The Privacy Coin Landscape

Nico Porter

//
July 14, 2020

A Look Behind the Curtain: Privacy Coins

Movie fans are certainly familiar with the scene in classic film The Wizard of Oz in which Dorothy and her companions are facing the intimidating spectacle of the Wizard in the Emerald City.  The Wizard’s grandiose image bellows while fire and smoke shoot from the stage as he attempts to scare off the troop who are looking for help returning home.  Dorothy’s dog Toto scampers up toward the magnificent, all-powerful wizard and pulls back a curtain to reveal an ordinary man orchestrating the spectacle; pulling levers, flipping switches and broadcasting the Wizard’s aggrandized voice through a microphone.

The mining of the Genesis Block of Bitcoin over a decade ago was not a grand, special-effect laden ceremony - there were no flying monkeys or munchkins in attendance.  However, it was a landmark moment in the history of money.

Computer scientists, cypherpunks and a wide range of advocates and activists had been theorizing, modeling, and developing protocols in pursuit of a currency or monetary system that guarantees individuals’ privacy and sovereignty over their assets.

Bitcoin is an indispensable, yet partial, realization of that dream as it empowers individuals to use a provably scarce asset to store value and conduct trustless, permission-less transactions across global borders on a secure, open and censorship resistant network.

Bitcoin is strong and getting stronger everyday. As has been shown through experience, as the general crypto markets strengthen so does Bitcoin. The MWC Team sees Bitcoin and MWC as complimentary monetary products that enable greater monetary sovereignty.  As MWC strengthens it will only strengthen Bitcoin. Bitcoin holders, even if they hold no MWC, have nothing to fear and much to gain from the existence of MWC.

However, with Bitcoin all addresses, transactions and amounts are publicly available on the blockchain. Fuschbauer wrote, "Despite some common misconception, Bitcoin offers a very weak level of privacy."

Satoshi Nakomoto discussed this issue in Section 10 of the Bitcoin Whitepaper.  Like Dorothy and friends followed the yellow brick road to the Emerald City, Satoshi Nakamoto’s Bitcoin protocol became a trackable “digital gold” superhighway that introduced the world to blockchain and cryptocurrency.

Bitcoin has proven to be the most secure public ledger ever created but it is not a very good product for the privacy use case.  Once you “pull back the curtain” on Bitcoin’s publicly transparent design, a use case for anonymity or even pseudo-anonymity comes into question. The use of public keys to document transactions along with other design elements required to ensure verification and audit-ability are vulnerabilities to user privacy.

A whole industry has emerged to provide blockchain forensic analysis to governments, regulators and institutions hoping to conduct general dragnet surveillance, detect illegal activities and tax evasion.  These companies can also profit by selling user data gleaned from totally legitimate and legal transactions on the network.  Sophisticated algorithms can analyze and trace Bitcoin addresses on the immutable blockchain to specific websites and individuals.

For example, Coinbase CEO Brian Armstrong recently came under attack, some of it incoherent, because Coinbase Analytics is selling data and information to government entities like the U.S. Secret Service, Department of Homeland Security, IRS, DEA and likely others.

This has led to significant discussion about adding privacy features to Bitcoin, Litecoin and the creation of other solutions like privacy coins Monero and Zcash. There are even grants being given to develop some solutions.

Blockstream Chief Strategy Officer Samson Mow said, "Money needs to be private and fungible in order for it to be a 'good' money. With Bitcoin, every transaction is open for anyone to see, so we still have a lot of work to do to get it there. Without privacy and fungibility, money can be used as a tool for oppression or financial surveillance. Bitcoin is the future of money and the future of money shouldn’t be Orwellian."

Twitter poll by Litecoin Founder Charlie Lee

If one is interested in market research then that poll by Charlie Lee in August 2018 provides some helpful data about what customers of blockchain products are interested in. However, not everyone is interested in privacy features. And with Bitcoin being governed by consensus the 22.5% that do not want to see privacy features added are a very large and significant block. Consequently, it is not surprising that potential features like Schnorr Signatures, Taproot, etc. have not been implemented yet. And with Bitcoin ossification increasing everyday there is a chance they never will.

We have financial independence that enables free time to tinker and possess the skills needed to write code so why not put them to use producing a product to serve humanity.

The MWC Team's entire product development philosophy is encapsulated in six words: we build products we want ourselves.

