The Right to Privacy

A PDF version of the writeup below can be found here.

Summary and Introduction

All cryptocurrencies offer a certain degree of anonymity because they enable users to operate under pseudonyms. While similar, anonymity and pseudonymity are distinct constructs.

The very nature of a public blockchain implies a lack of privacy. Transactions occur on a public ledger that is viewable by anyone. The pseudonymity offered by cryptocurrencies can be broken when the identity behind a wallet address (the pseudonym) is revealed. Following this, personal transactions can be explicitly linked and publicized.

A lot of people believe Bitcoin and other cryptocurrencies are anonymous as every wallet is a string of numbers and letters. However, Bitcoin does not use cryptography to decouple the identity of a user and their wallet addresses. Further, the public is able to see not only the balance of every wallet but also every individual transaction involving the wallet.

True privacy is secured by strong, complex cryptography and as most cryptocurrencies aren’t privacy centric, they provide no privacy features, only basic anonymity (technically, pseudonymity).

The purpose of this article is to provide a high level overview of currently available privacy coins and their underlying technology. While these cryptocurrencies may employ public open ledgers, the transactions within the blockchain are obfuscated and hidden to protect the privacy of its user base.

Titan does not endorse criminal or illicit behavior through the use of privacy coins, but in a world where everyone’s spending habits, social media postings, and other personal data are being collected and monetized by centralized institutions, we appreciate people’s desire for privacy and the subsequent market potential for coins fulfilling such demand.

The paragraphs below outline today’s main players in the privacy coin space. Note that this market is nascent and may quickly shift, or even eventually concede share to top 3 cryptoassets adopting privacy measures (e.g. Ethereum with ZK-snarks).

Monero (https://getmonero.org/)

Monero probably has the most mindshare among the privacy centric cryptocurrencies available.

Monero employs “ring signatures” to provide a degree of privacy for its end users. Ring signatures are digital signatures that can be used by any one member of a set of people, to obfuscate a transaction’s sender and destination.

For each transaction, you would only be able to see a list of possible origination addresses, compared to being able to see exactly where the source is in a mainstream blockchain. Monero layers in multiple uses of ring signatures together so that this effect compounds and it becomes exponentially harder to figure out who sent what over time. While effective, this method is not immune to attacks. There are a few proof of concept threats that could help narrow down senders of a specific Monero transaction, especially if the same person makes numerous transactions, see: https://eprint.iacr.org/2017/338.pdf.

Monero also obfuscates the amount being sent through “ringCT”, or ring confidential transactions, a method combining ring signatures and one-time keys to cloak transaction amounts. Every time a Monero transaction is made, a unique one time address called a stealth address is generated, which is the address that is actually saved onto the publicly visible blockchain. This way, only the sender and receiver knows the true address of where Monero was sent.

These properties also mean that if the privacy is kept, Monero is fully fungible as well. While Monero doesn’t utilize true strong cryptography to effect privacy, it gets the job done (at least for now).

Dash (https://www.dash.org/)

Dash uses a modified Coinjoin methodology called “Private Send” to effect anonymity. Coinjoin is based off the idea “when you want to make a payment, find someone else who also wants to make a payment and make a joint payment together”. The logic behind this statement is that when a joint payment is made, the inputs and outputs of one transaction within the joint payment cannot be implied; therefore, the direction of the money transfer cannot be determined.

Private Send improves on Coinjoin by integrating other features such as decentralization and a chaining approach: the more times transactions are “mixed” the more “private” the transactions becomes. This could take a long time so Dash also uses a Masternode (1000 Dash coins) to speed up this process as the Masternodes help facilitate transactions on the blockchain. These Masternodes are essentially mini computers which run a dash wallet and make decisions such as mixing of coins and voting on budgets.

Per the article here: https://medium.com/@preethikasireddy/fundamental-challenges-with-public-blockchains-253c800e9428, mixers have proven to be an unreliable solution. For example, researchers were able to easily identify CoinJoin transactions and proved that by spending just $32,000, an attacker can unanonymize transactions with 90% success.

Dash’s process is a relatively simple one that involves the pooling of many transactions which are then sent out all at the same time. So if there are transactions A->B and C->D, it gets pooled into A,B->C,D (larger scale in reality) and saved. This is a pretty basic form of privacy but it does anonymize transactions sufficiently. Dash doesn’t enforce this and you can still send normal instant transactions (e.g. you can opt out of private transactions). This also implies a lack of guaranteed fungibility.

Further, there are some concerns with the large deposit of 1000 Dash required to run a Masternode, and that mines and Masternodes split block rewards. This means that Dash may be controlled by relatively few Masternodes that make it less decentralized than other blockchains.

Zcoin (http://zcoin.io/)

Zcoin’s team aims to improve and upgrade Bitcoin’s existing technology by implementing the Zerocoin protocol. This zero-knowledge protocol guarantees anonymity when conducting a transaction.

“A zero-knowledge proof is a method in which a person can prove to another person that a given statement is true, without conveying any other information apart from the fact that the statement is true.” — Zcoin team

Zcoin is an implementation of the protocol laid out in the Zerocoin paper. Essentially, there is a zero knowledge proof that the transactions occurred, which means it can be verified without providing specifics on the transaction (e.g. amount, recipient, sender). You can think of this as something like proving that you know a password without giving away the password itself.

To accomplish this, the Zerocoin technology has a unique process called “minting”. This process involves Zcoin users “burning” the coins they spend and having corresponding new coins generated in the system. Thus, the previous coin’s history is untraceable and “deleted”.

This provides stronger privacy than other competing solutions as the burning and receiving of coins is completely decoupled. From the outside, you’d be able to see a long list of senders that have, for instance, burned 100 coins, but you wouldn’t know how to couple it with the list of recipients.

Zcash (https://z.cash/)

Zcash is based on the Zerocash protocol. The Zerocoin and Zerocash papers both present a zero knowledge proof method of anonymity and share some key authors as well. Zerocash is actually a little newer and builds on top of the work of Zerocoin; it generally provides stronger privacy, at the cost of some trade-offs.

Zcash works similarly to Zcoin, but it also hides transaction amounts. Transactions still burn coins, but rather than creating a single minting, it creates multiple mintings, and the receiver uses a public key created by the transaction to scan the blockchain and look for tokens that they can decrypt and receive.

Zcash also has smaller and easier to verify proofs compared to Zcoin. However, there are other considerations to think about. Primarily, if ZCoin’s setup keys were compromised by a malicious attacker, he or she would be able to mint as many new coins as they want. If ZCash’s keys were compromised, someone would not only be able to mint new coins, no one would be able to instantly detect that these keys have been compromised and take appropriate corrective action. Further, the math/computing power used to generate Zcash transactions also takes considerably longer.

Both Zcash and Zcoin also offer privacy as an option (i.e. opt-in privacy), but can be used to send transparent transactions as well.

There are other smaller cryptocurrency which this article does not cover such as PIVX (similar algorithm to Dash) and Hush (Another implementation of Zerocash), due to their size relative to the market leaders above.

Peripherals

Enigma (https://www.enigma.co/)

Enigma recently caught my attention, while not a privacy coin, it’s more akin to a decentralized database and a privacy protocol. They’re currently working on in layman terms — secret smart contracts where all the data will be encrypted and the nodes will compute the encrypted data. This means the data can be securely stored, exchanged and transferred between different parties, rolling out a carpet for a many use cases to be built on top of this platform.

—

To learn more about Titan Digital Asset Group, click here.