Bitcoin developer Peter Todd has pushed back against calls to bring Zcash-style privacy into Bitcoin’s consensus layer, arguing that the cryptographic risk profile is too high for the network’s base protocol. The debate erupted after ZODL developers disclosed an issue affecting the Orchard shielded pool, briefly turning a technical incident into a broader argument over privacy, auditability, and Bitcoin ossification.
Todd’s initial post was direct: “Why adding Zcash style privacy to Bitcoin at the consensus layer is a bad idea.” He was responding to a post from Zcash Open Development Lab, which said a “coordinated Zcash network upgrade” was underway after an issue affecting the Zcash Orchard pool was identified during routine auditing and security review processes.
Why Peter Todd Sounds Alarm On Zcash-Style Privacy
The exchange quickly widened beyond ZEC itself. One user argued that Bitcoin has its own history of critical bugs, pointing to the 2010 value overflow incident and the 2013 chain split as evidence that “no protocol is exempt from tech issues.” The same post accused Bitcoin maximalists of pushing for “total ossification” while facing future threats such as quantum computing.
Todd answered by drawing a distinction between visible and hidden failures. “Exactly my point. With Bitcoin, rolling back the chain is feasible, as only a small subset of coins were affected, and the exploit was trivial to notice,” he wrote. His argument was not that Bitcoin is bug-free, but that its accounting model makes certain classes of catastrophic bugs easier to detect and unwind.
That point became the core of the disagreement. When another user argued that rejecting consensus-layer privacy on bug-risk grounds would “stop any innovation/development,” Todd responded that not all cryptography carries the same operational risk. “Different types of cryptography have different levels of risk to them. Zcash-style cryptography has a very high level of risk, much more so than Bitcoin’s cryptography. Which is reflected in how Zcash has had much more serious issues than Bitcoin.”
The counterargument was that Bitcoin itself has suffered serious early failures. One participant cited the 2010 value overflow incident and the 2018 bug, CVE-2018-17144, as examples that challenged Todd’s framing. Todd rejected the comparison, saying neither case put the currency at the same kind of existential risk.
“Neither of those exploits had any chance of destroying the currency,” Todd wrote. “Exactly what coins were counterfeit was trivially visible, allowing easy rollbacks. Not so with Zcash.”
The disagreement turns on a specific property of shielded systems: privacy can reduce the visibility that makes supply audits straightforward. In Todd’s view, this changes the risk calculation for Bitcoin. A bug in transparent accounting can be noticed because invalid outputs or counterfeit coins are visible on-chain. In a deeply shielded system, he argued, the damage may be harder to observe, harder to attribute, and harder to reverse.
Zcash defenders pushed back on that framing as well. One user told Todd that he did not understand the “turnstile construct,” arguing that “no such bug can affect the total ZEC supply.” Todd shifted the focus from total supply to shielded user balances, noting that a large share of ZEC already sits inside the shielded pool. “30% of the Zcash supply is shielded. That supply being destroyed would be a disaster, and would completely wipe out the holdings of a high % of all Zcash users. I personally have a little bit of Zcash, all of which is shielded.”
At press time, ZEC traded at $532.
