Zerocoin protocol

Last updated

Zerocoin is a privacy protocol proposed in 2013 by Johns Hopkins University professor Matthew D. Green and his graduate students, Ian Miers and Christina Garman. It was designed as an extension to the Bitcoin protocol that would improve Bitcoin transactions' anonymity by having coin-mixing capabilities natively built into the protocol.[ citation needed ] Zerocoin is not currently compatible with Bitcoin.

Contents

History

Due to the public nature of the blockchain, users may have their privacy compromised while interacting with the network. To address this problem, third-party coin mixing service can be used to obscure the trail of cryptocurrency transactions. In May 2013, Matthew D. Green and his graduate students (Ian Miers and Christina Garman) proposed the Zerocoin protocol where cryptocurrency transactions can be anonymized without going through a trusted third-party, by which a coin is destroyed then minted again to erase its history. [1]

While a coin is spent, there is no information available which reveal exactly which coin is being spent. [2] Initially, the Zerocoin protocol was planned to be integrated into the Bitcoin network. [3] However, the proposal was not accepted by the Bitcoin community. Thus, the Zerocoin developers decided to launch the protocol into an independent cryptocurrency. [4] The project to create a standalone cryptocurrency implementing the Zerocoin protocol was named "Moneta". [5] In September 2016, Zcoin (XZC), the first cryptocurrency to implement the zerocoin protocol, was launched by Poramin Insom and team. [6] In January 2018, an academic paper partially funded by Zcoin was published on replacing Proof-of-work system with memory intensive Merkle tree proof algorithm in ensuring more equitable mining among ordinary users. [7] In April 2018, a cryptographic flaw was found in the Zerocoin protocol which allows an attacker to destroy the coins owned by honest users, create coins out of thin air, and steal users' coins. [8] The Zcoin cryptocurrency team while acknowledging the flaw, stated the high difficulty in performing such attacks and the low probability of giving economic benefit to the attacker. [9] In December 2018, Zcoin released an academic paper proposing the Lelantus protocol that removes the need for a trusted setup and hides the origin and the amount of coins in a transaction when using the Zerocoin protocol. [10] [11]

Architecture

Transactions which use the Zerocoin feature are drawn from an escrow pool, where each coin's transaction history is erased when it emerges. [12] Transactions are verified by zero-knowledge proofs, a mathematical way to prove a statement is true without revealing any other details about the question. [13]

Zerocash

On 16 November 2013, Matthew D. Green announced the Zerocash protocol, which provides additional anonymity by shielding the amount transacted. [14] Zerocash reduces transaction sizes by 98%, however was significantly more computationally expensive, taking up to 3.2 GB of memory to generate. [15] [16] More recent developments into the protocol have reduced this to 40 MB.

Zerocash utilizes succinct non-interactive zero-knowledge arguments of knowledge (also known as zk-SNARKs), a special kind of zero-knowledge method for proving the integrity of computations. [17] Such proofs are less than 300 bytes long and can be verified in only a few milliseconds, and contain the additional advantage of hiding the amount transacted as well. However, unlike Zerocoin, Zerocash requires an initial set up by a trusted entity. [18]

Developed by Matthew D. Green, the assistant professor behind the Zerocoin protocol, Zcash was the first Zerocash based cryptocurrency which began development in 2013. [19]

Cryptocurrencies

Zcoin (XZC)

In the late 2014, Poramin Insom, a student in Masters in Security Informatics from Johns Hopkins University wrote a paper on implementing the zerocoin protocol into a cryptocurrency with Matthew Green as faculty member. [20] [21] Roger Ver [6] and Tim Lee were Zcoin's initial investors. [22] Poramin also set up an exchanged named "Satang" that can convert Thai Baht to Zcoin directly. [21]

On 20 February 2017, a malicious coding attack on Zerocoin protocol created 370,000 fake tokens which perpetrators sold for over 400 Bitcoins ($440,000). Zcoin team announced that a single-symbol error in a piece of code "allowed an attacker to create Zerocoin spend transactions without a corresponding mint". [23] Unlike Ethereum during the DAO event, developers have opted not to destroy any coins or attempt to reverse what happened with the newly generated ones. [24]

In September 2018, Zcoin introduced the Dandelion protocol that hides the origin IP address of a sender without using a The Onion Router (Tor) or Virtual Private Network (VPN). [25] [26] In November 2018, Zcoin conducted the world's first large-scale party elections in Thailand Democrat Party using InterPlanetary File System (IPFS). [27] In December 2018, Zcoin implemented Merkle tree proof, a mining algorithm that deters the usage of Application-specific integrated circuit (ASIC) in mining coins by being more memory intensive for the miners. This allows ordinary users to use central processing unit (CPU) and graphics card for mining, so as to enable egalitarianism in coin mining. [28] On 30 July 2019, Zcoin formally departed from Zerocoin protocol by adopting a new protocol called "Sigma" that prevents counterfeit privacy coins from inflating coin supply. This is achieved by removing a feature called "trusted setup" from the Zerocoin protocol. [29]

