Zerocoin is a

privacy protocol Privacy protocols are guildlines intended to allow computation while still protecting the individuals involved. It can be developed from just two individuals trying to discover if they both know the same secret, without leaking information about ...

proposed in 2013 by

Johns Hopkins University Johns Hopkins University (Johns Hopkins, Hopkins, or JHU) is a private university, private research university in Baltimore, Maryland. Founded in 1876, Johns Hopkins is the oldest research university in the United States and in the western hem ...

professor Matthew D. Green and his graduate students, Ian Miers and Christina Garman. It was designed as an extension to the Bitcoin protocol that would improve

Bitcoin Bitcoin ( abbreviation: BTC; sign: ₿) is a decentralized digital currency that can be transferred on the peer-to-peer bitcoin network. Bitcoin transactions are verified by network nodes through cryptography and recorded in a public distr ...

transactions'

anonymity Anonymity describes situations where the acting person's identity is unknown. Some writers have argued that namelessness, though technically correct, does not capture what is more centrally at stake in contexts of anonymity. The important idea he ...

by having coin-mixing capabilities natively built into the protocol. Zerocoin is not currently compatible with Bitcoin.

History

Due to the public nature of the

blockchain A blockchain is a type of distributed ledger technology (DLT) that consists of growing lists of records, called ''blocks'', that are securely linked together using cryptography. Each block contains a cryptographic hash of the previous block, a ...

, users may have their

privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...

compromised while interacting with the network. To address this problem,

third-party Third party may refer to: Business * Third-party source, a supplier company not owned by the buyer or seller * Third-party beneficiary, a person who could sue on a contract, despite not being an active party * Third-party insurance, such as a Veh ...

coin mixing service can be used to obscure the trail of cryptocurrency transactions. In May 2013, Matthew D. Green and his graduate students (Ian Miers and Christina Garman) proposed the Zerocoin protocol where cryptocurrency transactions can be anonymized without going through a trusted third-party, by which a coin is destroyed then minted again to erase its history. While a coin is spent, there is no information available which reveal exactly which coin is being spent. Initially, the Zerocoin protocol was planned to be integrated into the

Bitcoin network The bitcoin network is a peer-to-peer payment network that operates on a cryptographic protocol. Users send and receive bitcoins, the units of currency, by broadcasting digitally-signed messages to the network using bitcoin cryptocurrency ...

. However, the proposal was not accepted by the Bitcoin community. Thus, the Zerocoin developers decided to launch the protocol into an independent cryptocurrency. The project to create a standalone cryptocurrency implementing the Zerocoin protocol was named "Moneta". In September 2016, Zcoin (XZC), the first cryptocurrency to implement the zerocoin protocol, was launched by Poramin Insom and team. In January 2018, an academic paper partially funded by Zcoin was published on replacing

Proof-of-work system Proof of work (PoW) is a form of cryptographic proof in which one party (the ''prover'') proves to others (the ''verifiers'') that a certain amount of a specific computational effort has been expended. Verifiers can subsequently confirm this exp ...

with memory intensive

Merkle tree In cryptography and computer science, a hash tree or Merkle tree is a tree in which every "leaf" (node) is labelled with the cryptographic hash of a data block, and every node that is not a leaf (called a ''branch'', ''inner node'', or ''inode'') ...

proof algorithm in ensuring more equitable mining among ordinary users. In April 2018, a cryptographic flaw was found in the Zerocoin protocol which allows an attacker to destroy the coins owned by honest users, create coins out of thin air, and steal users' coins. The Zcoin cryptocurrency team while acknowledging the flaw, stated the high difficulty in performing such attacks and the low probability of giving economic benefit to the attacker. In December 2018, Zcoin released an academic paper proposing the Lelantus protocol that removes the need for a trusted setup and hides the origin and the amount of coins in a transaction when using the Zerocoin protocol.

Architecture

Transactions which use the Zerocoin feature are drawn from an

escrow An escrow is a contractual arrangement in which a third party (the stakeholder or escrow agent) receives and disburses money or property for the primary transacting parties, with the disbursement dependent on conditions agreed to by the transacti ...

pool, where each coin's transaction history is erased when it emerges. Transactions are verified by

zero-knowledge proof In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true while the prover avoids conveying any additional information a ...

s, a mathematical way to prove a statement is true without revealing any other details about the question.

Zerocash

On 16 November 2013, Matthew D. Green announced the Zerocash protocol, which provides additional anonymity by shielding the amount transacted. Zerocash reduces transaction sizes by 98%, however was significantly more computationally expensive, taking up to 3.2 GB of memory to generate. More recent developments into the protocol have reduced this to 40 MB. Zerocash utilizes succinct non-interactive zero-knowledge arguments of knowledge (also known as

zk-SNARK Non-interactive zero-knowledge proofs are zero-knowledge proofs where information between a prover and a verifier can be authenticated by the prover, without revealing any of the specific information beyond the validity of the transaction itself. T ...

s), a special kind of zero-knowledge method for proving the integrity of computations. Such proofs are less than 300 bytes long and can be verified in only a few milliseconds, and contain the additional advantage of hiding the amount transacted as well. However, unlike Zerocoin, Zerocash requires an initial set up by a trusted entity. Developed by Matthew D. Green, the assistant professor behind the Zerocoin protocol, Zcash was the first Zerocash based cryptocurrency which began development in 2013.

