Privacy Coins: Monero vs ZcashReading Time: 6 minutes
Common cryptocurrencies like Bitcoin and Ethereum are some of the most transparent payment methods in existence. Although commonly thought of as anonymous, in they are technically pseudonymous. While no identity data is tied to the Bitcoin blockchain, the entire history of transactions on it are publicly available. These blockchains provide a permanent transparent record of everything from addresses to transaction amounts. If you’ve participated in any ICO’s they have your personal information and address, the same with most exchanges. Privacy is a central principle of the cypherpunk movement that paved the way for Bitcoin and cryptocurrency. However, keeping track of all transactions is how the blockchain knows you didn’t spend the same coin twice. Due to the difficulty of achieving true anonymity, most cryptocurrencies don’t preserve their users privacy.
Why is privacy so important?
Before you say “I have nothing to hide” and forget about the matter entirely, lets consider a few reasons why privacy is important for everyone, not just criminals. Having your financial information transparent to the world can expose you, and those you transact with, at risk. It’s commonly understood that you’re always at risk of cyber-attack when connected to the internet. However, the transparent nature of Bitcoin and other cyrptocurrencies has also led to physical attack. Additionally, having all of your business transactions exposed to the world could cause potential damage. If we are innocent until proven guilty, then privacy is a right. Moreover, we can not take for granted that our rights will be observed, rather human rights are a long fought battle.
“we cannot expect governments, corporations, or other large, faceless organizations to grant us privacy … we must defend our own privacy if we expect to have any.”—Cypherpunk Manifesto
Blockchain privacy refers to features that obfuscate data on the blockchain, such as addresses and transaction amounts. This is the most important level to secure privacy, without which, users can be identified relatively easily. Monero and Zcash are the two best-known privacy coins, but the technology that drives their anonymity is very distinct. We are going to evaluate the level of privacy and appropriate use case for both coins.
Monero relies upon ring signatures, ring confidential transactions (RingCT), and stealth addresses to hide transaction data. This data includes the sender, receiver and, amounts. RingCT hides the amounts and the route of the transaction. Stealth addresses then allow recipients to publish just one address but receive payments through multiple unlinked addresses. This means that only the sender and receiver in a transaction have specific knowledge of the payment.
Unfortunately, researchers have identified privacy flaws with Monero. A comprehensive study in April 2017 cast major concerns on Monero’s ring signatures, which it claimed could be de-anonymized through “chain-reaction analysis.” Fortunately, according to the Monero developer team, the paper’s concerns no longer apply as the blockchain is vastly improved due to the integration of RingCT and stealth addresses.
Zcash achieves a similar level of blockchain level privacy through a different feature, zk-snarks. Zk-snarks expands on a much older concept called zero-knowledge proofs. They allow you to prove something while only revealing a minimal amount of information. As a result, you can keep all of your transaction data completely hidden. Importantly though, stealth transactions are optional with Zcash.
Zcash has also suffered privacy breaches in the past. A study in May 2018 found that 69 percent of shielded transactions could be linked to either founders or miners. This problem continues to hurt Zcash, mainly because of how few users are using stealth transactions on the network. Upcoming changes are seeking to rectify this.
Network privacy refers to features like the Tor and I2P networks. These features aim to anonymize users activity on the network by hiding information such as IP addresses. Features like this can either be built-in or optional.
Monero is currently developing something called Kovri. This is a C++ version of the current I2P network and is designed to dissociate IP addresses from transactions and hide geolocations. Currently, despite Monero concealing the blockchain data, onlookers can still identify users via the leaking of IP addresses. Kovri aims to stop this vulnerability.
It will be particularly valuable to users operating in countries hostile to privacy-centric blockchains like Monero. The project is currently in alpha with no release date yet for full deployment. So until then, users of Monero must manage their own network protection.
There are currently no built-in network privacy features for Zcash. However, users can choose to operate on top of the Tor network. Although just like the blockchain level privacy, this is optional.
Privacy features can either be optional or mandatory. Optional privacy offers you more flexibility as you can move between private and public transactions. However, this does have the potential to undermine the privacy of other users, something which mandatory privacy prevents.
