ZCash Shielded Transaction Censorship

In ZCash, privacy is opt-in, which unfortunately makes it possible to censor private transactions. Addresses beginning with a ‘z’ contain coins whose history is shielded by a zero knowledge proof. In this post, a ‘shielded transaction’ is one where a z-address is either an input or output. The ZCash Foundation defines these transactions as ‘shielding’, ‘deshielding’, and ‘private’

I noticed that shielded transactions aren’t being mined in the very next block even if there is plenty of time for the transactions to propagate. ZCash blocks are not even close to full and there are empty blocks being mined while shielded transactions are sitting unconfirmed. I took a closer look and noticed a pattern.

F2Pool, the second largest ZCash mining pool with about 18% of the total hashpower, is censoring shielded transactions.

This is easy to see by doing a quick-and-dirty analysis of the ZCash blockchain. Out of 86,849 shielded transactions year-to-date only 120 of have been mined by F2Pool. Given their share of the hashpower, they should have mined around 15,000 shielded transactions year-to-date. Shielded transactions are underrepresented by F2Pool by three orders of magnitude.

As for the 120 shielded transactions that F2Pool did mine, it could be that they were sent by F2Pool themselves from addresses that were whitelisted internally, but this is a guess as there is no way to know.

The two immediate questions are “When did they start censoring shielded transactions?” and “Why are they censoring shielded transactions?”.

It appears that F2Pool began censoring shielded transactions around April 2017. As for the “why”, we can only speculate. Verification of shielded transactions is not more expensive than it is for regular transactions (it’s generating the proofs that is expensive, not verifying them). Perhaps they don’t want to touch any shielded transactions to avoid participating in illegal activity (weak argument, in my opinion). Or perhaps F2Pool is concerned about the protocol changing how the proofs work and losing blocks. I found a tweet where F2Pool complained that the ZCash Sapling fork caused them to lose 30 blocks, though it doesn’t seem related to the censorship. It’s worth noting that F2Pool also censored transactions in their Ethereum mining pool during the Status ICO, which was very competitive, in order to increase their chances of getting an allocation.

This seems like a pretty big risk to the ZCash network: if more mining pools start censoring shielded transactions, it would make ZCash mostly unusable. To foster a healthier ZCash network, we should:

  1. Send more shielded transactions to incentivize mining pools to collect fees from them.
  2. Use wallets like Zepio Wallet that use shielded addresses by default.
  3. Don’t mine with F2Pool and let them know about it on Twitter.

Lastly, it’s possible that I’m wrong and miscalculating all of this somehow. Here are the BigQuery queries I used to perform this analysis. I’ve also attached the 120 shielded transactions mined by F2Pool in 2019. I know my queries are suboptimal, but I believe they are correct. I would appreciate it if somebody who knows ZCash and/or BigQuery better than I do could review this: