Zcoin offers one of the best mechanisms to anonymise your coins but there are some best practices when minting and spending your Zerocoin.
The two layers of Zcoin
Zcoin’s system relies on two layers:
- Zcoin (as the base coin)
The base coin can be considered just like a regular coin and works exactly like Bitcoin. All transactions are transparent and visible although addresses are pseudonymous. Just like Bitcoin, all base coins will have a publicly visible history from the first time they were created.
The Zerocoin layer is where you will anonymise your coins and it works through the Mint and Spend transactions. You can think of the Zerocoin layer as a form of coin laundry where you will put in your existing ‘dirty‘ coins (that have a long transaction history) and then redeem new ‘clean‘ coins that appear to be brand new and have no prior transaction history. Unlike other coin mixing solutions, Zerocoin does not rely on trust of other people you’re mixing with and is built directly into Zcoin’s protocol.
Minting and Spending Zerocoins
The first step in anonymising your coins is the Mint process where you convert base coin into a Zerocoin. The Minting process involves burning up your base coin to create a Zerocoin. This Zerocoin cannot be used directly but will be used to redeem new base coins later on.
You do this by going to your Zerocoin tab in your wallet and clicking on Mint and selecting the number of Zerocoins you want to Mint. This will be charged a one-time fee of 0.1 XZC regardless of the amount you mint. Note that Zerocoins can only be Minted and Spent in fixed denominations of 1, 10, 25, 50 and 100. It is planned to add the 1000 denomination in a later release.
You are then required to wait for 7 confirmations for your mint (around 70 minutes) before you are allowed to Spend these Zerocoins.
The next step is to do a Spend transaction on these Zerocoins to convert them back into a base coin. Once you click on Spend, you will redeem the Zerocoins you minted into the same amount of base coins. These new base coins will be sent to a new Zcoin address and will have no transaction history. These coins are therefore now anonymous and can be sent to anybody and in any denomination. Zero-knowledge proofs allow you to prove that you did indeed Mint Zerocoins and burn up your base coins to entitle you to redeem new coins via the Spend transaction without revealing which Mint you performed. Thus outsiders will only know that you must be one of the thousands of Mints of the same denomination that have been made.
Although the new coins you redeem in the Spend transaction are technically untraceable to the initial coins you burnt up in your Mint transaction, there are methods in which people can attempt to guess or narrow down which Mint transaction corresponds to a Spend transaction. For example, if after Minting a Zerocoin, you always Spend it immediately after it has confirmed, outsiders can guess that the Spend transaction corresponds with the prior mint especially if this happens regularly. Or if you always Mint or Spend transactions on a fixed schedule, over time, these transactions may be narrowed down to you. So although the underlying cryptography is secure, regular and predictable behaviour can reduce your anonymity.
To reduce the success of these forms of analyses and make your use of Zerocoins the most efficient, following a few easy steps will make these attacks less likely:
- Mint Zerocoins way before you need them: Just Mint Zerocoins whenever it is convenient so they do not correspond to your Spend transaction timing. The more time that has elapsed between your Mint and Spend transaction, the more anonymous your transaction will be as more people will have Minted and Spent making it harder to pinpoint your transactions.
- Mint more Zerocoins than you need for a transaction: Let’s say you need to spend 3 XZC, you can either do it through 3 Mint / Spend transactions or you can do it via a Mint/Spend of any of the larger denominations (10, 25, 50, 100). Remember the Mint fee is fixed at 0.1 XZC regardless of how many coins you Mint, so it is more efficient to just Mint more than you need! It is also expected that more people will Mint larger denominations to anonymise their Zcoin holdings with minimal fees so it is potentially more anonymous to Mint larger denominations compared to the smaller denomination Mints.
- Use TOR or a VPN: Whenever you do any Zcoin transaction including Spends and Mints, like Bitcoin, it sends the necessary data to other clients, effectively broadcasting the transaction to the network. ISPs, authorities and network owners can see this transaction and tie it to your real IP address. Using TOR or a VPN while using Zcoin will make this a lot harder by encrypting your connection and hiding your true IP in the transaction. It is planned to have TOR in-built support in our client in future releases though you can already use TOR by downloading TOR browser, turning it on and then proxying your connections to 127.0.0.1:9150 in the Zcoin Network settings page.