Cryptocurrency exchanges have not been immune from the extreme volatility of global markets. 2020 has been a turbulent year for any investor, and certainly for anyone trading cryptocurrency.
As markets tank and a bear mentality sets in, adventurous buyers will no doubt see opportunity: cryptocurrency is undergoing a fire sale right now and can be scooped up cheaply, in expectation of a rising tide in the future. If we face a new global recession, investors may look for options beyond traditional fiat currencies like the U.S. Dollar and Euro and instead invest in Bitcoin and so-called "altcoins".
For people who care about privacy, what coins can be trusted? Are there truly private and anonymous cryptocurrency transactions? We take a look at three "privacy coins" that dominate the discussion (Monero, Zcash, and Dash) as well as the Bitcoin Lightning Network.
What is Monero?
Monero (XMR), meaning "coin" in Esperanto, was launched in 2014 as a fork of Bytecoin, the first cryptocurrency designed for anonymous cash settlement. The Monero protocol obfuscates the three parts of any currency transaction: the sender, the receiver, and the amount sent. Monero protects this transaction information via a combination of methods designed to protect privacy:
conceals the sender's identity through
Ring Signatures, past signatures from Monero's blockchain. These act as
decoys and make it impossible for observers to determine who
actually sent the transaction. Currently, the ring-size is configured so that there is only a 1/10 chance of guessing the
sender for each transaction.
conceals the transaction amount through
Ring CT (Ring
Confidential Transactions). Instead of broadcasting the actual
amount sent, the user transmits only a random amount of information.
This data is enough to verify that the amount sent is legitimate,
while keeping the actual amount private.
conceals the receiver through
stealth addresses. An example — If I’m the recipient, funds are sent to a one-time different
address (derived from my public address), instead of directly to me.
- Monero currently uses the Tor anonymity network to conceal the sender's IP address (an identifier usually tied to the sender's computer). Monero's own Tor-like anonymizing network, called Kovri, is in ¨ heavy, active development¨ and is being developed to replace the role of Tor in Monero transactions. Kovri will reroute transactions through multiple nodes to obfuscate IP addresses.
In contrast to privacy coin competitors, Monero's blockchain is private by default — there's no transparent transaction option.
How does the Monero platform work in practice?
The Monero platform employs a proof-of-work (PoW) consensus protocol, with a blocktime of two minutes ("blocktime" is a difficulty level set by the network's algorithm to ensure the difficulty of generating coins is adjusted over time).
The service, managed by volunteers who are funded by user contributions, receives 100 percent of the block awards. Its XMR token is 100 percent fungible. Each token is equal in value to another, stopping observers from tracking its history (in contrast to Bitcoin where BTC is traceable). Since Monero lacks a block size limit, its block size can be increased on demand.
and detailed implementation is one reason Monero has grown in popularity and is now the most prominent privacy-focused coin on the market, with the highest market capitalization.
However, Monero is not impervious to complaints. Over the years, Monero has
had to deal with various setbacks that the project has collected on its
Monero Research Lab page,
where Monero makes a concerted attempt to patch these glitches and
major setback occurred throughout 2014-2017, when user's transactions were
leaked in a common
CryptoNote protocol breach
before Monero developers patched the bug. You'll find those
Monerolink.com. In 2018, Malt
Moser et al
deanonymize 62% of all Monero transactions. In July 2019, Monero
it found nine security vulnerabilities on that same underlying
CryptoNote technology. One critical bug could have yielded the
network to hackers.
While discussing the CryptoNote technology, Hunter Johnson,
Associate Professor at John Jay College of Criminal Justice, warned
protocol reveals that the sender and recipient belong to certain
groups of users, thus leaking some amount of information about the
identities of the parties involved, or at least their addresses. An
adversary knows that a party in a group of senders A sent a payment
of a known amount to a party in a group B of receivers.
For Johnson, Zcash, with its "perfectly" implemented mathematical algorithm of zero knowledge proofs, provides more theoretical security than Monero.
What is Zcash?