Among the MWC Team, our singular purpose is financial security and monetary sovereignty for all. We are monetary sovereignty maximalists. Together, we innovate to prepare for an uncertain future. Our team finds virtue in our purpose.  There is no finite end. There is no winning. There’s not even any competition. There is only progress towards realizing and extending monetary sovereignty, or not. There’s only helping people have the choice to gain more monetary sovereignty, or not.

Speaking of Flying Monkeys, Isn’t Privacy for Criminals and Bad Actors

What is behind the pursuit of anonymity and privacy in the crypto space?  A common narrative is that crypto’s decentralized, borderless and semi-anonymous characteristics are desirable to facilitate illegal activity such as cross-border drug dealing, blackmail, money laundering, and human trafficking over the dark web.  The 2014 FBI bust of the black market website Silk Road which utilized Bitcoin as a payment method certainly validated this reputation.

More recent analysis seems to disprove this notion however.  A 2020 study by the firm Chainalysis, Crypto Crime Report, found that illicit activity only accounts for about 1 percent of all Bitcoin transactions.  Further, the dollar value of this use is positively minute when compared to the use of cash US Dollars or Euros in illegal activity.

The desire to maintain privacy is basic to human nature, desirable for businesses and a necessity for maintaining personal safety.  In a 1952 Supreme Court case involving individual rights in a public space, Justice William O. Douglas stated “The right of privacy is a powerful deterrent to any one who would control men’s minds.”

Douglas’ sentiment presaged the difficulties in managing individual’s privacy and identity in the Information Age.  Thousands of pages of guidelines and legislation have been written in an attempt to protect individuals from hackers, identity thieves and even the prying eyes of massive social media and commerce companies like Google, Facebook and Amazon.  Data breaches involving entities such as Equifax, Yahoo, Marriott and even the Internal Revenue Service have exposed the private details of over 3 billion people.

Banks and financial companies are some of the most obvious targets of privacy intrusion because, as the famous crook Willie Sutton allegedly said “...that’s where the money is.”

As the value of Bitcoin and other tokens have risen, the cryptocurrency space has become a more tempting target for criminals.  It is more profitable to apply the expensive and sophisticated hardware and software that is required to steal digital assets as market capitalization increases.  Further, crypto’s decentralized nature makes it much harder to trace once it is stolen, increasing the chances for thieves to make crime pay.

Large hodlers that make frequent transactions can be identified via blockchain forensics and targeted with any number of technical or even physical attacks.  Businesses that accept crypto payments need privacy to protect customer identities and to shield themselves from the eyes of unethical competitors, interested in learning about their manufacturing, pricing or sales strategies.

It’s apparent that the best way to protect one’s data is to never have it appear in the first place. An ounce of prevention is worth a pound of cure.

Keeping the Curtains Closed: Privacy Tokens Amongst the Altcoins

Over the past decade, developers have introduced thousands of “Bitcoin alternative” cryptocurrencies, broadly known as “altcoins.”   Typically these were created to purchase goods or services offered by the issuer (utility coins) or to address specific issues such as price volatility (stable coins) or, of course, privacy.  Developers employ a variety of scripting languages, consensus algorithms, transaction organization schemes, security protocols, and other tools to define and differentiate these projects.

Privacy coins were developed to provide users with an anonymous and untraceable alternative protocol to Bitcoin. Most of the coins utilize a public ledger like Bitcoin.  However, developers have created a number of methods to obfuscate users’ identities from their wallets and to discourage blockchain forensic analysis from piecing together transactional activity.  The most common algorithms that have been employed to date include stealth addresses, ring signatures, ring confidential addresses (RingCT), CoinJoin,  zk-SNARKs and MimbleWimble.  A basic description of these technologies and some of the privacy coins that employ them will follow.

Bitcoin remains by far the most most successful and valuable cryptocurrency, holding about 65% of the total crypto market capitalization of $277 billion (as of the time of this writing). There are 8,500 different altcoins currently in circulation according to Nomics.  However, only 2,800 are actively traded and most have insignificant trading volumes and market capitalizations.

The 80 different privacy coins in circulation currently account for just over 1% of the total crypto market capitalization according to Cryptoslate.  The top privacy coins, in market value order, are Monero, Dash, ZCash, MWC, Komodo and Verge. With a combined value of over $2.4 billion these 6 represent about 95% of the total privacy coin market.  It should be noted that Dash and ZCash, and some other altcoins, offer users optional privacy functions when executing transactions but are sometimes classified as a privacy and sometimes not. And the IRS recently asked the public for a Request for Information about privacy coins.