Monero is one of the few privacy coins that is private by default. This default setting protects all users by keeping everyone on the same standard. One downside, though, is that this results in a greater load on the network due to heavier transactions. As we shall see below, however, the development team is actively tackling this problem.
As mentioned before, Zcash stealth transactions are optional. To some community members, this is one of its greatest flaws. Users migrate back and forth between a public and a private version of the blockchain at their own will. This can leak metadata that undermines anonymity.
Additionally, few people use stealth transactions, just 13.4 percent of total transactions. This is partly because transactions are still expensive but also because few wallets support the transaction type. Since Zcash is a fork of Bitcoin, it’s easy for wallets to support regular Zcash usage. However, it’s far more complicated to integrate support for stealth transactions.
While Zcash’s privacy is optional, the arrival of the Sapling upgrade is being heralded as an opportunity for privacy to become default in the future. By making the construction of zk-snarks more efficient, it should also make stealth transactions much cheaper.
Both projects have struggled with the huge transaction data demands that their respective privacy features impose.
Since privacy is not optional with Monero, high fees and slow confirmations were commonplace compared to transparent blockchains. The October 18th hardfork, however, has sought to alleviate these concerns by integrating bulletproofs into the RingCT. This feature aims to reduce transaction data by up to 80 percent, thus reducing fees and decongesting the network.
Similarly, few people have been using Zcash stealth transactions because of the huge amount of processing power that zk-snarks require.
The Sapling upgrade, scheduled for October 28th, should increase the efficiency of zk-snark generation for stealth transactions. It will reduce the RAM requirement for such transactions from 3 GB to 40 MB, a substantial drop. The upgrade should bring stealth transactions to mobile wallets and hopefully increase their dominance on the network.
Even more interestingly, the Zcash team is working on a privacy-centric version of the Lightning Network called BOLT. BOLT aims to bring a second layer protocol, combining significant throughput with top-level privacy built in. It will shield user identities, transactions, and balances.
Centralization Threats to Privacy
Regardless of any privacy feature, centralization can undermine privacy completely and is something people rarely consider.
Trusted vs. Trustless
While the cryptography for zk-snarks is strong, it’s not a trustless system. They require a permissioned private key for setup, and if this key is exposed, the privacy of the entire network is at risk. Many proponents of Zcash dispute the extent of this vulnerability though. Zk-snarks are truly cutting edge, so they currently have limited peer review. As a result, right now, they pose a greater risk than Monero’s privacy setup.
Regardless of privacy features, the biggest privacy threat to both projects is the interaction with exchanges. Unless you purchase your coins in-person you will have to go through an exchange. Any purchases with fiat currency require strict know your customer (KYC) verification. Purchases via another coin, such as Bitcoin, will still leave you vulnerable due to the transparency of the other coin.
We should look at privacy on a scale rather than as a binary distinction. Neither Monero nor Zcash is going to ever absolutely guarantee anyone’s privacy. However, they are the best options available in the market and continue to build new ways to increase anonymity.
If you are looking for the ultimate level of privacy, then Monero is the gold standard. Even though fees and speeds may be wanting, its blockchain and network level privacy is the best in the space. What’s more, by making privacy default, you cannot be compromised by others. This is not the case with Zcash. Of course, not everyone requires this level of privacy. For those looking for better wallet and exchange support and the flexibility to move in and out of public and private transactions, then Zcash is a much better option.
By: Ben Whittle
- Cypherpunk Essentials: A Beginner’s Guide to Crypto Privacy
- ACLU: You may have nothing to hide, but you still have something to fear.
- Physical Bitcoin attacks and burglaries on the rise
- Cypherpunk Manifesto
- An Empirical Analysis of Traceability in the Monero Blockchain
- An Overview of Privacy in Cryptocurrencies
- Kovri is a free, decentralized, anonymity technology developed by Monero.
- Zcash Blog
- What are zk-SNARKs?
- Wasabi: Privacy Focused Bitcoin Wallet for Desktop
- Bitcoin as a Privacycoin: This Tech is Making Bitcoin More Private
- Grin is a blockchain and a cryptocurrency focused on privacy and scalability