Zcash (ZEC) was originally created as an anonymous version of Bitcoin and, like BTC, has 21 million coins — but that's where the resemblance to Bitcoin mostly ends. Unlike Bitcoin, Zcash offers total privacy through ingenious cryptography that obfuscates the sender, receiver, and transaction amount.
Zcash functions through two types of transactions: T-addresses and Z-addresses. T-addresses are transparent, taking after Bitcoin, where you see the wallet addresses on the blockchain. In Z-address mode, IP address details and the transaction amounts are concealed, or "shielded", except when you transact to a t-address, in which case a tiny part of the transaction is revealed.
To clarify, Zcash gives you four options:
- Transparent address to transparent address: A deshielded transaction
- Transparent address to shielded address: A shielded transaction
- Shielded address to shielded address: A shielded transaction
- Shielded address to transparent address: A deshielded transaction
How does Zcash privacy work in practice?
If you choose z-mode, each aspect of your transaction vanishes and can be revealed only through a theoretical computation called a "zero knowledge proof", where one party can prove to another party that the statement is undeniably correct without revealing the underlying sensitive information. It's as if a bandage were plastered over transaction details otherwise transparent on the blockchain. The only thing observers can deduce is that a transaction occurred.
The "zero knowledge proof" works through a complex mathematical technology called zk-SNARKS — or "Zero-Knowledge Succinct Non-Interactive Argument of Knowledge", a complex acronym that's as complex as the underlying technical concepts.
Let's consider an example. When you send money to someone else in z-address mode, both your address
and that of the recipient's, as well as the amount, are
shrouded in the zero knowledge proof that's wrapped in an encrypted
logarithm. This proof construction, or "secret key", helps Zcash
miners verify the transaction information without seeing or revealing
that sensitive data. In other words, once miners solve the
algorithm, all it tells them is your transaction is legitimate
namely, that your identity and the amount are valid.
miners don’t know the addresses or amount. Once
they validate the proof,
the zk-SNARK on the blockchain for participants to see.
zk-SNARKs was introduced by Eli Ben-Sasson et al in 2015 as an extension of the Goldwasser, Micali, and Rackoff (1985) thesis of zero knowledge proofs. The proof essentially reduces to complex computation and cryptography called the Quadratic Arithmetic Program (QAP), based on the research of scientists from MIT, Technion, and Tel Aviv University.
This zero knowledge zk-SNARKs computation was folded into the protocol of Zcash in 2016, through a so-called "ceremony" (recorded live on YouTube and uploaded on RadioLab), where six top cryptographers from different countries used zk-SNARKS parameters to construct and verify the zero knowledge proofs of the Zcash blockchain. Participants coordinated their actions, with each performing mathematical calculations on brand-new computers disconnected from the Internet. Each individual burnt his results to a DVD and securely sent that data to another participant who, in turn, burnt that data to another DVD, and so forth over 27 hours. After the ceremony, each participant thoroughly destroyed all traces of his work to secure Zcash from forgeries.
Zcash is a Proof of Work (PoW) system with a blocktime of 2.5 minutes. 20% of block awards go to the founders and 80% go to miners. Originally a for-profit company, Electric Coin Company is now managed by the non-profit Zcash Foundation that acts as stewards for the Zcash protocol.
Zcash is considered fungible — individual units are interchangeable, while the zero knowledge proof sizes are small, helping miners process blocks rapidly.
Zcash seems to be gaining steam as a privacy coin, and a recent upgrade boosted the efficiency and functionality of Zcash shielded transactions, making them faster and more secure. Zcash is also the first private cryptocurrency poised to run private transactions on a mobile app.
However, a recurring complaint with Zcash is that only its z-transactions are shielded. These are mixed with unshielded t-transactions that may allow data to slip through. One study found that fewer than 1% of Zcash transactions are "truly private" (shielded-shielded transactions.
Following in the cryptocurrency tradition, Zcash suffers from the problem of anonymity. Bitcoin's origin story remains shrouded in mystery — its creator, known only by the name of Satoshi Nakamoto, is anonymous. Likewise, Zcash skeptics refer to the Zcash cloak-and-dagger origin story — where both calculations and protocol remain shrouded — for their distrust. How can anyone trust that the initial Zcash setup was done correctly or that it wasn't compromised?