So, while there is a lot of noise made about wanting privacy the market capitalizations tell a different story about true demand.

A Quick Summary of the Underlying Technology Used in Leading Privacy Coins

As previously mentioned, there are several algorithms that privacy coins employ to conceal user and transaction information.  Before we take a look at the pros and cons of the major privacy coins, it makes sense to describe the workings of these privacy protocols. These technologies are all mathematically complex and are only presented here in a highly superficial manner.

Stealth address technology is utilized to keep a transaction’s destination address and the receiver’s identity secret.  This is accomplished by using randomly generated addresses that are only used one time.  The entity that signs a transaction can be protected by the use of ring signatures, anonymous digital signatures created by a group whose members each have a unique public and private key combination. The sender uses their private key and the public keys of the rest of the group to create the ring signature which obscures the identity of the member that created the signature.

RingCT technology adds yet another layer of obscurity by hiding the amount of a transaction.  This is basically accomplished by breaking down the user’s transaction into smaller sizes, mixing those amounts with identical amounts from other transactions.  It is then impossible to differentiate the specific amounts sent by each user.

CoinJoin technology was an early privacy protocol designed by Greg Maxwell.  It obscures the amounts of individual transactions by having both sides of a transaction create a joint transaction that is then broken up into smaller sizes. Other users’ transactions are combined thus creating a large “anonymity set.”  The protocol matches up users and produces a jointly signed transaction out of funds from each of the users’ wallets.  By mixing multiple transactions together, it is virtually impossible to correlate the inputs and outputs to any particular user. This provides obfuscation but does still reveal a CoinJoin was engaged and some exchanges do not accept CoinJoined deposits. There are several variations of this protocol including Private Send, CoinSwap and CashShuffle.

The security technology cleverly dubbed zk-Snarks (Zero Knowledge Succinct Non-Interactive Argument of Knowledge) employs a well-known cryptographic hash known as a zero knowledge proof.  Each side of a transaction is able to verify that they know a certain set of information without revealing the details of that set of information. Miners are able to verify transactions without knowledge of the sender or the receiver.

Harry Potter fans will recognize the origin of the MimbleWimble protocol’s moniker.   The tongue-tying curse in the story prevented anyone from sharing a secret.  The technology is a new form of cryptography that employs elliptic curves.

The system is very efficient and extremely scalable.  The data storage requirements of the network are very small since there are no addresses on the blockchain. The network’s efficiency is also aided by the use of multi-signatures (“confidential transactions”) rather than the numerous inputs and outputs of the UTXO model of Bitcoin.  Addresses are replaced by a “binding factor” which is an encryption of the inputs and outputs of a transaction plus the participants’ public and private keys - it is shared as a secret between the two counter-parties.   There are several other unique functions involved with ensuring the anonymity, scalability and efficiency of this system as well as providing proof of scarcity.

In the 2018 paper titled Aggregate Cash System: A Cryptographic Investigation of Mimblewimble, Fuchsbauer, et. al. concluded, "In this paper, we provide a provable-security analysis for Mimblewimble. We give a precise syntax and formal security definitions for an abstraction of Mimblewimble that we call an aggregate cash system. We then formally prove the security of Mimblewimble in this definitional framework. Our results imply in particular that two natural instantiations (with Pedersen commitments and Schnorr or BLS signatures) are provably secure against inflation and coin theft under standard assumptions."

The Top 6 Privacy Coins by Market Capitalization

Moving on and now armed with just enough information to be dangerous, it’s time to learn a bit about the important players in the privacy coin arena.  Each has its own advocates and critics but ultimately the market will decide the success of each.  The coins are listed here in order of current market capitalization.

Monero (XMR) is the privacy coin beast and is a tremendously powerful product for extending monetary sovereignty and is developed by a fine team. It first appeared in 2014 as a fork of ByteCoin and is the most well known and most valuable of the privacy coins.  With a market cap of about $1.2 billion and more than 10,000 transactions per day, Monero is ranked number 16 amongst all cryptocurrencies trading today, is the number six proof of work coin and number one privacy coin.  Monero’s blockchain was designed to obscure transactions and incorporates technologies including stealth addresses, ring signatures, and RingCT.  It is open source and employs a proof of work consensus algorithm.

