• en
    • ko

Menu

Decrypto

Blockchain & Crypto Analysis

Privacy Coins – An Introduction to Private Cryptocurrencies

Saturday, July 21, 2018

Over the past decade, we’ve seen explosive and unprecedented growth in the cryptocurrency market. In 2008, one Bitcoin was worth $0.003. Today, the price of Bitcoin sits at $7500 after hitting an all-time high of $20,000 during December 2017’s historic bull run. While Bitcoin was experiencing exponential price discovery, people around the world started realizing our collective reliance on banks for financial services and the importance of individual financial privacy. We live in a world where first world countries like Japan and Sweden have implemented negative interest rates, international wire transfers are costly and time-consuming, and 2 billion people remain unbanked and without access to basic financial services.

With the introduction of Bitcoin and its underlying blockchain technology, people around the world suddenly had access to state of the art financial services. Quick and cheap money transfers became a reality, paying a negative interest rate to a bank to hold depreciating fiat was no longer the only option, and the unbanked had the tools to become their own bank.

As the cryptocurrency industry progressed, other projects and cryptocurrencies tailored to different purposes were created. Ethereum (ETH) was designed to be a blockchain-based smart contract platform that enables people to build DApps, or decentralized applications. Stellar Lumens (XLM) was created to provide low-cost financial services to fight global poverty. ICON (ICX) was built as an interoperability protocol to connect individual and exotic blockchains. Monero (XMR) was created for one simple purpose – private and fungible digital money.

Anonymity vs. Privacy

If you’ve kept up with Bitcoin’s rollercoaster history, you’re probably familiar with Silk Road, the infamous online black market that accepted Bitcoin as a form of payment. Following Silk Road’s shutdown by the FBI, the word “Bitcoin” suddenly became synonymous with drug dealers, cybercrime, and money laundering. Shortly after, Bitcoin’s “high tech hacker and criminal money” stigma caused people to associate it with “private money” or “dark money”. Certainly, a digital currency that’s used to buy drugs and launder money has to be private, right?

Surprisingly enough, this could not be further from the truth. Bitcoin was not designed with privacy in mind. In fact, Bitcoin’s ledger is 100% transparent – every single transaction including details about its origin, destination, and value is recorded on a publicly accessible blockchain for everyone in the world to see. While Bitcoin doesn’t offer much in terms of financial privacy, it does offer a certain degree of anonymity or physical identity disassociation when used in the proper fashion.

A Bitcoin wallet address is a unique combination of 27-34 letters and numbers and looks something like this – 3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r. At first glance, this random string of characters may seem private and anonymous, but that’s the case at all. Before we discuss Bitcoin’s pseudo-anonymous aspect, let’s clear up any misunderstandings about Bitcoin’s lack of privacy.

Why Bitcoin Isn’t Private

As stated earlier, Bitcoin’s blockchain is 100% public. This means you can head over to Blockchain.info, a Bitcoin block explorer, and look up origin, destination, and value details of every Bitcoin transaction since the birth of the network. Wallet balances are also publicly displayed. For example, let’s use Blockchain.info to inspect this address – 3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r.

As you can see in the image above, this wallet address holds approximately 183,000 BTC and currently holds the first position on Bitcoin’s “Rich List”. In the transactions section, the origin, destination, value, and date of each transaction is clearly displayed. Since Bitcoin’s blockchain doesn’t obscure transaction details and wallet balances, we can definitively conclude that Bitcoin is not private.

Why Bitcoin is (Sometimes) Anonymous

Depending on how it’s used, Bitcoin can offer anonymity. On a macro level, anonymity with Bitcoin can be achieved by disassociating your physical identity with your Bitcoin wallet address. While this may sound simple on paper, it’s actually quite challenging to pull off in the real world – especially if you’re someone who’s interested in using the Bitcoin network to transact on a regular basis. Consider the following examples.

  • Alice pays 0.5 BTC to Bob in person. After this transaction, both parties become aware of each other’s wallet addresses and complete transaction histories.
  • Charlie sends 1.5 BTC from his hardware wallet to his Coinbase account to exchange to USD. After sending the Bitcoins, Charlie’s hardware wallet address is now associated with his physical identity.
  • David receives a portion of his monthly salary in Bitcoin. Since he had to give his Bitcoin address to his employer, the company’s accounting department is aware of David’s financial history on the Bitcoin network.

From the above examples, we can see the only way to remain anonymous on the is to avoid both direct and indirect links to one’s physical identity. Unfortunately, maintaining anonymity with this level of security and discretion is exhausting and impractical for casual day to day transactions on the Bitcoin network.

