Privacy Coins — A short primer
Privacy coins are an informal subset of cryptocurrencies which aim to provide additional layers of privacy such as obscuring the sender, receiver, or amount and introducing fungibility. Adding such features on a blockchain adds creates complexity as transactions can’t be verified or broadcast in the same way as for bitcoin, Ethereum etc, where this information is all publicly known and visible on the distributed and transparent ledger.
There are around 40 privacy coins and two of the most well known are Monero and Zcash. We will dig into those a little further within this short read…
Monero (XMR) has a market cap of $760m (25/01/2019) and currently sits at number 14 by size. It was created in 2014 as a fork of Byetcoin, and focussed on fungibility, privacy and decentralization. Like bitcoin, it uses the Proof-of-Work consensus mechanism however it diverges by deploying an obfuscated public ledger which only allows participants inside the network to observe the amount, sender and destination of transactions.
This is achieved through 3 components:
In order to hide the sender of the transaction, the original signer plus a number of others all sign the transaction. However from an outward perspective it is not possible to know who the original sender is.
For example, when given a birthday card from all your colleagues it is easy to verify is it is signed by Mary, but impossible to know if she signed it first or later on.
Using a mathematical proof it is possible to validate the transaction amount without revealing it. This is achieved by proving that the total inputs is exactly equal to the total outputs, and therefore nothing ‘new’ was created in the transaction.
We can view this within a simple mathematical equation.
We know that the following is always true:
Therefore we know that the following is always true:
As such, we do not need to know x to know that the above statements are true and therefore the transaction is valid.
The generation of stealth addresses for each new transactions obfuscate the receiver of the transaction by requiring a shared secret between the parties to view it within the ledger. This secret is generated by the two parties publicly using the Diffie-Hellman Key Exchange process…
Alice and Bob need to generate a secret number which they can use to encrypt their messages. In order to generate this they follow the below steps:
- Two prime numbers, p and q are chosen and broadcast publicly
- Alice secretly selects a value a and computes
She then shares A publicly
- Bob secretly selects a value b and computes
He then shares B publicly.
- Alice then computes
- Bob then computes
- Alice and Bob have therefore generated the same number, but anyone without knowledge of Alice’s a and Bob’s b will be unable to calculate it.
To check whether her Monero transaction has been received, Alice must monitor her stealth address on the Monero blockchain using the secret number her and Bob generated.
The Monero blockchain, by using a modified PoW algorithm, CryptoNight, is ASIC resistant and therefore can be mined using GPU. The also activate semi-annual forks to maintain ASIC resistance.
Zcash (ZEC) has a market cap of $302m (25/01/2019) and currently sits at number 21 by size. It was created in 2016 through an elaborate ceremony (https://z.cash/blog/the-design-of-the-ceremony/) by Zooko Wilcox in order to provide enhanced privacy under the individual user’s control.
In order to achieve this it employs a form of zero knowledge proofs called ZK-SNARKS (Zero Knowledge Succinct Non-Interactive Argument of Knowledge). In using ZK-SNARKS a prover can show a verifier that they poses some information without revealing the information.
An example of this can be seen with the famous cave problem:
- Alice needs to convince Bob that she knows the password for the secret door in the cave. However she doesn’t want to reveal the password to him.
- Alice secretly enters the cave through either entrance ‘x’ or ‘y’. Bob then calls out an exit for her to take, either ‘x’ or ‘y’.
- Assuming Alice knows the password, she will be able to exit through the correct route each time. If she does not know the password to the secret door, she can only exit through the way she entered.
- The probability of Alice guessing the correct entrance each time and not knowing the password to change between, for 20 attempts, would be 1 in a million.
- As such, if Alice can exit through Bob’s desired route each time, he can be highly confident that she does know the password for the secret door.
An enhancement of this is ZK-STARKS which are a quantum resistant version, however this is not implemented in any production cryptocurrencies yet.
Zcash enables users to choose between a ‘t-addr’ and ‘z-addr’. The first is a transparent address which functions in the same way that a bitcoin address does and provides transparency for users in terms of balances and transaction destinations. The second is a shielded address which encrypts the data and requires the generation of ZK-SNARKS to verify the transaction’s validity.
There are 4 possible combination for transactions:
Transparent Address to Transparent Address = A Deschielded Transaction (no privacy is afforded to the sender or receiver and all details are publicly visible). If Alice send Bob 3 ZEC from her transparent address then it is publicly visible to see the 3 ZEC in Bob’s transparent address as well as any other funds.
Transparent Address to Shielded Address = A Shielded Transaction (limited transaction visibility). If Alice sends Bob 3 ZEC from her shielded address, it is possible to deduce that Bob has at least 3 ZEC but no further information can be seen.
Shielded Address to Shielded Address = A Shielded Transaction. It is not possible to know how much Alice sent Bob.
Shielded Address to Transparent Address = A Deshielded Transaction. Alice sends Bob some ZEC, we can deduce the amount by noting the balance increase in Bob’s transparent address.
It is important to note that performing a transaction to a transparent address after x S-S transactions, removes some of the previously afforded shielding. As such, to ensure a true-privacy focussed network, the majority of participants would be required to transact only to and from shielded addresses. However, at present, the current proportion of shielded transaction son the Zcash network is only 13.5%.
There are a myriad of other privacy focused cryptocurrencies who employ a range of privacy features, as well as exploratory work on existing chains, such as bitcoin, to understand how privacy enhancing features can be added.
For more cryptocurrency and blockchain articles, follow me on LinkedIn @TaraAnnison