Bitcoin is not perfectly anonymous.
While it’s true that you don’t have to connect your real name or phone number to a Bitcoin transaction, there are multiple ways to de-anonymize your account.
Every cryptocurrency has some form of blockchain which stores all transactions that ever occurred on its system for eternity. Anybody can download this blockchain and see this history, analyze it and copy it.
The trail of each Bitcoin, for example, may reveal its owners and the ultimate beneficiaries of the money. Most privacy-focused altcoin blockchains change Bitcoin’s cryptographic signatures into techniques to make this trail more obscure.
Unhappy with Bitcoin’s lack of privacy, a bunch of cryptographers and programmers set out to create alternative cryptocurrencies (or altcoins), that provide stronger privacy protections and make it much more difficult to track your funds, find out how much you own, or what payments you make.
3 altcoins that put your privacy first:
Main feature: Ring signatures
Created: April 2014 under the name BitMonero
Total market capitalization: US$1.3 billion
Downside: Large size (kB) of transactions
Transactions per day: ~4,000
Total Blocksize: 29.2 GB
Privacy feature: Ring signatures
Monero has implemented the concept of ring signatures. A ring signature proves that someone in a group of people signed something, but it does not reveal who.
Imagine you are standing in front of ten lockers, each of which has an unknown number of coins inside. You can now prove that you have the key to one of these lockers, but you do not have to show which one.
Only during a transaction would you unlock and transfer the coins to somebody else and just you and they will know how many coins you transferred.
Monero receives criticism as it is difficult to use, especially for newcomers. Their development focuses on the core architecture of the coin rather than building wallets or simple integrations. For a long time, the only way to interact with the Monero wallet was through a command-line interface.
Ring signatures are also very expensive and the computation time for verification is relatively long. The signatures require a lot of data (a single standard transaction can be larger than 15kB, as compared to 260 bytes in Bitcoin). Of course, the data also needs to be transferred and stored, which makes blockchains with ring signatures challenging to scale upwards.
Main feature: Coinjoin
Created: January 2014 under the name Darkcoin
Total market capitalization: US$2 billion
Downside: Makes unproven assumptions about privacy and security
Transactions per day: ~5,000
Total Blocksize: 4GB
Privacy feature: Coinjoin
Dash uses the Coinjoin mechanism (which is also available for Bitcoin) multiple users tie their transactions into one, making it difficult for an observer to see which inputs belong to which outputs (see the graphic above). It is still, however, possible to ascertain which address has how much funds in it.
Critics accuse Dash of running like a professional company, rather than a decentralized team. The fear is that attackers of the project, for example, governments, only have to compromise a single organization to undermine the cryptocurrency. As Dash focus more on marketing than developing the coin, it might also push security priorities behind. For example, the last commit to their Github repository was over half a year ago.
The Coinjoin mechanism receives criticism for being an insufficient privacy solution that, if properly implemented, would not need a new blockchain. The main advantage of Dash over Bitcoin’s Coinjoin is that everyone in Dash is required to use it, which means users don’t stick out that much for valuing their privacy.
There are also concerns though that an incorrect implementation of Coinjoin might still open up users to deanonymization, as the graphic below illustrates.
Main feature: Zero-knowledge proofs
Created: October 2016
Total market capitalization: US$600 million
Downside: Few use the Zero-knowledge Proofs
Transactions per day: ~5,000 (~12 of which using full privacy features)
Total Blocksize: 7.7 GB
Privacy feature: Zero-knowledge proofs
The concept of a zero-knowledge proof is to show you know the solution to a problem without revealing the solution.
Imagine having two coins in front of you, one yours and one owned by somebody else. Zero-knowledge proofs allow you to show without a doubt that you own one of the coins, without revealing which one it is. By using this feature, you can prove that you have coins, but not which coins you own—nobody can see how many coins you have, even if they know your address.
The cypherpunk scene criticizes ZCash for being a company, rather than a decentralized group of people. ZCash raised money from Venture Capital firms, and 20% of the ZCash mining reward goes back to these early investors.
The integrity of zero-knowledge proofs depends on an initial key creation ceremony, in which an encryption key is created and later destroyed.Trusting ZCash means trusting this ceremony since anybody in possession of this key could arbitrarily develop ZCash out of nowhere.
Similar to ring signatures, zero-knowledge proofs consume a lot of processing power and bandwidth and threaten the scalability of the project. Unlike in Monero, ZCash has made the use of zero-knowledge proofs optional, and less than 1% of all transactions use them, which makes it hard to use ZCash as an anonymous payment vehicle.
Could Bitcoin implement ring signatures and zero-knowledge proofs for more privacy?
While it would be feasible to implement ring signatures and zero-knowledge in Bitcoin, it’s highly unlikely that it will ever happen due to the reluctance of the Bitcoin ecosystem to make significant and risky changes and the poor scalability of these cryptographic techniques.
While Coinjoin transactions are possible in Bitcoin already, they are sparingly used, making them less useful as a privacy cloak.
Also published on Medium.