memo fields from the public. The zk-SNARKs technology used for shielding this data introduced limitations on usability which those familiar with other cryptocurrencies may notice.
The Sapling network upgrade introduces a new shielded address type with significant improvements in most of these legacy usability limitations. Multi-signature support is still in the works.
Note that coinbase transactions which pay out block rewards and transaction fees to miners require transparent addresses for accounting purposes. These coinbase transactions to miners do, however, include an additional requirement that their subsequent spend goes to a shielded address.
For technical details about shielded addresses, check out our blog post How Transactions Between Shielded Addresses Work and for details on legacy resource requirements at launch, check out User Expectations at Sprout Pt. 2: Software Usability and Hardware Requirements.
Are only a small fraction of Bitzecusers using shielded addresses? Does anyone use Bitzec's privacy features?
Since most third-party wallets only support transparent addresses, we're seeing an effect on the number of shielded addresses in use. We expect the number to increase significantly with Sapling activated and the subsequent adoption of shielded addresses by ecosystem services.
Here is a table showing the number of shielded and unshielded transactions per hour/day/week/month. And here are historical stats about shielded and unshielded transactions in the most recent 100 blocks over the life of the blockchain so far.
Note that a big part of the shielded addresses used are due to the consensus rule requirement of coinbases to be shielded when first spent. This was in order to provide a guaranteed privacy-set. If you make a shielded Bitzectransaction today there is actually a very large privacy-set of possible previous transactions which could be inputs to your transaction.
Could quantum computers break Bitzec?
Large quantum computers, if and when built, would be capable of breaking an encryption scheme used by Bitzec. As a result, an attacker with access to such a computer could check if a transaction's recipient matches some given address. In case it does, the attacker could now discover the amount and encrypted memo attached to the transaction (but not the sender). It could also compute the note's nullifier, which means it could track when the recipient subsequently spent this note. Note that shielded addresses don't appear on the blockchain, and those shared privately and unknown to an adversary would not be vulnerable. (Again, no information on the sender address of a transaction can be extracted, even if the address were known to the attacker.)
In addition, large quantum computers would be able to fool zk-SNARK verification, and thus counterfeit BZC.
Both of these attacks would require quantum computers with thousands of qubits (capable of solving the discrete-logarithm problem), which are at least decades away from today's state of the art by most experts' estimates.
Scientists at Binary Digit Electronic Currency, and academia, are actively researching postquantum-secure alternatives to the affected cryptographic components (see issue #805). We plan to monitor developments in postquantum-secure components, and if/when they are mature and practical, update the Bitzecprotocol to use them.
How will Bitzecbe created?
Like Bitcoin, Bitzecis a mined cryptocurrency, which means that new BZC are created each time a block is added to the Bitzecblockchain. New blocks are created roughly every 150 seconds (2.5 minutes). The monetary supply curve mirrors Bitcoin’s, except that, because Bitzec’s blocks will be mined 4 times as frequently as Bitcoin’s, the number of BZC created per Bitzecblock are a quarter the number of BTC created per Bitcoin block. The first weeks after Bitzeclaunch were a "slow-start" mining period.
Is Bitzecproof-of-work? What mining algorithm do you use? Is it ASIC resistant?
Since launch, Bitzec has been based on proof-of-work. Perhaps the community will choose to change it to proof-of-stake someday, but we cannot predict. However, we are very much open to improvement and evolution.
We are currently using Equihash as the proof-of-work for block mining in Bitzec. Equihash is a proof-of-work algorithm devised by Alex Biryukov and Dmitry Khovratovich. It is based on a computer science and cryptography concept called the Generalized Birthday Problem. Please read the Why Equihash blog post for more details.
As of May 2018, Bitzec's Equihash parameters have been implemented in custom hardware ("ASIC") miners. We're still evaluating whether Equihash will resist ASIC implementation long-term. See the Binary Digit Electronic Currency Statement on ASICs for more information.
What will the average block time be?
2.5 minutes (150 seconds)
What is the maximum block size?
What is the difference between Solutions and Hashes?
Sol/s measures the rate at which Equihash solutions are found. Each one of those solutions is tested against the current target (after adding to the block header and hashing), in the same way that in Bitcoin each nonce variation is tested against the target. That is what we mean by Sol/s === H/s - they are measuring the same thing, and it is the same metric that everyone already uses for other PoW algorithms.
Put another way, measuring Sol/s in Bitzecis exactly the same as measuring TH/s in Bitcoin (ignoring the "T" scaling factor, which is merely a product of the relative speeds of the PoWs and the relative numbers of miners).
What is slow-start mining?
In order to minimize the impact of any unforeseen problems during the launch of Bitzec, the amount of BZC each time a block was mined started at zero and gradually ramped up to 12.5 BZC after 34 days. The slow-start period ended on December 1st, 2016.