top of page

Edward Snowden was instrumental in the development of the Zcash privacy coin.

Under a pseudonym, the NSA whistleblower and privacy advocate was one of six people who took part in the cryptocurrency's fabled 2016 "trusted setup" ceremony.

Edward Snowden, a former US defense contractor whose leaks sparked a global debate about internet surveillance, was involved in the development of the privacy-enhancing cryptocurrency zcash in a covert manner (ZEC).

The whistleblower was one of six people who took part in the "ceremony" that established zcash's so-called trusted setup. He was granted asylum in Russia and has lived there since 2013 after the US charged him with espionage.

His previously unknown role in the 2016 ceremony will be revealed in a video set to be released on Thursday by Zcash Media, a company that creates educational materials about the privacy coin.

In the video, Snowden says, "I saw it being worked on by a number of trusted academic cryptographers and I thought it was a very interesting project."

He claimed he used the alias "John Dobbertin" to conceal his involvement in the scheme.

Snowden agreed to make his participation public in a recent message to zcash co-creator Zooko Wilcox.

"I think you can tell people," wrote Snowden, who is scheduled to speak at Consensus 2022 in June, "as long as it is clear that I was never paid and had no stake, it was just a public interest thing."

The secure setup of Zcash

To grasp Snowden's role in the 2016 zcash "ceremony," it is necessary to first understand how the cryptocurrency's privacy works.

Transparent and shielded transactions are available in Zcash. Transparent transactions, like regular BTC transactions, are visible on the public blockchain. The shielded transactions, on the other hand, are sucked into "privacy pools," which can be thought of as black holes where everything is thrown together. These pools ensure that blockchain observers have no way of knowing where the coins came from or where they are going.

A secret cryptographic key was needed to set up the privacy parameters of the original "Sprout" pool created in 2016 and the "Sapling" pool created two years later. The key is basically a very large number. The procedure for generating this number is known as a "trusted setup," and the problem is that anyone who has access to the secret key could forge as many coins as they wanted.

Possession of the entire key could lead to "supply counterfeiting," but it would not violate any current or previous privacy, according to Nathan Wilcox, Zooko's brother and another ZEC co-founder.

While it is reassuring that ZEC's privacy is not jeopardized by the trusted setup, the ability to counterfeit coins would clearly be a major issue.

"You can't launch this global internet money cryptocurrency if somebody just knows the secret and then promises to throw it away," Nathan Wilcox explained.

As a result, the first group of researchers devised "The Ceremony," a multi-party computation. The secret key is not generated and held by just one person using this method. Instead, it is divided among a large number of people, with each contributing a shard, or piece, of this enormous sum. This ensures that no single person has a copy of the entire number.

"“If at least one person succeeds in throwing away their part of the data, the computation is secure," said Bitcoin developer Peter Todd, one of the six attendees at the initial ceremony.

Faraday cages and decoy plane tickets

Todd went to extraordinary lengths to ensure he was not hacked during the process. "Operation: Cypherpunk Desert Bus," he dubbed the adventure.

"At the very last moment I bought a plane ticket to somewhere I wasn't planning to go … I immediately went to a car rental, immediately got a car, immediately went off to a computer store to buy the computers off the shelf, ," Todd remembered. "I took out the Wi-Fi cards, I didn’t hook up ethernet and I literally ran it in a Faraday cage," an electromagnetic field-blocking enclosure.

"I got aluminum foil and lined a box with it in multiple layers and closed the lid. Aluminum foil really blocks Wi-Fi signals very effectively ," Todd explained.

Todd then began driving on his own. The logic was that keeping a safe distance between him and any potential adversaries would keep them from getting close enough to send commands or exploits to his machine.

"If you're in a car hurling down on the highway, it's really hard for the NSA agents who had no idea you were going to do this to actually follow you," Todd said. "I also had cameras on the car in the front and back. So had someone tried to do that, I'd get them on camera. "

The ceremony was also covered by Fortune and featured in a "Radiolab" podcast episode. These accounts focused on Zooko and his brothers' involvement, and the Fortune piece reads like a science fiction novel, complete with wizard hats and "crackling conflagrations" of lighter fluid melting computing equipment.

But it was the participant known as John Dobbertin, whose true identity had remained unknown until today, who was the most mysterious aspect of the ceremony. In addition to Snowden, Todd, and the Wilcox brothers, the proceedings included Peter van Valkenburg of the Coin Center think tank and security engineer Derek Hinch (then with contractor NCC Group, now at Amazon).

"When it came to this concept that they needed many people in many places all cooperating, in the hopes that just one of them might not be compromised, might not work sort of against the public interest, and that that was necessary for the ceremony to succeed, I was happy to say, ‘Sure, I’ll help," Snowden said in an interview with Zcash Media.

There is no way to know whether the ceremony was successful or not after the fact, regardless of whether you set your equipment on fire or include one of the world's most well-known privacy advocates, and regardless of how secure all the participants were.

"All I can do is run a piece of software honestly, on a computer that's clean, and then do my best to prevent the computer from being wiretapped," Todd explained. "Unfortunately, on that software, there are lots of ways someone could have surreptitiously changed it so that the number itself would not have been created randomly."

Improvements to Zcash

We can tell that extra ZEC has not been created in a roundabout way because supply was audited during pool migration.

A new pool called "Sapling" was built two years after the original "Sprout" pool opened, with significantly improved technology and a ceremony that drew hundreds of people. We can see that the coins that have migrated to the new pool do not exceed the total amount of ZEC that is supposed to be in circulation.

Furthermore, any transactions that exceed the amount of ZEC that the pool is designed to hold will be rejected by the network. Despite this assurance, and the hard supply cap of 21 million units inherited from the bitcoin codebase, there is no 100% proof that the ceremony was successful.

As a result, ZEC researchers figured out how to get rid of the trusted setup, and the team plans to launch a third pool with their Halo upgrade at the end of May.

Orchard, the pool, would not require a trusted setup, and as coins migrate there, the systemic risk would be eliminated, according to Nathan Wilcox.

Snowden was not the only controversial figure who helped Zcash early on, according to his brother Zooko.

"When we were designing the setup ceremony, I went to the Ecuadorian embassy in London and asked Julian Assange for advice on how to design it," says the author "Zooko Wilcox expressed her thoughts. The WikiLeaks founder Julian Assange "advised us to emphasize and prioritize the part about air-gapping the compute nodes, which we did."



bottom of page