The Monero community is currently debating several issues regarding network scalability.  These include the complexity of Monero’s code and the large size of transactions and the blockchain.  These issues hinder the integration of Monero into cryptocurrency exchanges and service providers and therefore curb its adoption and market liquidity.  The scalability constraints limit the number of possible daily transactions to a similar level as Bitcoin.

Dash (DASH) is typically known for its high speed and low cost payment features.  In fact its name is a clever amalgam of “digital cash.”  It is a widely held coin and has a current market value of about $670 million which places it as the eighth largest proof of work coin.  Dash allows users to opt in to its privacy feature and it’s widely accepted so it was included in this summary.

Dash makes use of the Private Send protocol, a variation of CoinJoin.  It is an open source cryptocurrency that was forked from Litecoin.  It partly employs a proof of work consensus but also relies on proof of stake.  Dash is governed by a decentralized autonomous organization (DAO) of users that own at least 1,000 DASH and run masternodes on the blockchain.

Dash’s privacy features are disparaged by many due to the fact that the Private Send protocol relies on the masternodes for implementation.  Users must entrust their privacy to the masternodes since they are responsible for collecting the coins from different users, mixing the transactions and then sending the coins on to their destination.

ZCash (ZEC) has a market cap of $580m, is the 9th largest proof of work coin and second largest privacy coin. It employs opt in privacy with the zero-knowledge proof known as zk-SNARKs to encrypt and obfuscate the addresses of both sides of a transaction as well as the transaction amount.  Zcash evolved from one of the early privacy projects, Zerocoin, runs on its own blockchain and is based on the Bitcoin protocol.

Supposedly, total supply is limited to 21 million ZEC but that is not provable as ZCash had a hidden inflation bug that could have operated undetected.  The blockchain relies on proof of work consensus.

Use of the zk-SNARKs privacy feature is optional. Users can opt to send transparent transactions that look very much like Bitcoin transactions.  Interestingly, the privacy features are not activated by default and only about 2% of transactions on the network actually utilize the privacy feature. The New York Department of Financial Services authorized Geminin to trade Zcash.

The computational complexity behind the privacy protocols make ZEC transactions relatively slow and expensive to execute.  As mentioned above, there is some alarming controversy surrounding the actual supply of ZEC.  In 2018 the development team noticed a flaw in the zero proof protocol that would have allowed a hacker to create an infinite number of ZEC without being detected.  It is impossible to tell if any “fake” ZEC were created in the eight months that the vulnerability went undetected.  According to Fortune.com,   “The Zcash team…conceded that it cannot be absolutely certain that the vulnerability wasn’t exploited.”  The uncertainty around this issue has likely weighed on the coin’s usage and market value.

MimbleWimble Coin (MWC) is a proof of work coin that runs on the base layer of the MimbleWimble protocol.  It is an open-source cryptocurrency and has a provable supply cap of 20 million MWC.  The protocol employs the CoinJoin protocol utilizing Confidential Transactions and signature aggregation.

Launched in late 2019, it is the newest coin on this list and carved out its place by going through market process starting with a market cap of less than $2m in early December 2019 to about $170 million currently. That is about 3.5x the combined market cap of the other two MimbleWimble based coin product offerings GRIN, $22m, and BEAM, $25m. 

The initial MWC stock was primarily created and distributed via airdrop to Bitcoin holders. And it was widely publicized and successful being one of the largest airdrops in history with over 148,000 BTC registered.

Nick Szabo in 2019 encouraging use of Monero and commenting about MimbleWimble technology.

As there are no addresses, transaction amounts, or intermediary inputs or outputs, all transactions are indistinguishable from each other.  Outside parties only see random data on the blockchain.  The fungibility of MWC is greatly enhanced relative to other privacy coins due to the fact that the unique transaction history is not recorded to the blockchain.

Additionally, to increase privacy of location the MWC Team has implemented TOR transaction support and TOR outbound connections in the QT wallet which requires no user setup and plans to implement other privacy features.

The usual tradeoff in security assumptions between scalability, scarcity and privacy are resolved in the Fuchsbauer paper, making Mimblewimble demonstrably the objectively superior technology for the ghost money application.

Komodo (KMD) is an open source cryptocurrency, forked from ZCash, that provides privacy by utilizing zero knowledge proofs. The market value of KMD has been mired around $95mm, likely because the market has struggled to develop valuable decentralized applications (DAPs) or smart contracts that require the use of protocols such as Komodo.

