Privacy is not optional.
It's cryptographic.

Both Zcash and Bitcoin share a fixed supply of 21 million coins and use Proof-of-Work mining. Bitcoin was the model — Zcash was built to close one fundamental gap it leaves open: financial privacy.

When you send Bitcoin, everything about that transaction is written permanently on a public ledger. Anyone with a block explorer can see the sender address, recipient address, and exact amount. Research has repeatedly shown that this "pseudonymity" can be reversed through transaction graph analysis — clustering algorithms can identify addresses controlled by the same person by following spending patterns.

Zcash launched on October 28, 2016 as the first production implementation of zk-SNARKs — a type of zero-knowledge proof — applied to a public blockchain. The core insight: you can prove a transaction is mathematically valid without revealing any of its details.

A zero-knowledge proof lets one party (the prover) convince another (the verifier) that a statement is true — without revealing any information beyond the truth of that statement itself.

In Zcash, when you send a shielded transaction, your wallet generates a zk-SNARK proof. That proof tells the network: "The inputs are valid, the coins aren't being spent twice, and the math balances." Crucially, the proof reveals none of the underlying data — no sender, no receiver, no amount.

The network sees a single public balance change for the shielded pool, a set of note commitments (encrypted outputs), and a set of nullifiers (identifiers ensuring spent notes can't be reused). It never learns which notes were spent or their values.

Zcash's modern proof system (Orchard, introduced in NU5) uses Halo 2 — eliminating the need for a trusted setup ceremony that earlier versions required. The cryptographic assumptions are now purely mathematical.

Zcash supports two address types that can interoperate — but they offer very different privacy guarantees.

Transparent addresses (t-addresses) behave exactly like Bitcoin. Every transaction to or from a t-address has its sender, receiver, and value publicly visible on the block explorer. They start with t1 (single signature) or t3 (multisig).

Shielded addresses (z-addresses) use zero-knowledge proofs to encrypt the transaction. A fully shielded z-to-z transfer hides sender, receiver, and amount. All that's visible on-chain is that a transaction occurred and what fee was paid. Modern shielded addresses use the Orchard protocol and are presented via Unified Addresses (UA) — a single address format that can bundle multiple receiver types.

There are four basic transaction types depending on address combination:

Shielding (t → z) moves funds into the private pool — the amount entering is visible. Deshielding (z → t) moves funds out — the amount leaving is visible. Mixing these exposes some metadata, so fully z-to-z is recommended for maximum privacy.

Privacy by default doesn't mean no accountability is possible. Zcash includes a mechanism called viewing keys that allows the owner of a shielded address to selectively disclose their transaction details — without giving up the ability to spend funds.

This design enables selective disclosure: disclosure is under the participant's control, not enforced by protocol transparency. Practical use cases include:

Tax compliance: Share your viewing key with an accountant to prove income without exposing your full transaction graph to the public.

Regulatory audits: Businesses in regulated industries can satisfy anti-money laundering requirements by disclosing specific transactions on demand, per ZIP 302 (payment disclosure).

B2B settlements: Two companies can transact privately while still providing a proof-of-payment to their counterparty off-chain when needed.

This is the key philosophical distinction between Zcash and cash: with Zcash, you can prove what you choose to prove. Cash has no audit trail at all. Transparent blockchains like Bitcoin have no privacy at all. Zcash's shielded pool sits in between — private by default, auditable by choice.

The result: financial privacy is no longer in conflict with legitimate accountability. Zcash gives individuals the same confidentiality that banks give their clients — except it's enforced by math, not policy.