Reception

One criticism of zerocoin is the added computation time required by the process, which would need to have been performed primarily by bitcoin miners. If the proofs were posted to the blockchain, this would also dramatically increase the size of the blockchain. Nevertheless, as stated by the original author, the proofs could be stored outside the blockchain. [30]

Since a zerocoin will have the same denomination as the bitcoin used to mint the zerocoin, anonymity would be compromised if no other zerocoins (or few zerocoins) with the same denomination are currently minted but unspent. A potential solution to this problem would be to only allow zerocoins of specific set denominations, however, this would increase the needed computation time since multiple zerocoins could be needed for one transaction.[ citation needed ]

Depending on the specific implementation, Zerocoin requires two very large prime numbers to generate a parameter which cannot be easily factored. As such, these values must either be generated by trusted parties, or rely on RSA unfactorable objects to avoid the requirement of a trusted party. [1] Such a setup, however, is not possible with the Zerocash protocol.

Related Research Articles

In cryptography, a zero-knowledge proof is a protocol in which one party can convince another party that some given statement is true, without conveying to the verifier any information beyond the mere fact of that statement's truth. The intuition underlying zero-knowledge proofs is that it is trivial to prove possession of the relevant information simply by revealing it; the hard part is to prove this possession without revealing this information.

Proof of work (PoW) is a form of cryptographic proof in which one party proves to others that a certain amount of a specific computational effort has been expended. Verifiers can subsequently confirm this expenditure with minimal effort on their part. The concept was first implemented in Hashcash by Moni Naor and Cynthia Dwork in 1993 as a way to deter denial-of-service attacks and other service abuses such as spam on a network by requiring some work from a service requester, usually meaning processing time by a computer. The term "proof of work" was first coined and formalized in a 1999 paper by Markus Jakobsson and Ari Juels. The concept was adapted to digital tokens by Hal Finney in 2004 through the idea of "reusable proof of work" using the 160-bit secure hash algorithm 1 (SHA-1).

Non-interactive zero-knowledge proofs are cryptographic primitives, where information between a prover and a verifier can be authenticated by the prover, without revealing any of the specific information beyond the validity of the statement itself. This makes direct communication between the prover and verifier unnecessary, effectively removing any intermediaries.

<span class="mw-page-title-main">Cryptocurrency</span> Digital currency not reliant on a central authority

A cryptocurrency, crypto-currency, or crypto is a digital currency designed to work through a computer network that is not reliant on any central authority, such as a government or bank, to uphold or maintain it.

<span class="mw-page-title-main">Bitcoin protocol</span> Rules that govern the functioning of Bitcoin

The bitcoin protocol is the set of rules that govern the functioning of bitcoin. Its key components and principles are: a peer-to-peer decentralized network with no central oversight; the blockchain technology, a public ledger that records all bitcoin transactions; mining and proof of work, the process to create new bitcoins and verify transactions; and cryptographic security.

<span class="mw-page-title-main">Matthew D. Green</span> American cryptographer and security technologist (born 1976)

Matthew Daniel Green is an American cryptographer and security technologist. Green is an Associate Professor of Computer Science at the Johns Hopkins Information Security Institute. He specializes in applied cryptography, privacy-enhanced information storage systems, anonymous cryptocurrencies, elliptic curve crypto-systems, and satellite television piracy. He is a member of the teams that developed the Zerocoin anonymous cryptocurrency and Zerocash. He has also been influential in the development of the Zcash system. He has been involved in the groups that exposed vulnerabilities in RSA BSAFE, Speedpass and E-ZPass. Green lives in Baltimore, MD with his wife, Melissa, 2 children and 2 miniature dachshunds.

<span class="mw-page-title-main">Ethereum</span> Open-source blockchain computing platform

Ethereum is a decentralized blockchain with smart contract functionality. Ether is the native cryptocurrency of the platform. Among cryptocurrencies, ether is second only to bitcoin in market capitalization. It is open-source software.

A blockchain is a distributed ledger with growing lists of records (blocks) that are securely linked together via cryptographic hashes. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data. Since each block contains information about the previous block, they effectively form a chain, with each additional block linking to the ones before it. Consequently, blockchain transactions are irreversible in that, once they are recorded, the data in any given block cannot be altered retroactively without altering all subsequent blocks.

