Anonymity of Cryptocurrencies Part I – Existing Protocols and Zerocoin


One of the biggest allures of cryptocurrencies is their capacity to avoid detection, either by government agencies or other prying eyes. In the wake of the Snowden scandal, the demand for online security has seen an extreme rise. The existing privacy tools in Bitcoin must be evaluated as to conclude whether it is anonymous on its’ own. The ideal hypothetical cryptocurrency for anonymity, along with current attempts, must also be investigated. Cryptonote, its’ limitations, and feasible implementation strategies factor greatly into the overall capacity for anonymous cryptocurrencies. If an entirely anonymous cryptocurrency can be created, it will spell a new dawn for both online transaction and for freedom from the limitations set by governments.

Bitcoin is a decentralized tool that allows for the creation and sending of funds nearly instantly across any distance. However, the funds are documented in a public ledger known as the blockchain. The history of any transaction is publicly available, allowing for minimal privacy. The ordinary Bitcoin protocol addresses this by using public keys as identifiers, long and complex names, whilst hiding individual identities. Bitcoin clients also generate many public keys to assist in tying a single address to a person. However, these shrouds are not enough to keep the identity of an individual sending funds hidden from any dedicated hunter. Bitcoin laundries are a common solution, services that mix transactions to obscure transaction history.

Existing Protocols in Anonymous Cryptocurrency

Currently, Bitcoin can be geared greatly towards anonymity. CoinJoin and CoinSwap are two powerful mechanisms for doing so.

CoinJoin pastes together multiple transactions to confuse the identity of each transaction. Each exchange of Bitcoin is tied to a list of identifying outputs by a sigital dignature. The transaction is invalidated if the total output is less or equal to the input value, and transactions fees are collected by miners. This system is used to defend Bitcoin against counterfeiting. CoinJoin is difficult to impliment well, as it attempts to make output values as consistent as possible so as to avoid grouping them to input values. Resulting outputs cannot be spent at the same moment, since this identifies them as one group. Two distinct parties must be involved in a join and neither can be a centralized server system that can be compromised. CoinJoin is not truly successfully implemented at the moment, but DarkWallet intends to fully realize its’ potential.

CoinSwap mixes transactions without a central server, even across seperate blockchains. The result is similiar to CoinJoin. It is as if two users exchanged private keys in person, however, the blockchain cannot see the coins being moved, it can only detect the transaction as an anomaly. If nearly no users are using this system, their transactions can be swapped simply based on that. There are no tools that currently implement this in totality.

The Potential for a Cryptocurrency With Total Anonymity

Zero-knowledge proofs have the capacity to provide a totally untraceable route for funds, including both their origin and their destination. Bitcoin transactions are essentially publishing blocks that map old outputs to new ones. Instead, zero-knowledge proofs would see miners publishing them in a set of valid transactions. These transactions map the old set of every output to the set of every new output. This can be furthered by compelling the recipient to choose destination addresses and distribute each individually amongst different miners, only the miner who has the block and the recipient would know where the funds are going. The value of all funds would still be visible and tracking could be achieved by comparing amounts subtracted and added between accounts. A remedy for this is known as homomorphically-encrypted values. This would allow the joining of several services without exposing the data of each service to the other, in this case the services being the wallet and the blockchain.

To do zero-knowledge computation, the creator of the protocol would have secret data which gives them the capacity to formulate false proofs. These false proofs allow the creator to create funds at will without being detected. Beyond this colossal weakness, the computations required are not feasible for the time being. The protocol also sees flaws in its’ trusted accumulator, lack of research in the field, and inability to detect economic collapse due to obscurity until the economy is beyond salvaging.

Zerocoin’s Potential For Anonymity in Bitcoin

Zerocoin attempted zero-knowledge and it led to extreme restrictions. This was developed into a more efficient protocol that allows for direct private payments for hidden values, known as Zerocash. Zerocoin and Zerocash operate within the Bitcoin network as a series of extensions and restrictions to the pre-existing protocol. No centralized coin issuer is needed to issue Zerocoins. Even if many nodes are compromised, the Zerocash protocol will still be able to operate since it can be widely distributed amongst Bitcoin users, not requiring third-party applications or additional software. Direct peer to peer transactions also allow for added security. Users convert publicly recorded Bitcoins into anonymous Zerocoins which can then be sent to other Zerocoin users, they can also be converted back into Bitcoins, though this is unnecessary as Zerocoins can be used for any transaction. The major flaws with Zerocoin are that each coin must have the same value, no scripting can be permitted, and a large amount of work was required to go into special optimizations. The project was initially an extension to the Bitcoin protocol that allowed users to mix their own coins.

In the upcoming parts, the Byzantine Cycle, DarkWallet, and alternatives to total anonymity will be discussed.

Comments are closed.