Zcash — privacy, attestations, and the power of defaults

State of Play

Privacy and Anonymity of Zcash

There are two kinds of addresses in Zcash, T- addresses, and Z-addresses. From Kappos et-al UCL https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-kappos.pdf

Image for post

Transactions within this shielded pool are private (and can be viewed only by a per-transaction viewkey).

Problem is, very few people transact via the shielded pool. Here is a graph by researchers from the University of Luxembourg https://cryptolux.org/images/d/d9/Zcash.pdf

Image for post

Less than 1% of transactions are fully shielded.

Implications of Control

The Rand report commissioned by Electric Coin Company states that

Clear branding of Zcash and the ECC as compliant with
relevant regulations could reduce the incentives for its
use in illicit purposes in contrast to other privacy coins.127
Signalling compliance with AML/CFT regulation may be a
key factor in differentiating Zcash from other privacy coins
in the minds of criminal actors and refuting the reputation
of privacy coins such as Zcash for harbouring illicit

From the RAND report

So one of the factors for non-illicit-ness of Zcash transactions comes from compliance signaling by the ECC. The ECC could update wallets or the protocol to use z-addresses easily.

To preserve current transaction levels, Zcash ( via The Electric Coin Company or the Foundation) would have to ensure exchanges let people transact via the shielded pool.

Forces acting on Privacy Coins

Blockchain native tokens with privacy as a key feature suffer from a dilemma –

  • If transactions are truly private — then categorizing illicit transactions is difficult
  • If any entity can truly differentiate(at scale) illicit vs licit transactions, then they are not truly private.

Zcash tries to get around this problem by having a shielded pool and view keys that enable users to comply with regulations while not being susceptible to mass surveillance.

The fact that most people choose to transact in public, does not make Zcash(the protocol) in theory any more or less private. In practice, however, the bigger the set of people transacting in public, the less private the network appears to be.

Red teaming this report

If I want to transact in illicit things, I would like the following

  • The transaction to be known to as few parties as possible.
  • The proceeds are easily convertible to FIAT money directly or via other tokens.

So assuming I want to use Zcash, I would like to transact via the shielded pool and convert to fiat.

There are no exchanges that let me trade my shielded pool z-cash to fiat, and as we have seen from Kappos et-al, once I transact away from the shielded pool, I can be tracked.

As soon as exchanges start allowing completely shielded transactions and connections to fiat, the use of Zcash for illicit transactions will increase.

If I wanted to prove Zcash is not being used for illicit transactions, the best way to do it would be to assign a purity metric to each transaction and show that there no illicit transactions. If Zcash can successfully show that for shielded transactions, then their privacy use-case is invalidated.

The analysis done here is to look up two databases that RAND has, as concerns dark markets, and searches them for Zcash addresses and mentions of Zcash on the forums.

That leaves behind all the P2P shielded transactions occurring on locations, not on the RAND database.

It also does not explore the use of blockchain tokens is primarily for speculation.

What it correctly points out is that a multitude of factors mostly to do with usability and signaling affect the illicit nature of Zcash. These same factors also affect regular usage of Zcash.

If Zcash is too difficult for people who have shown the motivation to use a privacy coin for illicit users, how will a regular person make use of its privacy features?

To whose benefit this all this?

Zcash’s two-tier privacy system is great for

  • Messaging as “privacy coin” — you want to transact in private, use our shielded pool that you cannot exit to fiat with, and is too difficult for even criminals.
  • Signaling compliance via the majority of transactions that happen in the public.

Why commission a report to quell rumors of illicit use when that report says your privacy coin is not being used by criminals because it is too difficult to keep transactions private?

Did Zcash’s price or transaction count move significantly on either the Chainalysis news or the RAND report? No.

They had to do it because their USP (whether valid or not) is an orientation towards privacy.

Subscribers are reading

Understanding the business and strategy of the blockchain space.