What Makes a Cryptocurrency Private

Now that we’ve established Bitcoin’s lack of privacy, let’s discuss four features of a truly private cryptocurrency – privacy, fungibility, decentralization, and liquidity.

Privacy

A private cryptocurrency should make it a priority to conceal users’ wallet balances and transaction histories. Transaction details should only be visible when a user wants it to be. Furthermore, it should be impossible to generate a “rich list”, a list of the richest wallet addresses on the network, with a private cryptocurrency.

Fungibility

A private cryptocurrency needs to be fungible, where two units of the cryptocurrency are always identical and interchangeable. In the physical world, two examples of fungible assets are $1 USD and 1 kg of gold – a $1 bill can always be substituted with another $1 bill, and 1 kg of gold can always be substituted with another 1 kg of gold.

Bitcoin is not a fungible asset because its transparent blockchain enables blacklisting of coins and wallets based on their previous transaction history. In other words, an entity can choose not to accept Bitcoins with a questionable or criminal transaction history, making those coins less valuable than ones with a clean transaction history which can be freely transacted on the Bitcoin network.

Bitcoin’s lack of fungibility isn’t just a theory. Back in March 2018, the USA’s OFAC stated they were considering “adding digital currency addresses to the SDN List to alert the public of specific digital currency identifiers associated with a blocked person.” Based on this, we can see the importance of fungibility and how it is a cornerstone principle of a truly private and useful cryptocurrency.

Decentralization

Private cryptocurrencies should be sufficiently decentralized to ensure a trust-less and safe environment for value transfer. In an ideal scenario, a private cryptocurrency should have a few layers of decentralization including geographical locations of nodes, a proper consensus algorithm, mining hash power distribution, and more.

Liquidity

This is a simple concept – is there a demand for the cryptocurrency? If no one is willing to accept it, then it can’t be used as private digital money.

Use Cases of Private Cryptocurrencies

Now that we’ve discussed what makes a cryptocurrency private, let’s go over a few use cases of private cryptocurrencies.

Digital Cash

Since a private cryptocurrency is fungible and cannot be individually discriminated against based on previous transaction history, it can be used as digital cash. When you transact with a friend with Bitcoin, he or she will be able to see your whole transaction history and associated wallet addresses.

Personal Wealth Storage

Since a private cryptocurrency does not display wallet balances on the public blockchain, it can safely be used as personal wealth storage. When you open up a bank account, your balance doesn’t appear on a public website for the whole world to see. The same privacy standards should apply to a “crypto bank account”, and this is most definitely not the case with Bitcoin.

Getting Paid in Cryptocurrency

Since a private cryptocurrency provides unlinkability between sender and receiver, it’s a great medium of financial exchange between employer and employee. Currently, the majority of cryptocurrency-based compensation relies on Bitcoin, which has a completely transparent ledger. Unless you use a unique Bitcoin address just for interacting with your employer, they will be able to see your past transaction history on the network. This could result in profiling based on your financial history.

Examples of Private Cryptocurrencies

Now that we’ve established what a private cryptocurrency is, let’s take a look at three cryptocurrencies that are marketed as private alternatives to Bitcoin.

Monero (XMR)

With a combination of stealth addresses, ring signatures, Kovri I2P implementation, and top-notch development team, Monero (XMR) is the most private cryptocurrency in existence today.

Privacy

Transactions on the Monero network are done with unique one-time use stealth addresses designed to obfuscate a transaction’s destination. Let’s say Alice sends 15 XMR to Bob’s public wallet address. When she generates the transaction in her wallet, the Monero protocol automatically generates a one-time stealth address (anonymous middleman address) to send the 15 XMR to. At this point, the 15 XMR in the stealth wallet address can be accessed by Bob via his wallet’s private spend key. Notice that Alice and Bob’s wallet addresses are never directly linked in this transaction. This is how stealth addresses provide unlinkability between the sender and receiver.

To obfuscate a transaction’s origin, the Monero network uses ring signatures to perform transaction mixing. When a Monero transaction is generated, the protocol automatically mixes the sender’s transaction with other spendable transaction inputs on the network. The number of mixed inputs also called “mixin level” can be specified when generating a transaction, and a higher mixin level results in a more secure transaction with a higher fee.

To someone viewing the Monero blockchain, any one of these inputs can be the actual sender’s input. Monero takes ring signatures one step further through RingCT (Ring Confidential Transactions). RingCT hides the amount of XMR in each transaction by applying a range proof mathematical function to the transaction. In this system, the network and public observers of the blockchain can verify the validity of XMR transferred, but only the sender and receiver are able to see the actual amount of XMR transferred. This is how the RingCT implementation of ring signatures makes transactions on the Monero untraceable.