In the words of Micheal Arrington, founder and former co-editor of TechCrunch:
It's not a trustless setup, they openly admit that the setup requires trust, which is the core antithesis of cryptocurrencies, might as well just use central banks... we don't know if the laptop was secure, we don't know if the footage was edited or not... and there are millions of other ways this could have been compromised. So essentially we don't know whether there is a backdoor in this currency or not, since it's totally untransparent, might as well just be closed source.
As one of its ceremony participants, Peter Todd told Fortune:
zk-SNARKs are a very sophisticated mathematical technique, but you’ve got to remember how novel this math is. It would not surprise me and many other cryptographers if, in the future, that math got broken, making the entire system no longer secure.
What is Dash?
Dash (DASH) is a fork of Bitcoin with three different names since its inception in 2014: ExCoin, DarkCoin, and — in 2015 — Dash (Digital Cash).
While other privacy coins employ miners, Dash uses masternodes for eliminating transaction traceability and for faster payments. More specifically, Dash uses the trustless method of CoinJoin to randomly combine coins from multiple senders into a single transaction. Dash masternodes shuffle those coins and send required amounts to the appropriate recipients, obfuscating details of the particular donors.
It is this same masternode feature that helps Dash confirm transactions in just 2.5 minutes — considerably faster than the average of ten minutes for Bitcoin. While competitors send transactions through miners, Dash uses its select group of masternodes that confirms blocks faster.
Launched in 2014 by Evan Duffield and Daniel Diaz, Dash is a Proof of Work (PoW) protocol, with 45% of block awards reverting to master nodes, 45% to miners, and 10% to its treasury. Dash has a government or voting model and a treasury with " funds that never run out".
it comes to its privacy features, Dash uses an
option for transparent transactions and a private option called
that makes its coin fungible. Dash development, partnerships, community projects, and integrations are funded by the "unstoppable" Dash treasury.
With masternodes as the highly-committed and powerful custodians of Dash, some see the system as a plutocracy. Masternodes process the Dash features (e.g. InstantSend, PrivateSend and usernames), act as shareholders, vote on proposals for improving the Dash ecosystem, and generally serve as Dash decision-makers.
Whatever you might think of its governance model, Dash is cheap, easy to use, and 51% resilient to attack. Presumably, the maternodes are so invested in the platform — each owns around $90,000 in DASH — that they're on constant alert for attacks.
Despite its ease of use and resilience, Dash has been criticized for its privacy features. As writer Aaron van Wirdum points out, how can anyone trust the masternodes will not divulge sensitive or personal data? After all, anyone with enough capital can infiltrate that elite circle:
If these masternodes are run by spies or share their information with spies (on purpose or by accident), the Dash users gain less than nothing.
Even Glenn Austin, Chief Financial Officer at Dash Core Group, warns users not to invest in Dash for its privacy features, saying, "Dash is not a privacy coin and furthermore has less privacy options than Bitcoin."
Austin goes on to explain that Dash uses the same transparent public blockchain as Bitcoin, that its PrivateSend feature is optional and used by less than 1% of the network, and that "Coinjoin is a technique for privacy as opposed to a technology, so it can be used with any cryptocurrency with a transparent blockchain, not just Dash or Bitcoin."
What is the Bitcoin Lightning Network?
contrast to the currencies often called "privacy coins" such as Monero, Zcash, and Dash, The Bitcoin (BTC)
Lightning Network and Liquid Network
serve as scaling technologies, offering privacy as a feature. However,
the longevity and transparency of Bitcoin serves to aid in trust and
assurance in the technology.
The Liquid Network is built to address particular needs of traders and exchanges,
and is therefore a platform that is likely out of scope for ordinary users. For that reason, we'll focus on the Lightning Network.
One potential issue with "privacy coins" is that their reliance on new, complex, and untested cryptographic methods makes it harder to tell if bugs have invaded their systems. By this rationale, your
transactions could be revealed or hacked before vulnerabilities in
privacy coins are even discovered, let alone fixed. On the
other hand, for all its flaws, Bitcoin's transparency
sees what's going on with the network's base layer — better ensures that bugs are
detected and dealt with promptly.
