Saturday, October 29, 2016

ZeroCash: Trustless Bitcoin Tumbling

Use Case:

ZeroCash is to bitcoin like Tor is to traffic. ZeroCash wants to mix everybody's traffic up between users in order to get privacy. Bitcoin's dirty little secret is that it has very little privacy; anybody who reads the chain can figure out what accounts are doing. By following the flow of money, an adversary can spy on a person's monetary activities. 

Increasingly worrying is the lack of forward secrecy on the blockchain. There's nothing to stop a heavy-handed agency from subpoenaing everybody who sent someone bitcoin. Someone can be found guilty through association. 

Forget a court of law, bitcoin transactions can make someone guilty or vulnerable in the eyes of another party. Hacktivists and simple hackers will know who has a bitcoin nest egg and might be motivated to attack your computer to get access to the keys for the bitcoin.

Many people turn to sites called tumblers. Tumblers are centralized sites that take in bitcoin and allow users to "cash out" bitcoin. This works to split a bitcoin wallet up into hundreds of pieces and to give a different hundred pieces to a different bitcoin account. This policy is currently the standard way to get privacy with bitcoin. This way is not perfect though.

This centralized tumbler might act in bad faith. They might act good for 99 days and on the 100th day run off with thousands of dollars in bitcoin. They might be working with an attacker to profile transactions. They may take your hundred bitcoins and give them all to somebody who uses them to break the law in a way that traces back to you. They may do all of these at the same time.

ZeroCash is a protocol underlying the newer tumbler pool called ZCash that hopes to provide a trustless solution to tumbling.


The basic idea behind ZeroCash is to create a pool of funds that anybody can use to mix their holdings in. After adding one's bitcoins to the pool, one can take out an equal amount of other bitcoins in order to hide a paper trail. The problem with this is that the process of identifying which deposit the withdrawing user had used is enough information to identify the withdrawing user. This could defeat the purpose. ZeroCash thus uses zero-knowledge proofs to check and manipulate what people's balances are without exposing which users are being manipulated.

ZeroCash has a construction which uses some tools that we haven't seen before. ZeroCash falls back upon non-interactive zero-knowledge proofs (zk-SNARKs). These are slower than some of the other cryptography that we've seen before. These zk-SNARKs are quite complex things. They enable someone to validate certain characteristics about a piece of encrypted data without seeing the decrypted data. The crazy thing is that in ZeroCash, this zero-knowledge proof will provide evidence that someone has been owed enough

ZeroCash has two operations, Mix and Pour. Both of them build up the cryptographic state to create a new "now." When someone adds new coins to the pool, they perform a Mix. When someone removes coins from their pool, they perform a Pour.

Since it's relatively expensive to use the zk-SNARC, most of ZeroCash's design is based around minimizing the amount of reliance on the mechanism. Mix and Pour both create states to validate, but only Pour transactions really require a full validation as Pour transactions are the only ones that require action from the pool. These transactions are a few microseconds, so they're not incredibly slow. They would definitely pose a problem to scaling to a proof on every bitcoin transaction.

One of the secrets to scaling ZeroCash is that the zk-SNARC is not forced to handle a structure tracking every account in the pool. ZeroCash maintains a Merkle tree. The depth of the tree is logarithmic in the number of transactions, making it much more computationally tractable to carry out the slower zk-SNARC operations.


ZeroCash is just fast enough to do what it promises but too slow to do much more. The algorithm underlying the system is quite powerful and complex, using cryptographically-verified manipulation of ledgers that nobody can read the entirety of. People interact with the ledger to carry out their ZeroCash activities, creating a state that can be queried and verified later. 

Nowhere in this state is there a decrypted copy of whom has inserted and removed the coins in question. When someone wishes to remove a unit of currency from the system, they cause the state to change in a way that does this without exposing their role in the operation. This offers near perfect anonymity to the user. 

The problem is that this system is both very powerful and fairly slow. While only taking milliseconds to verify a number of proofs, these add up. This means that most people won't use ZeroCash between every transaction, only as a way to "clean" a quantity of coins of a paper trail.

This nature is reinforced more by the fact that ZeroCash is unsuitable for transactions. Transactions require a long chain of money changing hands; which may become arbitrarily difficult to process. Because of this, and because of the lack of ZeroCash proof checking by bitcoin miners, ZeroCash cannot work as a sidechain and transfer money between peers. ZeroCash is only a money tumbling service. 

How good of a money tumbling service is it? So no longer can a tumbler operator collect traffic analysis or steal from a user. No longer does bitcoin laundering require communication with multiple active parties. 

