Summary: Privacy Work In Cryptocurrencies

I have never done this before, but I am going to publish someone else’s work. This work is an excerpt from an academic paper. The past few days I was on two long flights and I had CoinShuffle++ printed out to reread it. This was the first time I paid full attention to every single concept presented and every single word written, and I am still digesting it. The end of the paper gives a summary on most notable privacy work in cryptocurrencies up until 2016–2017. Without further ado:

Tim Ruffing, Pedro Moreno-Sanchez, Aniket Kate

NDSS ’17, 26 February — 1 March 2017, San Diego, CA, USA Copyright 2017 Internet Society, ISBN 1–891562–46–0


We give an overview of the literature on privacy-preserving protocols for crypto-currencies. Related work for P2P mixing protocols is discussed throughout the paper.

A. Tumblers

A tumbler provides a backwards-compatible centralized mixing service to unlink users from their funds: several users transfer their funds to the tumbler, which returns them to the users at fresh addresses. The main advantage of a centralized approach is that it scales well to large anonymity sets, because the anonymity set is the set of all users using the service in some predefined time window. However, by using these services naively, a user must fully trust the tumbler: First, anonymity is restricted towards external observers, i.e., the mixing service itself can still determine the owner of the funds. Second and more important, the users have to transfer their funds to the tumbler, which could just steal them by refusing to return them.

  1. Accountable Tumblers: Mixcoin mitigates the second problem by holding the tumbler accountable if it steals the funds, but theft is still possible. Blindcoin improves upon Mixcoin in that the tumbler additionally cannot break anonymity. [nopara73’s note: ZeroLink’s Chaumian CoinJoin mixing could be inserted here here, in that case the mixer is not accountable, but untrusted, so that is the main improvement there on Blindcoin. However ZeroLink is more than its recommended mixing technique, it is a complete privacy framework that can be used also with Mixcoin, Blindcoin, TumbleBit, CoinShuffle and CoinShuffle++, I just often have to simplify and incorrectly refer to the mixing technique as ZeroLink.]

B. Other P2P Mixing Approaches

In CoinParty, a set of mixing peers is used to mix funds of users. It is assumed that 1/3 of the mixing parties are honest. This trust assumption is not in line with the philosophy of Bitcoin, which works in a P2P setting without strong identities, where Sybil attacks are easily possible.

CoinShuffle++, instead, does not make any trust assumption on the mixing participants, except that there must be two honest peers, which is a fundamental requirement for any protocol providing anonymity. Xim improves on its related previous work in that it uses a fee-based advertisement mechanism to pair partners for mixing, and provides evidence of the agreement that can be leveraged if a party aborts. Even in the simple case of a mixing between two peers

Xim requires publishing several Bitcoin transactions in the Bitcoin blockchain, which takes on average at least ten minutes for each transaction.

In contrast, CoinShuffle++ requires to submit a single transaction to the Bitcoin blockchain independently on the number of peers.

C. Privacy-preserving Crypto-currencies

Bitcoin is by far the most widespread crypto-currency and will most probably retain this status in the foreseeable future, so users are in need of solutions enhancing privacy in Bitcoin. Nevertheless, several promising designs of crypto-currencies with built-in privacy features are available.

  1. Zerocoin and Zerocash: Zerocoin and its followup work Zerocash, whose implementation Zcash has been deployed recently [4], are crypto-currency protocols that provide anonymity by design. Although these solutions provide strong privacy guarantees, it is not clear whether Zcash will see widespread adoption, in particular given its reliance on a trusted setup due to the use of zkSNARKS.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store