Lightning Network is basically an overlay network for Bitcoin. Instead of having your original transaction encoded on the Bitcoin ledger, you have a patched layer on top that serves as a payment channel between two entities, so that transactions are faster and cheaper. At the same time, this Lightning Network outer layer obfuscates details of transactions within the channel, giving you greater privacy in bitcoin payments relative to broadcasting a bitcoin payment "on-chain."
While seeking expert opinion for this article, it became clear that proponents of the Lightning Network prefer these Bitcoin layers to privacy coins for three reasons.
First, any new coin is suspect since its implementation or governance could be contaminated by greed. Compare "Please buy our new privacy token, pay us X amount in USD" in contrast to engineers who voluntarily work on the Bitcoin blockchain to improve its security and efficacy.
Second, all privacy coins are at least six years younger than the BTC cryptocurrency and have far less liquidity than Bitcoin. If these systems are non-liquid, users have less people to transact with. In other words, even if a coin says it's "private," it does not mean the coin can reasonably be used privately. This is compounded by the fact that, since 2019, exchanges have been delisting privacy coins, including Monero, Zcash, and Dash, citing compliance with national regulators. As with most technologies offering privacy, transactions are a two-way street — what good are currencies that offer privacy features if no one will accept them? When these coins can be sold on exchanges, private information about users is usually collected. Coinbase seems to have experimented with facial recognition, and exchanges are increasingly pressured to collect more data.
The third reason is most important: battle-hardened Bitcoin has successfully
dealt with malicious
hacking and scams for 11 years. Its blockchain
developers have continually detected, fixed, and scoured their platform
for bugs. How can we know these younger and less-tested coins
are more reliable and secure than Bitcoin?
Andreas Antonopoulos, popular cryptocurrency speaker and tech entrepreneur,
praises the Lightning Network's role in improving the speed and
scalability of the Bitcoin ecosystem but emphasizes that the greatest benefit is increased privacy.
The Lightning Network, however, is not immune to criticism. Privacy coin proponent Eric Wall, CIO of
Arcane Assets, states that although Bitcoin's transparency helps it detect bugs promptly,
this benefit does not extend to the Lightning
Network. He notes, "It is recognized within the cryptocurrency community that maintaining
good privacy hygiene on Bitcoin’s transparent blockchain is a challenge." This, of course, is a recurring theme with any privacy-enabling technology.
The quest for privacy in cryptocurrency is an elusive one, and we should remember that perfect privacy doesn't exist. Newcomers to the cryptocurrency space should be especially cautious, as there is a consistent pattern of projects that are sold as "private" but fail to protect their users.
properly, each of the options we discussed will afford you more privacy
than "normal" cryptocurrency transactions, and certainly much more than
standard credit card or electronic transactions. At the same time, each
privacy coin has
its pros and cons, and a fundamental vulnerability in the underlying
software could expose your transactions. Building trust and
assurance in a technology takes time, and your favorite options will no
doubt shift alongside changes in the digital landscape.
Monero lead maintainer Riccardo Spagni said in a
Wired interview, “Privacy isn’t a thing you achieve, it’s a constant
Privacy Coins and Overlay Networks
- As with any privacy technology, do your homework when it comes to privacy coins. We've covered some options here, but there are emerging competitors as well as older coins built on similar privacy concepts.
- Global markets are volatile and will be for the foreseeable future. Before putting any money into cryptocurrency, consider the risks carefully. Coins that exist today could disappear tomorrow, though industry reports suggest increased investment in coins besides Bitcoin.
- To get started with Monero, check out this documentation and see Monero Outreach's guide to best practices.
- If you want to understand Zcash, begin with the basics and spend time learning how the different types of transactions work.
- To dig into Dash, familiarize yourself with the variety of apps and their features.
- For a better understanding of private Bitcoin transactions and the Lightning Network, check out BTCPay Server.
- If you're feeling adventurous and want to dive into the Bitcoin trading deep end, check out the Liquid Network.
Editor's Note (April 7, 2020): This article was corrected to more accurately reflect statements from sources.