Monero is a cryptocurrency which uses a blockchain with privacy-enhancing technologies to obfuscate transactions to achieve anonymity and fungibility. Observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.

A decentralised application is an application that can operate autonomously, typically through the use of smart contracts, that run on a decentralized computing, blockchain or other distributed ledger system. Like traditional applications, DApps provide some function or utility to its users. However, unlike traditional applications, DApps operate without human intervention and are not owned by any one entity, rather DApps distribute tokens that represent ownership. These tokens are distributed according to a programmed algorithm to the users of the system, diluting ownership and control of the DApp. Without any one entity controlling the system, the application is therefore decentralised.

<span class="mw-page-title-main">Zcash</span> Cryptocurrency aimed at privacy

Zcash is a privacy-focused cryptocurrency which is based on Bitcoin's codebase. It shares many similarities, such as a fixed total supply of 21 million units.

<span class="mw-page-title-main">Firo (cryptocurrency)</span> Cryptocurrency

Firo, formerly known as Zcoin, is a cryptocurrency aimed at using cryptography to provide better privacy for its users compared to other cryptocurrencies such as Bitcoin.

<span class="mw-page-title-main">Verge (cryptocurrency)</span> Cryptocurrency

Verge Currency is a decentralized open-source cryptocurrency which offers various levels of private transactions. It does this by obfuscating the IP addresses of users with Tor and by leveraging stealth transactions making it difficult to determine the geolocation of its users.

A blockchain is a shared database that records transactions between two parties in an immutable ledger. Blockchain documents and confirms pseudonymous ownership of all transactions in a verifiable and sustainable way. After a transaction is validated and cryptographically verified by other participants or nodes in the network, it is made into a "block" on the blockchain. A block contains information about the time the transaction occurred, previous transactions, and details about the transaction. Once recorded as a block, transactions are ordered chronologically and cannot be altered. This technology rose to popularity after the creation of Bitcoin, the first application of blockchain technology, which has since catalyzed other cryptocurrencies and applications.

MobileCoin is a peer-to-peer cryptocurrency developed by MobileCoin Inc., which was founded in 2017 by Josh Goldbard and Shane Glynn.

StarkWare Industries is an Israeli software company that specializes in cryptography. It develops zero-knowledge proof technology that compresses information to address the scalability problem of the blockchain, and works on the Ethereum platform. In May 2022, the company's estimated value was $8 billion, an increase from $2 billion six months earlier.

Eli Ben-Sasson is an Israeli computer scientist known for his work on zero-knowledge proofs. He is also the co-founder and CEO of StarkWare Industries, and a former professor at Technion.

Alessandro Chiesa is an Italian computer scientist. He is an associate professor at École Polytechnique Fédérale de Lausanne (EPFL), and a now-adjunct professor at University of California, Berkeley. He has contributed to the field of zero-knowledge proofs, and was a co-founder of Zcash and StarkWare Industries.

Eran Tromer is a professor of computer science at Boston University. His research focuses on information security, cryptography and algorithms. He is a founding scientist of Zcash.

