Privacy coins address one of the issues preventing Bitcoin from becoming a full currency. They turn crypto into the equivalent of cash by enabling untraceable, private transactions. This privacy coins 101 guide will introduce you to the most common privacy coins and explain how they work.
Understanding Privacy Coins
Bitcoin and similar cryptocurrencies preserve the integrity of their blockchains by making every transaction and address visible. This is a fundamental aspect of the trustless philosophy underpinning all cryptocurrencies.
Unfortunately, this visibility comes at the expense of privacy. Although these cryptocurrencies mask the identities of individuals’ holdings on the blockchain, they are not truly anonymous. Lose your anonymity and your entire transaction history becomes visible. The “pseudo-anonymity” of Bitcoin and other cryptocurrencies prevents them from having a fundamental trait of fiat currencies: fungibility.
Fungibile = Intercheangable
In economics, units of a fungible asset are interchangeable. The fungibility of US dollars, for example, means a dollar bill is a dollar bill. Royal Melbourne Institute of Technology’s Alastair Berg explained the benefits of cash’s fungibility on Duke University’s FinReg Blog. “Physical cash has traditionally allowed users to transact with a high degree of privacy. Trading with cash allows users to hide information, which they would rather not reveal to the world.”
That desire for privacy could be completely innocent. You may not want a birthday present to appear on your credit card statements. Fungibility also protects people from unwanted scrutiny as when people make donations to controversial causes. You may not want others to know, for example, whether you donate to a pro-life or a pro-choice group.
A bitcoin, on the other hand, can become tainted by its transaction history. Let’s say a drug dealer uses some bitcoins to launder drug sales. Those bitcoins are forever associated with that drug transaction, making them worth less than “untainted” bitcoins. The use of blockchain forensics could influence politicians or embarrass charities. You might roll your eyes at that thought, but CoinDesk reported that Coinbase’s policies are “increasingly strict about accepting coins with known fringe histories.”
Benefits of privacy coins
Privacy coins’ main purpose is to restore fungibility, thereby turning cryptocurrencies into the equivalent of cash. The algorithms these blockchains mix transactions together in ways that are impossible, or at least too expensive, to trace. As a result, using a privacy coin can make your transactions as private as using cash in the fiat world.
Fungibility doesn’t just give privacy coins all of the benefits of cash. There’s a unique, blockchain-specific benefit as well. Writing in CoinDesk, Bitcoin developer David Vorick warned that the lack of fungibility could centralize Bitcoin as the provenance of each bitcoin becomes more important to individuals and organizations. People will increasingly turn to the blacklists a handful of forensics companies maintain. “The need to consult a blacklist service,” Vorick warned, “is the need to ask permission to use bitcoin.”
Privacy-based cryptocurrencies, on the other hand, will never fall into this trap. There’s no way for the coins to get “tainted” in the first place.
Suspicions of privacy coins
Needless to say, law enforcement officials and regulators have a dim view of privacy coins, especially in Japan. Early this year, the crypto exchange Coincheck stopped all trading in the privacy coins Dash, Monero and Zcash. The exchange’s license application to Japan’s Financial Services Agency, The Japan Times reported, was “taking more time than expected partly because Coincheck handles digital currencies whose owners are anonymous.”
Europol’s report on internet organized crime mentioned the emerging role privacy coins play in crime. “While the abuse of Bitcoin remains a key enabler for criminal conduct on the internet,” the European law enforcement agency found, “a number of other cryptocurrencies are beginning to emerge in the digital underground… the likes of Monero or Zcash certainly appear to have more to offer criminals wishing to operate with greater anonymity.”
The US House of Representatives’ Financial Services Committee held a hearing on the the illicit use of cryptocurrencies in mid-2018. Senior officials from several law enforcement agencies testified to the committee about the threats posed by privacy coins.
Department of Homeland Security Deputy Assistant Director Gregory Navarro complained that privacy coins complicate investigations. “Some newer cryptocurrencies have features that make the tracing of them quite complicated. These new anonymity-enhanced cryptocurrencies are clearly ripe for illicit use in an effort to subvert legitimate law enforcement [inquiries].”
