ZCoin: Privacy on the Blockchain and the Linkability of Personal Information: Elements of a private cryptocurrency
We noticed many in the cryptocurrency community are confused on what it means to be a privacy coin. There are many coins in the privacy space that are claiming to be 'private' while only providing mere IP protection through the use of TOR/I2P.
Privacy when using a cryptocurrency comes from two elements:
Linkability of Personal Information: How personal information such as IP addresses or other information can be linked to transactions and addresses on the blockchain (which is mitigated through the use of TOR/I2P/VPN)
Blockchain Privacy: The method of obscuring transactions on the blockchain (such as provided by the Zerocoin protocol in Zcoin)
Combining both information from the blockchain and IP information along with other data in deanonymizing Bitcoin users (C. Smith/Science)
The Linkability of IP Addresses to Addresses and Transactions
We are going to focus particular on IP addresses and how they can be linked to addresses and transactions.
Indeed, protecting your IP address while doing transactions on any cryptocurrency is an important component in protecting your privacy and you should use some form of IP anonymization when doing transactions. You can find out out how to do this on Zcoin from this post. By hiding your true IP address, it removes ONE marker making it harder to link a particular Bitcoin/Zcoin address to a real world identity provided that there are no other slip-ups such as linking a payment to a physical address to ship to or pay to sites which already have your identity stored with them.
However as we will see below under the Blockchain Privacy heading, IP address protection is only one element of privacy and is on its own insufficient to guarantee your privacy since you still need to address privacy on the blockchain.
First of all, it is to be noted that Bitcoin transactions and Zcoin transactions do not contain any IP addresses and are not stored on the blockchain. So the only place where these IPs can be stored are the nodes in the P2P network if they choose to log such information. The transaction is relayed from node to node and there is no explicit marker on the transaction to identify it as the originating broadcast or merely a relay. There can be some educated guesses as to which IP did the transaction originate from by doing active monitoring of the network and relays and trying to identify where the transaction was first broadcasted but this on its own is not conclusive and can result in a lot of false positives. By using TOR/I2P/VPN, those educated guesses will still not point to your real IP address.
Zcoin can already function through TOR by configuring it correctly to use it. So even when IPs are relayed to nodes, it will never be your real IP address. It is in our roadmap to make this process more seamless.
A further note is that the usage of TOR alone also is insufficient to hide identities as can be seen from the research done by Alex Biryukov, Dmitry Khovratovich and Ivan Pustogarov (Deanonymisation of Clients in a P2P network) which held that:
We demonstrate that the use of Tor does not rule out the attack as Tor connections can be prohibited for the entire network. Our technique is orthogonal to the transaction graph de-anonymisation techniques and can be used in combination with them. It shows that the level of network anonymity provided by Bitcoin is quite low.
Blockchain Privacy
By default, Bitcoin and other similar cryptocurrencies that are based off it and do not have any anonymity scheme for their blockchain, have every single transaction recorded permanently on its blockchain. That means all flows to and from an address are completely transparent and the history of every coin is recorded. We just don’t know the real life identity of a particular address. It is akin to writing a book under a fictional name: a pseudonym.
Examining the Transaction History of a Bitcoin address
Let’s take a particular look at this Bitcoin address 1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v
At the time of writing we can see that there’s been 26,137 transactions on this address and that it has received a total of over 4000+ BTC.
Now 1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v is actually Wikileak’s public donation address. Even if we did not know this, we can already summarize that this address is receiving large amounts of money and furthermore trace where every single outflow from this address goes to. We KNOW that this address has received 4000+ BTC and where every single coin has gone from this address.
Multi Input Transactions
We can take some steps to improve the privacy by using a new address every time we want to receive Bitcoins which if we use the book analogy, it’s like writing a new book under a new fictional name each time. This sounds reasonably private, after all, how can we tell that these books were written by the same author if they are under totally different names?
The problem arises from multi input transactions.
Let’s say you want to send around 0.2 Bitcoins but only have 0.1 Bitcoin in two separate addresses. To make the 0.2 Bitcoin payment, you need to either do two separate transactions to the same receiving address or more commonly done (and is automatically done in most wallets) is a multi input transaction.
A multi-input transaction occurs when you receive payments to your wallet to different addresses, but then you send a payment out of your wallet which pulls bitcoins from multiple addresses. The outgoing transaction will include multiple addresses as inputs, proving that they are in the same wallet and belong to the same entity. If your identity is ever linked to any of these addresses, none of the addresses will maintain their anonymity.