On the other hand, someone who analyzes the ZeroCash network may be able to perform attacks which are quite similar to the attacks on any mixnet. If an attacker observed someone pay 0.083 btc to ZeroCash and then 0.083 btc in transactions leaving the network and all eventually going to the same address, then the attacker can correlate the message. Likewise, if someone uses the network for a quick Mix and Pour in the middle of the night when the network has few other people, then the timing of the transaction is enough to betray who was doing the mixing. Lastly, you have no control what the coins that you put into the pool are doing. You may be unintentionally implicating your bitcoins in felonies. 

ZeroNet thus needs enough users for "privacy in numbers" in order to get real privacy. 

Extensions of Idea:

The really interesting thing is to consider the mechanics of this system. By anonymously allowing users to "check in" and "check out" resources from a global pool, ZCash contributes a novel cryptographic technique. In many systems, embedded devices will take and return resources such as shared locks. These systems must work hard to prevent reverse engineering and obfuscation.

ZCash seems like a reliable model for cooperative resource sharing among agents with strong ownership. After it becomes more mainstream, it will be interesting to see how it may be applied to the embedded blockchain domain. 



  1. I agree with, of course, all of these varients of solving that issue are great, but as for me, it is much easier just to use this app It works very stable and good, try it.

  2. How about you visit this blog and check out article about whatsapp spy application.


  3. This is interesting! But you know, I would better install this wonderful whatsapp spy on your phone and spy anybody you

  4. Yes, really, WhatsApp is a very popular messenger. My girl very often uses it. I'm not happy with her excessive activity on the Internet, that's why I decided to use a keylogger . I installed it on Molly's smartphone. Of course, she doesn`t know anything about this.

  5. I agree that your application is useful. But in my opinion , this app is probably the most widely used and most useful of all service ,who famous in our days. You can convince in it yourself!

  6. When I heard about mobile phone spy app, I decided to buy and install it without the knowledge of my children, so I did. One of the reasons is that I had some suspicions about the activity of the older child - I was afraid that he was hanging out with the bad guys, and was not completely sure that he was honest with me when I asked him about some things.

  7. I think that thanks for the valuabe information and insights you have so provided here. usitech

  8. It literally something that gives you positive vibes.
    Binance affgadgets

  9. Loaded with superb and virtuosic words.Powerful is all that is in this blog.
    Initial Coin Offering

  10. You ought to have one at your own particular PC too with a specific end goal to comprehend bitcoins on the grounds that some test trades will be included.Ricona ICO

  11. I have my own ways of describing Bitcoin. I think of it as store credit without the

  12. Bitcoins are a decentralized form of crypto currency. Meaning, they are not regulated by a financial institution or the government.eroiycoin

  13. I wouldn't touch a bitcoin with a 10-foot USB link. Be that as it may, a reasonable number of individuals as of now have, and many all the more soon may.
    crypto crowdfunding

  14. I am not a techie person but I was forced to learn when I realized how much my investment grew through Bitcoins. Though the rates went down recently, I have sold enough and my ROI is way more than I ever expected. I received my first Bitcoin as a payment from a friend who borrowed cash from me a couple of years back. I think ZeroCash is a good thing, but again, not a technical person here and I think I’ll have a hard time learning how it works. Currently, I use VPN services, mine’s from Express VPN to keep my activities online private. I no longer feel vulnerable when transacting online and when I access my Bitcoin wallet. I guess this works for me.

  15. The price of a bitcoin fluctuates from time to time. Just to put things in perspective, back in the beginning of 2013, the average price of a bitcoin was approximately $400 per bitcoin, but by the end of 2013, the price for bitcoin rose to over $1000. bitcoin gigs

  16. Excited by the essayist's capacity to write in this brilliant way.
    bitcoin app

  17. Recently, the popularity for crypto-currencies has grown rapidly within investment circles, hedge funds, and among the technologically inclined due to its rising value. ethereum

  18. The Bitcoin exchange rate does not depend on the central bank and there is no single authority that governs the supply of CryptoCurrency. Bitcoin private key

  19. You can remark your perspectives and ask anything important to bitcoins.
    Btc doubler

  20. Traders are always concerned about 'Bitcoin''s volatility. It is important to know what makes the value of this particular digital currency highly unstable.The Crypto Guru

  21. Here is how you can download iOS 12 beta IPSW for iPhone or iPad devices. Our download page contains direct links of iOS 12 firmware IPSW. You can use our website to get the latest update for your device.

  22. Thank you because you have been willing to share information with us. we will always appreciate all you have done here because I know you are very concerned with our. cryptocurrencies reviews

  23. Another propelled square chain venture is Ethereumor the ETH which has served considerably more than only an advanced type of cryptographic money and its prevalence over the most recent couple of decades have enabled billions of individuals to hold wallets for them. binance.con

  24. Mix and Pour both create states to validate, but only Pour transactions really require a full validation as Pour transactions are the only ones that require action from the pool. ICOPulse at ico list are the good one to invest on.