Kovri is Monero’s implementation of I2P (Invisible Internet Project), an open source network layer that allows for censorship-resistant Internet usage by routing traffic through volunteer nodes around the world. Kovri is specifically designed to encrypt your Monero traffic and route it through I2P nodes. By using Kovri, your IP address cannot be linked to your Monero transactions, therefore providing an even greater degree of privacy. Lastly, Monero’s most powerful feature is the lack of opt-in privacy. This means all transactions on the Monero network are private by default.

Fungibility

Stealth addresses and RingCT provide plausible deniability to both the sender and the receiver. Furthermore, wallet transaction details and amounts are not transparent on the public blockchain, which means XMR cannot be tainted or discriminated against based on their previous transaction history. These unique privacy properties make Monero a truly fungible cryptocurrency.

Decentralization

Monero was designed to be a decentralized blockchain project from the ground up. Firstly, Monero did not have an ICO (initial coin offering) or pre-mine, which means the developers did not mine a ton of coins for themselves before opening up the project to the public. As a result, Monero has a more decentralized coin distribution than most other cryptocurrencies.

Secondly, Monero has scheduled hard forks twice a year, which allow developers of the project to change the blockchain’s PoW consensus algorithm to counter ASIC miners. ASIC miners are hardware chips that are optimized to hash a specific consensus algorithm, and Monero makes it risky to centralize mining power in large ASIC farms because they could be rendered obsolete following a fork to a new consensus algorithm. By deterring the dangers of mining farm centralization, Monero incentivizes individual miners to set up nodes around the world resulting in a decentralized geographical distribution of the project.

Liquidity

Monero is currently the #13 cryptocurrency with a $2.15 billion market cap with BTC, ETH, USDT, and fiat trading pairs.

Zcash (ZEC)

Zcash is a fork of the Bitcoin protocol with the addition of a privacy layer via a cryptographic proof called zk-SNARKs.

Privacy

Zcash achieves privacy via an implementation of zk-SNARKs, which stands for “Zero Knowledge Succinct Non-Interactive Argument of Knowledge.” The technical details are quite complicated, but think of zk-SNARKS as a mathematical proof that allows a “prover” to prove the authenticity of a statement to a “verifier” without revealing any specific information about the statement other than the authenticity of the statement. With zk-SNARKs, Zcash can verify transactions on the blockchain without their revealing origins, destinations, and amounts transferred.

Most of the controversy around Zcash revolves around zk-SNARKs and how a “trusted setup” was required for the blockchain to start functioning. A trusted setup involves the creation of a master public and private key pair. The public key is used to create Zcash’s zero-knowledge proofs used to create private transactions. The private key, which can be used to “print” an infinite number of ZEC, is supposed to be destroyed. In order to fulfill the trusted setup, Zcash came up with an elaborate ceremony where six people participated in the creation of the master public and private keys. Long story short, it’s impossible to confirm if a copy of the private key exists somewhere in a trusted setup like this. Zcash can deny any form of collusion as much as it wants, but the involvement of human emotion and greed has led many to question the integrity of zk-SNARKs.

At the moment, private Zcash transactions are computationally intensive to create due to the nature of the zk-SNARKs implementation. According to Zcash’s official blog, creating a private transaction can take 1-2 minutes and requires 4 GB of free RAM. If your computer has less than 4 GB of RAM, you’ll be limited to creating transparent transactions. Furthermore, private transactions cannot be created on mobile devices at all. As a result, less than 1% of the addresses on the Zcash network are private. In other words, almost no one is using Zcash’s private features.

To solve zk-SNARK’s trust issues, members of the Zcash development team have been independently researching a different cryptographic implementation called zk-STARKs, which removes the need for a trusted setup. If zk-STARKs is successfully implemented in the future, Zcash will finally be able to put the accusations of collusion behind them once and for all. Zcash is also set to release Sapling in Q4 2018. Sapling is a network upgrade focusing on improving the efficiency of private transactions. Zcash estimates post-Sapling private transactions will be able to be generated in a few seconds with only 40 MB of RAM.

Fungibility

Unlike Monero, Zcash has two types of addresses – transparent and private. Transparent wallet addresses start with t, while private wallet addresses start with z. Since fungibility requires no knowledge of previous financial history, only transactions between two zaddresses can be considered fungible.

