“Adding Zcash-style privacy to Bitcoin with a consensus layer is a bad idea,” Bitcoin developer Peter Todd said after a failure was detected in Zcash’s Orchard pool, the most popular system for shielded transactions on that network.
Todd’s post, shared on X on June 3 of this year, started a discussion about Bitcoin, its design, and possible failure vectors. In that sense, one user reminded developers that Bitcoin is also not immune to errors, as they had to roll back some blocks after a bug in the network in 2010. 184 billion invalid BTC generatedand in 2013 that Bitcoin was temporarily split into two chains due to incompatibilities between versions of Bitcoin core software.
Todd replied:
That’s exactly my point. In Bitcoin, reversing the chain was possible because only a small portion of the coins were affected and exploits were easy to detect. 30% of Zcash’s supply is secured (mainly in Orchard pools). Destruction of that supply would be catastrophic, resulting in the complete disappearance of funds for a high percentage of Zcash users. I personally have a little bit of Zcash, but it’s all shielded.
Peter Todd, Bitcoin developer.
Todd’s argument is that in Bitcoin, flaws in the underlying protocol affect public and auditable supply. With Zcash, a failure in the cryptographic circuitry that supports privacy can affect funds that don’t affect anyone. Even the developers themselves could not accurately quantify it in real timeaccording to Todd.
Another user then questioned whether Todd’s reasoning would stifle innovation in Bitcoin, saying, “It’s like saying adding quantum security to the consensus layer is a bad idea because it might have bugs.”
Todd denied the equation.
Different types of cryptocurrencies have different levels of risk. Zcash style cryptocurrencies come with a much higher level of risk than Bitcoin cryptocurrencies. This is reflected in the fact that Zcash has much more serious problems than Bitcoin.
Peter Todd, Bitcoin developer.
Todd’s distinction is not between innovating and not innovating, but between assuming high-risk cryptographic complexity at the core of store-of-value protocols; Keep the core intentionally simpleas the Bitcoin design has established.
Bitcoin design and attack surface areas that Bitcoin does not have
Bitcoin does not have the kind of encryption that Zcash uses to secure transactions through the Orchard pool built into its underlying protocol. To this end, Zcash employs Halo 2, a variant of the zk-SNARKs encryption scheme, which uses zero-knowledge (ZK) mathematical proofs to Validate operations without revealing the sender, recipient, or amount.
The complexity built into Zcash’s consensus layer is exactly what enabled the attack surface exposed by the June 2nd incident. This vulnerability did not result in any loss of funds, but required a hard fork to fix it (hard fork) A protocol that forces nodes, wallets, and block explorers to update in a cooperative manner. People who don’t do it on time won’t be able to synchronize, They showed that the network was paralyzed for hours.
Bitcoin is not infallible, but Orchard’s complexity does not exist by design decision. Satoshi intentionally built a narrow protocol to realize his proposal (a decentralized electronic money system) without using additional layers.
This rigor is not a technical limitation, but a safety philosophy. The core of the protocol is less programmable, Attack target area becomes smaller. Since Bitcoin does not have a zero-knowledge proof circuit, there cannot be any vulnerability in the zero-knowledge proof circuit.
Bitcoin privacy another way
However, the debate over privacy in Bitcoin revolves around where and how to add Bitcoin, not whether to add it. In this context, silent payments (or silent payment) are concrete proposals currently in progress. It is a system that enables Receive Bitcoin (BTC) without disclosing your collection historyautomatically generates a different address for each transaction from a single fixed code that is publicly shared by the recipient.
The silent payment mechanism operates at the application layer, so the underlying protocol remains unchanged. Eliminate address reusetoday it’s an act that exposes your entire account history to anyone who knows your address.
However, adoption of silent payments remains limited. According to CriptoNoticias, Sparrow Wallet includes these in version v2.5.0 released on May 21st. Cake Wallet also supports them. BlueWallet only supports sending, not receiving.
Therefore, the path to privacy in Bitcoin, unlike Zcash, does not involve rewriting the rules of the protocol, but instead It still hasn’t reached the average user.
