Cryptocurrencies record all transactions in a distributed public ledger called blockchain, therefore exposing their entire history of transactions to the public. Bitcoin transactions, in particular, have been thoroughly studied, and shown to be vulnerable to deanonymization through both passive network analysis as well as side channel attacks. In recent years, there have been many coins emerging, claiming to provide anonymity guarantees that earlier protocols, such as Bitcoin, could not provide.
There have been many types of online payment systems created over the past decades that have enabled transactions to take place more efficiently, without the need for physical cash. Examples include payment card networks like Visa and Mastercard, as well as eWallets such as Paypal. However, all of these systems are centrally administered by a controlling authority with the technical and legal ability to link these transactions back to the payer and the payee. Since 2009, a new class of independent online monetary system known as cryptocurrency has emerged, allowing payers and payees to make transactions that are not subject to the control of a central authority. Instead, these transactions are cryptographically-signed transfers of funds from payer to payee validated by other peers in a global payment network. Since validation is provided by peers in the network rather than a central authority, each of these transactions has to be recorded on a public ledger that every participant in the network of payment has access to, consequently exposing the entire transaction history of the system to the public
To provide some form privacy for users in the system, first-generation cryptocurrencies like Bitcoin have designed their protocols to be pseudo-anonymous, where users use public key addresses to conduct their transactions rather than their actual real world identities. Pseudonymity results in transactions being recorded as transfers of funds between one public key belonging to the payer to another public key belonging to the payee, thus preventing an observer from immediately identifying the real world identity of the payer and payee. However, pseudonymity only guarantees that a payer and payee cannot be identified by a network participant casually observing a single transaction.
Theoretically, since the entire network of transactions can be exposed on a public blockchain, an external adversary can de-anonymize users by taking advantage of other information provided by the network of transactions. In fact, there has been substantial empirical research showing that re-identification of user identity is feasible in the Bitcoin network, leading to concerns that the pseudonymity provided by cryptocurrency does not lead to any kind of meaningful anonymity guarantee against an informed adversary.
Computer scientists have realized that for anonymity guarantees to be meaningful, the cryptographic protocol would have to guarantee not just pseudonymity, but also unlinkability, where different interactions of the same user with the system should not be linkable to each other. Unlinkability is difficult to achieve in practice, and even more difficult to guarantee formally. As a result, there have been many coins emerging in recent years that claim to provide anonymity even though they may not have strong unlinkability guarantees. Investors and users of such “privacy coins” need to understand that there is never a guarantee of complete anonymity, and that the only meaningful measure of anonymity is to compare the amount of anonymity offered by each coin relative to one another.
For such a comparison to be possible, they need to have a theoretical understanding of how the various privacy protocols work. Furthermore, investors should have the ability to seek out and understand empirical studies that determine if the coins mined so far have lived up to their claims to anonymity. Empirical studies conducted on both Zcash and Monero have shown that while these privacy coins provide great tools to maintain anonymity, these tools might not be the defaults, resulting in improper usage by some people that compromised the coin. People who shield and immediately unshield in Zcash think they are getting some privacy, while people who participate in small mixins in Monero think they are getting sufficient privacy, but in both cases, they are actually vulnerable to anonymity attacks.
Part 2 will provide more background about the theory and practice of adding anonymity guarantees in cryptocurrency. Stay Connected