Thomas Ott of the Financial Crimes Enforcement Network (FinCEN) testified about what he called anonymity-enhanced cryptocurrencies (AEC’s). “We have seen AECs gain greater adoption by criminals looking for alternatives to bitcoin on darknet marketplaces. For example, AECs were adopted by the darknet marketplace AlphaBay prior to its shut down by U.S. law enforcement last year and U.S. law enforcement seized AECs from Alexander Cazes, the site’s administrator.”
Secret Service Deputy Assistant Director Robert Novy recommended: “additional legislative or regulatory actions to address potential challenges related to anonymity-enhanced cryptocurrencies.”
It’s called “money” laundering for a reason
For all the calls to action by regulators, one simple truth remains. Fiat is the most common vehicle for money laundering and other criminal activity.
“Cash continues to play an important role when it comes to criminals realising their criminal gains,” Europol’s report admitted, “it has well-established methodologies for laundering, and is as readily exchangeable, relatively untraceable, and pseudo-anonymous – similar to the cryptocurrencies favoured in the digital underground.”
In fact, all of the criticisms directed at cryptocurrencies in general, and privacy coins in particular, also apply to traditional, fiat-based cash. Harvard University economist Kenneth Rogoff literally wrote the book on cash as crime-enabler, The Curse of Cash, in which he says most cash circulating today is only used by criminals in a “massive global underground economy.”
Privacy coins, like cryptocurrencies in general, are tools without any moral value. While criminals may take advantage of these coins’ anonymous transactions, there’s little difference from the cash transactions they make now. And just as normal, non-criminal people use cash every day for perfectly innocent reasons, privacy coins can enable the same innocent transactions in the digital space.
How Privacy Coin Protocols Work
Each privacy coin has its own take on delivering anonymous transactions, but most are based on one of three main privacy protocols. In general, these protocols group transactions together in ways that prevent a transaction tracking.
Researchers at Johns Hopkins University first proposed the Zerocoin protocol in 2013 as a way to improve Bitcoin’s privacy. When it became obvious that Bitcoin’s developers would not adopt their proposal, the researchers went on to launch the privacy coin Zcoin.
As first proposed, the Zerocoin protocol would add a second cryptocurrency, the zerocoin, to the Bitcoin blockchain. “You can think of Zerocoin like the world’s biggest laundry,” JHU professor Matthew Green wrote, “one that can handle millions of users, has no trusted party, and can’t be compromised.”
Alice could use her bitcoin wallet to convert bitcoin into zerocoin. Those bitcoins go into an escrow pool on the blockchain. When Alice redeems her zerocoin, that amount of bitcoin gets deposited in her wallet but there’s no trail back to her original bitcoins. “In other words,” Green wrote, “you Mint with one set of bitcoins, and you leave with someone else’s.”
CoinJoin was first proposed in 2013 as a way to add privacy and fungibility to the Bitcoin protocol. Bitcoin’s developers rejected the feature and other projects, such as Dash, incorporated it into their own privacy coins.
In the simple model of a bitcoin transaction, an input arrives from the sender and two outputs emerge, the payment to the receiver and the sender’s change. Bitcoin miners bundle payments together to write a transaction to the blockchain, but the links between each sender and receiver are still there.
CoinJoin breaks those links by grouping multiple senders and receivers together in a single transaction. Mixing the coins together in the transaction means there’s no way to trace a payment back to its source.
CryptoNote first appeared in the controversial Bytecoin project. Although serious questions were raised about Bytecoin’s legitimacy, the CryptoNote protocol itself as well as Monero’s version are available for inspection on Github.
Unlike CoinJoin which adds privacy to currencies based on the Bitcoin protocol, CryptoNote-based currencies use a privacy-first protocol in which ring signatures mask users’ identities.
In the Bitcoin protocol, confirmation of coin ownership happens through public/private key pairs. Let’s say Alice is sending bitcoin to Bob. Alice’s private key gives her the power to send the bitcoin, but she must keep that private key secret to keep control of her money. Instead, she gives Bob a public key which confirms she has the bitcoin to spend.
The CryptoNote protocol pools the public keys of a group of people. When Alice initiates a transaction, the public keys from Carol and Dave combine with hers to provide the verification, eliminating the possibility that the transaction can be traced.
CryptoNote uses one-time keys to address another of Bitcoin’s privacy weaknesses. The use of a single address makes day-to-day Bitcoin transactions much more convenient, but makes your transactions much easier to trace. The one-time key combines the receiver’s public address with a random number, making it unique to that transaction. As a result, nobody can identify any user’s transactions.
