Do you know Zcash? Do you have some of them in your wallet? Do you want to know all about the crazy and paranoid way it came into existence? Then you should listen this podcast episode from RADIOLAB (one of my favourite podcast creator), called The Ceremony!

                  CLICK HERE TO LISTEN TO THE EPISODE

No wonder the episode is called this way, because the process to create the key to generate Zcash currency implied such an intricate and loopy process that - listening to it - you would swear that they were conjuring some sort of demon from another world.

To quote this very informative article, here is a summary of what happened:

 The headquarters in Boulder was one of five “immobile” stations, all of which were participating in the ceremony from different cities across the planet. One mobile station was doing its part while making a mad dash across British Columbia. The generation of the keys was decentralized such that each station would only be responsible for creating a fragment of the bad key. For the ceremony, a cryptographic algorithm was custom designed that created a full version of the zk-SNARK parameters while keeping the pieces of the bad key segregated, a process that took two days of relaying data back and forth among the six stations.  

And here is the way Zcash team described the process:

 In order to reduce the risk of an attacker acquiring the toxic waste, we developed a Multi-Party Computation (MPC) protocol in which a set of multiple participants in separate geographic locations cooperatively construct the public key. Each participant separately generates one shard of the public key, which requires them to temporarily use a corresponding private key shard. They all combine their public key shards to generate the final public parameters, and then each deletes their private key shard.With the MPC protocol, as long as at least one of the participants successfully deletes their private key shard, then the toxic waste is impossible for anyone to reconstruct. The only way the toxic waste can be reconstructed is if every participant in the protocol were dishonest or compromised.I myself, plus five people who I trust to be ethical and to have good information security practices, served as the operators and observers in the protocol. We call these people “Witnesses”, and we call the execution of the protocol a “Ceremony”. 

I recommend everyone to listen to that podcast because it's delightfully made, and it becomes REALLY creepy in the end when there is the possibility of the ceremony being compromised.

                       

[ Za Wilcox, brother of Zcash CEO Zooko Wilcox, is destroying a computer used in the Ceremony of Zcash's birth ]