Note that moving ZEC from a t address to a z address can be used as a “shielding” method to essentially erase the financial history of the ZEC in question – this means ZEC can become fungible after it has been moved to a private wallet. Thus, Zcash can be described as a semi-fungible cryptocurrency.

Decentralization

Like Monero, Zcash also did not have an ICO or pre-mine. Instead, the founders of Zcash formed a for-profit corporation called Zerocoin Electric Coin Company, and received $1 million of startup funding from a group of private investors. In order for the corporation’s investors to recoup their investment, Zcash has a built-in founders’ reward which distributes 20% of the mining rewards to its founders over four years. Since Zcash is developed by a for-profit corporation, it has received significant criticism regarding its centralized corporate structure.

Zcash is a fork of Bitcoin, but uses a different PoW consensus algorithm called Equihash. Earlier this year, an Equihash-compatible ASIC miner was announced by Bitmain, which opens up Zcash’s future to miner centralization similar to Bitcoin. Zcash responded with the intention to investigate the potential effects of ASIC mining on the network.

Liquidity

Zcash is currently the #21 cryptocurrency with an $890 million market cap with BTC, ETH, USDT, and fiat trading pairs.

DASH (DASH)

DASH is a cryptocurrency that uses a system of masternodes and CoinJoin to provide privacy features for its users.

Privacy

Like Zcash, DASH offers both transparent and private transactions. Private transaction capability, also called PrivateSend, is made possible via an implementation of CoinJoin. Originally created by Bitcoin core developer Gregory Maxwell, CoinJoin is a trustless tool that combines or mixes multiple Bitcoin transactions into a single transaction with the goal of obscuring the exact transaction flow of each individual transaction. CoinJoin has been implemented into several services and wallets, but the most well-known one is JoinMarket, a decentralized and marketplace that offers users the ability to transact as part of a CoinJoin transaction.

DASH claims to be a decentralized, but its implementation of CoinJoin is arguably not very decentralized at all. PrivateSend transactions on the DASH network are processed by masternodes. A masternode is a server that stakes or freezes a certain number of coins, performs accounting and other housekeeping tasks, and receives a reward for its services. In DASH’s case, masternodes must stake 1,000 DASH each and receive 45% of the block reward. In this model, the input/output details of PrivateSend transactions are logged by masternodes. If a single entity has the ability to control or spy on a portion of DASH’s masternodes, it’s entirely possible to reverse engineer PrivateSend transactions to reveal origin and destination details.

Like Zcash, DASH has struggled with the adoption of its privacy features. In DASH’s case, the issue mainly revolves around liquidity. Since PrivateSend is a CoinJoin implementation, it requires liquidity and demand in order to mix effectively and privately. After many user complaints about the slowness of PrivateSend transactions, the DASH community voted to pay five liquidity providers to generate liquidity for mixing services. While this has increased the speed of PrivateSend transactions, it has also caused understandable speculation about possible collusion between the five providers. At this point, we can conclude that privacy on the DASH network is in the hands of a few masternodes and mixing liquidity providers.

Fungibility

Like Zcash, DASH has optional privacy. Thus, DASH is only fungible when using the PrivateSend feature. If PrivateSend is not enabled, transactions are completely transparent on the blockchain and the associated DASH coins are not fungible.

Decentralization

DASH is a decentralized cryptocurrency, but the decentralization of its privacy features isn’t up to par with Monero and Zcash, which both have privacy baked in at the protocol level. DASH’s masternode and mixing liquidity provider model puts privacy features on a second tier that is more prone to centralization.

Liquidity

DASH is currently the #14 cryptocurrency with a $2 billion market cap with BTC, ETH, USDT, and fiat trading pairs.

Conclusion

It’s important to keep in mind there are new privacy-oriented cryptocurrencies popping up every day. A few that are gaining traction include PIVX, Verge, and Komodo. However, in this article, we chose to highlight the top three coins that offer the best combination of privacy features, maturity, decentralization, and liquidity.

At this point in time, Monero is hands down the most private cryptocurrency on the market today. If Zcash follows through with performance improvements and finds a way to implement a zk-STARKS trustless setup, it has a chance to become a worthy alternative to Monero. DASH’s privacy features rely on a second tier masternode model that’s more vulnerable to centralization and spying when compared to Monero and Zcash’s privacy implementations.

Disclaimer: This post was sponsored by QUOINE, a leading fintech company that provides trading, exchange, and next generation financial services powered by blockchain technology. Click here to learn more about QUOINE.


If you enjoyed this post and want to see more in-depth analysis, subscribe to our mailing list and follow us on Twitter.