Know Your Privacy Coins
The largest privacy coins have a fraction of the market cap of pseudo-anonymous cryptocurrencies like Bitcoin and Ethereum. Monero, Dash and Zcash are among the most widely-adopted projects, but they are just the tip of the privacy coin iceberg.
The long list of privacy-centric cryptocurrency projects includes Bytecoin, Augur, Verge, PIVX, Aeo, Particl, DeepOnion, Bitcoin Private, Zcoin, Nav Coin, Hush, Sumokoin, Hexxcoin. Few of these, however, have gotten much in the way of adoption in the crypto community.
The Monero project builds privacy into every aspect of its cryptocurrency. Dash and other privacy coins based on the Bitcoin protocol, treat the ability to make a private transaction as an option users can choose when they need it. Monero, on the other hand, makes all transactions anonymous unless the user chooses to make a public transaction.
How it works
Monero runs on a modified version of the CryptoNote protocol. RingCT is an enhanced version of the ring signature approach. In addition to a ring signature’s ability to hide the origin and destination of a transaction, RingCT hides the amount of the transaction. At the same time, RingCT reduces the computational overhead that made ring signatures difficult to implement.
The fact that Monero is an entirely different protocol has hampered its adoption. Wallets, exchanges and other crypto services can’t leverage their existing Bitcoin-based technologies. They have to develop and test their Monero-specific code instead. This takes time, talent and resources many groups don’t have.
Bitcoin developer Evan Duffield told CoinGecko that he was “watching and waiting for the Bitcoin team to do something about the fungibility issue, but it never happened. I was messing around with the core client and decided that I will launch an altcoin.” The cryptocurrency Dash, a portmanteau of digital and cash, launched in 2014.
How it works
Dash is based on the Bitcoin protocol and uses an extended version of CoinJoin, called PrivateSend, to anonymize transactions. PrivateSend chunks a user’s inputs into denominations of 0.1, 1, 10, and 100 dash. The protocol then mixes them with other users’ inputs in a common transaction. The transaction outputs payments in the same denominations but in a random order. Running payments through a series of PrivateSend operations ensures the anonymity of the transactions.
Recent research, however, has shown that CoinJoin-based privacy coins can be compromised by a “cluster intersection attack” that uses a web browser’s cookies to reveal addresses on the blockchain.
The scientists who developed Zerocoin launched their own cryptocurrency in 2016 after concluding that Bitcoin’s developers weren’t interested in privacy. Blockchain luminaries like Vitalik Buterin as well as blockchain-centric venture groups like Pantera Capital support the project.
In May 2018, Zcash announced that the State of New York approved Zcash’s listing on the crypto exchange Gemini, the first time a privacy coin has been supervised by a regulatory agency. That doesn’t mean New York’s regulators have embraced anonymous transactions. “At launch, Gemini will support deposits from unshielded or shielded addresses,” announcement from Gemini stated, “but will only support withdrawals to unshielded addresses. We are working to support withdrawals to shielded addresses in the future.”
How it works
Zcash also extends the Bitcoin protocol to enable “shielded” transactions on the blockchain. The Zerocash protocol uses zk-SNARKs, cryptographic proof called Zero-Knowledge Succinct Non-Interactive Argument of Knowledge. Zcash encrypts the transaction on the blockchain while still allowing the transaction to be verified as valid.
A criticism levied against Zcash’s approach is that zero-knowledge proofs are still a very new concept and have not been as thoroughly battle-tested as other approaches.
The promise of fungibility makes privacy coins an alluring option. That’s especially true in a community shaped by the ideals of libertarians, cryptoanarchists and cypherpunks. The ability to make private transactions lets law-abiding crypto holders do things with crypto that they already do with cash.
At the same time, anonymity makes these cryptocurrencies just as alluring to criminals. Cash is bulky and hard to move in volumes, but moving cryptocurrency is as easy as clicking “send”. Even though privacy coin adoption isn’t widespread, regulators and law enforcement officials have reason to worry.
It will be up to the crypto community to ease regulators’ fears. Japan’s apparent ban on privacy coins shows what failure looks like. New York’s acceptance of Zcash trading, however, shows that privacy coins don’t have to be relegated to the criminal underworld.