Cryptocurrencies

Zcoin (XZC)

In the late 2014, Poramin Insom, a student in Masters in Security Informatics from Johns Hopkins University wrote a paper on implementing the zerocoin protocol into a cryptocurrency with Matthew Green as faculty member.

Roger Ver Roger Keith Ver (born 27 January 1979) is an early investor in Bitcoin, Bitcoin-related startups and an early promoter of Bitcoin. Ver has sometimes been referred to as "Bitcoin Jesus". He now primarily promotes Bitcoin Cash as Ver sees it as fu ...

and Tim Lee were Zcoin's initial investors. Poramin also set up an exchanged named "Satang" that can convert Thai Baht to Zcoin directly. On 20 February 2017, a malicious coding attack on Zerocoin protocol created 370,000 fake tokens which perpetrators sold for over 400 Bitcoins ($440,000). Zcoin team announced that a single-symbol error in a piece of code "allowed an attacker to create Zerocoin spend transactions without a corresponding mint". Unlike

Ethereum Ethereum is a decentralized, open-source blockchain with smart contract functionality. Ether (Abbreviation: ETH; sign: Ξ) is the native cryptocurrency of the platform. Among cryptocurrencies, ether is second only to bitcoin in market capita ...

during the DAO event, developers have opted not to destroy any coins or attempt to reverse what happened with the newly generated ones. In September 2018, Zcoin introduced the Dandelion protocol that hides the origin IP address of a sender without using a The Onion Router (Tor) or

Virtual Private Network A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...

(VPN). In November 2018, Zcoin conducted the world's first large-scale party elections in Thailand Democrat Party using

InterPlanetary File System The InterPlanetary File System (IPFS) is a protocol, hypermedia and file sharing peer-to-peer network for storing and sharing data in a distributed file system. IPFS uses content-addressing to uniquely identify each file in a global namespace ...

(IPFS). In December 2018, Zcoin implemented

proof, a mining algorithm that deters the usage of

Application-specific integrated circuit An application-specific integrated circuit (ASIC ) is an integrated circuit (IC) chip customized for a particular use, rather than intended for general-purpose use, such as a chip designed to run in a digital voice recorder or a high-efficie ...

(ASIC) in mining coins by being more memory intensive for the miners. This allows ordinary users to use

central processing unit A central processing unit (CPU), also called a central processor, main processor or just processor, is the electronic circuitry that executes instructions comprising a computer program. The CPU performs basic arithmetic, logic, controlling, an ...

(CPU) and

graphics card A graphics card (also called a video card, display card, graphics adapter, VGA card/VGA, video adapter, display adapter, or mistakenly GPU) is an expansion card which generates a feed of output images to a display device, such as a computer moni ...

for mining, so as to enable

egalitarianism Egalitarianism (), or equalitarianism, is a school of thought within political philosophy that builds from the concept of social equality, prioritizing it for all people. Egalitarian doctrines are generally characterized by the idea that all hu ...

in coin mining. On 30 July 2019, Zcoin formally departed from Zerocoin protocol by adopting a new protocol called "Sigma" that prevents counterfeit privacy coins from inflating coin supply. This is achieved by removing a feature called "trusted setup" from the Zerocoin protocol.

Reception

One criticism of zerocoin is the added computation time required by the process, which would need to have been performed primarily by bitcoin miners. If the proofs were posted to the blockchain, this would also dramatically increase the size of the blockchain. Nevertheless, as stated by the original author, the proofs could be stored outside the blockchain. Since a zerocoin will have the same denomination as the bitcoin used to mint the zerocoin, anonymity would be compromised if no other zerocoins (or few zerocoins) with the same denomination are currently minted but unspent. A potential solution to this problem would be to only allow zerocoins of specific set denominations, however, this would increase the needed computation time since multiple zerocoins could be needed for one transaction. Depending on the specific implementation, Zerocoin requires two very large

prime number A prime number (or a prime) is a natural number greater than 1 that is not a product of two smaller natural numbers. A natural number greater than 1 that is not prime is called a composite number. For example, 5 is prime because the only ways ...

s to generate a parameter which cannot be easily factored. As such, these values must either be generated by trusted parties, or rely on RSA unfactorable objects to avoid the requirement of a trusted party. Such a setup, however, is not possible with the Zerocash protocol.

References

External links

* {{Cryptocurrencies Cryptocurrencies Application layer protocols 2013 software Computer-related introductions in 2013 Private currencies