For example, in the transaction displayed below, some of the bitcoins came from address 12TBGSTqd1how9cpYKWTm4VUYw3QDDWMoB and some came from the address 19t1HyYqe254NxiTAGLrAR4gPJAZCkSXJY. This means that those two addresses are in the same wallet and belong to the same user.
Multi input transactions are used in all major cryptocurrencies (including Zcoin) and this is why without any blockchain anonymisation mechanism, it becomes very difficult to break links and relationships between addresses.
Other Privacy Concerns and Blockchain Analysis
The problem also arises when withdrawing or depositing cryptocurrencies from cryptocurrency exchanges. Most cryptocurrency exchanges perform some form of identity verification and will give you a deposit address (often unique to your account). Even if you were very careful and took all necessary steps to protect your privacy, once you deposit or withdraw from a cryptocurrency exchange, those addresses become linked to your real world identity.
As you can see, without any blockchain anonymization mechanism, a lot information can be gleaned from the blockchain alone. Pay to any publicly known Bitcoin address or an address that has linkage to a real world identity and even without going into IP addresses, you can get an idea of the person behind the addresses or pseudonyms from its behaviour. In fact, there’s been a lot of research on this.
Using behaviour based clustering techniques, they showed that it could reveal 40% of Bitcoin users in their simulated experiment. (Androulaki, E., Karame, G. O., Roeschlin, M., Scherer, T., & Capkun, S. (2012). Evaluating User Privacy in Bitcoin). In a later study, through analyzing Bitcoin’s transaction graph, researchers were able to observe structural patterns in user behaviour cited that it was one of the most important challenges to Bitcoin anonymity. (Ober, M., Katzenbeisser, S., & Hamacher, K. (2013, May 7). Structure and Anonymity of the Bitcoin Transaction Graph.).
How Zcoin Protects your Financial Privacy
This is why Zcoin uses the Zerocoin protocol in providing blockchain privacy. Zerocoin allows a coin’s transaction history to be completely wiped and redeemed to completely new addresses which defeats transactional graph analysis and gives you significant plausible deniability with every single Zerocoin tx. You can read on how Zerocoin works here and read its whitepaper. Other anonymity schemes such as Coinjoin or ring signatures also provide degrees of blockchain privacy by mixing up transactions/inputs with other people’s to obfuscate the transaction flow.
This combined with the use of TOR or a VPN while using Zcoin will protect a user’s IP address and together with Zerocoin, provides a complete anonymity solution.
Conclusion
A cryptocurrency that focuses on privacy has to address both blockchain privacy and ways to address IP address protection. Those that claim anonymity from merely protecting IP addresses are not protecting your financial or transaction history since all flows are still permanently and publicly visible on the blockchain. Without anonymity on the blockchain, while addresses may not be linkable to your real IP address, addresses are still linkable to each other (for e.g. if someone does business with you, he may find your other addresses) even though your IP address is not revealed.
Btc-e like all the Bags are a pyramid scam.
Only Bitshares is the only Crypto that can be traded directly in your EXCHANGE for Fiat money
I'm interested in Zcoin, but ultimately went with Monero. There's just no way to know you guys didn't keep the oracle. You need a much bigger generation ceremony, or a different way to generate an oracle.
I think you're confusing Zcash and Zcoin. Zcoin's setup doesn't rely on a ceremony and with supply auditability, we know if someone is forging coins.
You're right! I was confusing them. My mistake.
Steem provides similar privacy based on not knowing what the origin node of a post is.
Could you explain how Zcoin compares in decentralization of miners? Steem requires users to vote trusted users. Is there anything about Zcoin that prevents 1 user from controlling all the miners?
I don't think Zcoin and Steem are competitors. Different things altogether.
However Zcoin's efforts in using a revolutionary new mining algorithm called MTP (Merkle Tree Proof). You can find out more about why this Proof of Work algorithm is unlike others:
https://steemit.com/zcoin/@zcoinofficial/zcoin-an-update-on-mtp-merkle-tree-proof
By keeping miners using commodity hardware (as opposed to specialized hardware like ASICS) it would be hard to gain significant advantages from miner centralization .
I'm not sure If I unerstood correctly.
"By keeping miners using commodity hardware (as opposed to specialized hardware like ASICS) it would be hard to gain significant advantages from miner centralization ."
Steem miners/witnesses require votes by the community to mine, therefore providing some kind of decentralized trust based system.
Do Zcoin miners have any comparable trust requirements other than providing valid data to the blockchain?