Privacy-enhancing Technology: Zerocoin Protocol

In Bitcoin, all transactions are broadcasted on a public ledger. Research has shown that external information, such as publicly announced addresses, can be used to link identities and organizations to transactions. The default reuse of bitcoin addresses exacerbates this problem. Furthermore, the same type of mechanism used to break privacy in social networks, such as the analysis of social network topology, can be used to break privacy in the Bitcoin network.

A section of the public ledger shown, which breaks privacy

Cryptocurrency blocks, shown above, have a transaction limit. This further limits the anonymity set in all previously attempted solutions.

Bitcoin and preceding alternative cryptocurrencies have attempted to solve this problem through the use of transaction mixers or ring signatures. However, there are a number of drawbacks to these proposed solutions. For one, a malicious or compromised member of a mixer or ring signature can break privacy. Furthermore, the anonymity set is a key metric to understanding how private a cryptocurrency is. The anonymity set in formerly proposed solutions is limited by the size of the mixing cycle or ring signature. Each mixing cycle or ring signature is limited by the number of transactions per cycle, which is transitively limited by the the block size of the cryptocurrency. Thus, the anonymity set in previous attempts at privacy tends to only be a few hundred transactions.

With Zcoin, the anonymity set is on a dramatically higher magnitude. Instead of having an anonymity set limited to the few dozen, Zcoin has an anonymity set that encompasses all minted coins in a particular RSA accumulator that can scale to many thousands and unlike other solutions is not subject to transaction graph analysis.

Zero-Knowledge cryptographic proofs

Whitepapers