References

  1. 1 2 Miers, Ian; Garman, Christina; Green, Matthew; Rubin, Aviel D. (May 2013). Zerocoin: Anonymous Distributed E-Cash from Bitcoin (PDF). 2013 IEEE Symposium on Security and Privacy. Security and Privacy, 2008. Sp 2008. IEEE Symposium on. IEEE Computer Society Conference Publishing Services. pp. 397–411. doi:10.1109/SP.2013.34. ISSN   1081-6011.
  2. Morgen, E Peck (24 October 2013). "Who's Who in Bitcoin: Zerocoin Hero Matthew Green". IEEE Spectrum. Archived from the original on 4 September 2014. Retrieved 6 August 2018.
  3. Janus, Kopfstein (23 April 2013). "Gold 2.0: can code and competition build a better Bitcoin?". Ther Verge. Archived from the original on 20 June 2018. Retrieved 7 August 2018.
  4. Carrie, Wells (1 February 2014). "Hopkins researchers are creating an alternative to Bitcoin". The Baltimore Sun. Archived from the original on 27 November 2017. Retrieved 7 August 2018.
  5. "Moneta - Engineering an ideal cryptocurrency". Moneta.cash. Archived from the original on 3 February 2015. Retrieved 11 August 2018.
  6. 1 2 "Cryptocurrency Zcoin Have Just Released 'French Drop' Their Best Privacy Update Yet". Business Insider. Zcoin team. 1 March 2018. Archived from the original on 7 August 2018. Retrieved 7 August 2018.
  7. Alex, Biryukov; Dmitry, Khovratovich (2016). "Egalitarian computing". arXiv: 1606.03588 [cs.CR].
  8. Tim, Ruffing; Sri Avavinda, Krishnan; Viktoria, Ronge; Dominique, Schröder (12 April 2018). "A Cryptographic Flaw in Zerocoin (and Two Critical Coding Issues)". Chair of Applied Cryptography. Germany: University of Erlangen-Nuremberg . Retrieved 9 September 2018.
  9. Reuben, Yap. "A statement on the paper "Burning Zerocoins for fun and profit"". Zcoin.io. Archived from the original on 9 September 2018. Retrieved 9 September 2018.
  10. "Lelantus: Private transactions with hidden origins and amounts based on DDH" (PDF). Zcoin. Archived from the original (PDF) on 20 December 2018. Retrieved 29 December 2018.
  11. Aram, Jivanyan (7 April 2019). "Lelantus: Towards Confidentiality and Anonymity of Blockchain Transactions from Standard Assumptions". Cryptology ePrint Archive (Report 373). Retrieved 14 April 2019.
  12. "What You Need To Know About Zero Knowledge". TechCrunch. 7 February 2015. Retrieved 21 December 2018.
  13. "Can This Man Build a Better Bitcoin?". Fortune. Archived from the original on 18 December 2017. Retrieved 21 December 2018.
  14. Matthew D. Green [@matthew_d_green] (16 November 2013). "We designed a new version of Zerocoin that reduces proof sizes by 98% and allows for direct anonymous payments that hide payment amount" (Tweet). Retrieved 16 September 2015 via Twitter.
  15. "Zcash Integration Guide - Zcash". Zcash. Retrieved 26 November 2018.
  16. Eli Ben, Sasson; Alessandro, Chiesa; Christina, Garman; Matthew, Green (18 May 2014). "Zerocash: Decentralized Anonymous Payments from Bitcoin". 2014 IEEE Symposium on Security and Privacy. 2014 IEEE Symphosium and Security. pp. 459–474. CiteSeerX   10.1.1.649.4389 . doi:10.1109/SP.2014.36. ISBN   978-1-4799-4686-0. S2CID   5939799.
  17. Ben-Sasson, Eli; Chiesa, Alessandro; Tromer, Eran; Virza, Madars (2014). "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture". USENIX Security.
  18. "What You Need To Know About Zero Knowledge". TechCrunch. 7 February 2015. Retrieved 19 December 2018.
  19. Popper, Nathaniel (November 2016). "Zcash, a Harder-to-Trace Virtual Currency, Generates Price Frenzy". The New York Times. Retrieved 26 November 2018.
  20. Reuben, Yap. "An Interview with Poramin Insom, Zcoin's lead developer and founder". zcoin.io. Archived from the original on 24 August 2018. Retrieved 8 September 2018.
  21. 1 2 Ezra Kryill, Erker (4 April 2019). "Cyberwarfare to cryptocurrency". Elite Plus Magazine. Archived from the original on 5 May 2019. Retrieved 5 May 2019.
  22. Reuben, Yap. "A message from our new investor in Zcoin, Tim Lee". Archived from the original on 29 December 2017. Retrieved 13 August 2018.
  23. Osborne, Charlie. "The risky business of bitcoin: High-profile cryptocurrency catastrophes". ZDNet. Retrieved 21 December 2018.
  24. Rob, Price (20 February 2017). "A single typo let hackers steal $400,000 from a bitcoin rival". Business Insider. Archived from the original on 11 August 2018. Retrieved 11 August 2018.
  25. Jintana, Panyaarvudh (15 December 2018). "The distributed passion of a crypto pioneer Insom". The Nation (Thailand). Archived from the original on 15 December 2018. Retrieved 1 January 2019.
  26. "Zcoin is the first cryptocurrency to implement Dandelion privacy protocol". finder.com.au. 4 October 2018. Archived from the original on 2 January 2019. Retrieved 1 January 2019.
  27. Jintana, Panyaarvudh; Kas, Chanwanpen. "Reliable voting TECHNOLOGY". The Nation (Thailand). Archived from the original on 3 December 2018. Retrieved 29 December 2018.
  28. "Zcoin Moves Against ASIC Monopoly With Merkle Tree Proof". Finance Magnates. 6 December 2018. Archived from the original on 6 December 2018. Retrieved 29 December 2018.
  29. Andrew, Munro (30 July 2019). "Zcoin cryptocurrency introduces zero knowledge proofs with no trusted set-up". Finder Australia. Archived from the original on 30 July 2019. Retrieved 30 July 2019.
  30. Peck, Morgan E. (24 October 2013). "Who's who in Bitcoin: Zerocoin hero Matthew Green". IEEE Spectrum. Institute of Electrical and Electronics Engineers. ISSN   0018-9235 . Retrieved 31 January 2014.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.