It employs a combination of proof of work and proof of stake for consensus but also introduces delayed proof of stake (dPoW) to enhance user security.  Komodo is a multi-chain platform as the dPoW function writes the Komodo blocks onto the Bitcoin blockchain.  This process greatly inhibits attackers because any change made to the Komodo blockchain would have to be replicated on the Bitcoin blockchain.  The main driver behind Komodo’s value is that it allows developers and businesses to create unique, specifically customized blockchains that are protected with Bitcoin.

Finally there is Verge (XVG), with a current market cap of about $92 million. It is an open source cryptocurrency that relies on the anonymity tools TOR and I2P to conceal the IP addresses of the users. The use of the privacy tools is optional however and transparent transactions are numerous on the network.  Supply is capped at 16.5 billion XVG.  It utilizes a proof of work for consensus however it allows 5 different mining algorithms to be used.  Developers upgraded Verge with the Wraith protocol which is an enhanced stealth addressing system.  Users are given the option of using either a public or a private ledger for Verge transactions.

Verge has experienced some bumps in the road through its history.  Multiple vulnerabilities in the code underlying Verge’s use of multiple-algorithm consensus and sloppy patches to the code once the weaknesses were discovered, made XVG very susceptible to attack. It was forced to fork in 2018 after a pair of 51% attacks were launched and nearly $2 million of XVG was stolen.  The early coding errors and the anonymity of the team behind the project has harmed the coin’s reputation and value since.  Verge also suffered from rumors that John McAffee was blackmailing the project team. The crypto industry seems to love drama.

As Far as Individual Privacy Goes, We’re Not in Kansas Anymore

One of the most quoted lines from The Wizard of Oz was spoken by the innocent farm girl, Dorothy, upon her arrival in the fantastic, magical Land of Oz:  “Toto, I have a feeling we’re not in Kansas anymore.”  This simple observation neatly summarizes the sentiment of individuals in today’s digital world, overwhelmed by the growing lack of privacy and fearful of their ability to retain control and sovereignty over their digital assets.

The ubiquitous nature of the Internet, digital commerce, and social media in everyday life has opened a myriad of avenues for outsiders and bad actors to gain access to private conversations, medical records, financial information and assets.  Privacy and monetary sovereignty have been key objectives in the crypto world since the very beginning and the development of technological tools to achieve those goals is constant.

As the value of crypto assets has sky-rocketed in recent years, the prevalence of attacks, hacks and scams has taken a similar trajectory.  Developers have come up with a number of ingenious solutions to better shield users’ private information and protect the integrity of transactions.

The emergence of coins focused on privacy is a natural evolution of these efforts to provide consumers products that help fulfill their desires and there are over 80 different options to choose from currently.  Many privacy coins suffer from poor scalability, ease of use and fungibility as developers have sacrificed chain efficiency by layering on programs to gain greater opacity and to limit the tracing of transactions.  This is particularly true in the case of some of the older coins such as Monero, ZCash and Komodo.

The protocols have become well known enough that blockchain forensic algorithms have been effectively deployed on some blockchains. The firm Chainalysis, whose clients include the US government, announced just recently that its products can be used to trace a transaction on the ZCash and Dash networks. There have been significant amounts of research done on Monero traceability including weaknesses and potential solutions.

Some of the most exciting technology to emerge in the space recently is the MimbleWimble protocol.  Compared to legacy blockchain technology, this new streamlined technology enables tremendous scalability improvements while also delivering absolute anonymity and fungibility on the blockchain with high speed and low-cost transaction processing.

The MWC Roadmap has users being able to send and receive transactions using a full node where all inbound and outbound connections go through TOR and from anywhere via a mobile phone.  And atomic swaps. And a whole lot more. This combination of technological tools will guarantee peer to peer anonymity and fungibility for users whether they be in Hong Kong, Kansas or Munchkinland.

To reiterate, the MWC Team's entire product development philosophy is encapsulated in six words: we build products we want ourselves.

Among the MWC Team, our singular purpose is financial security and monetary sovereignty for all. Together, we innovate to prepare for an uncertain future. Our team finds virtue in our purpose. There is no finite end. There is no winning. There’s not even any competition. There is only progress towards realizing and extending monetary sovereignty, or not. There’s only helping people have the choice to gain more monetary sovereignty, or not.