Saturday, October 29, 2016

ZeroCash: Trustless Bitcoin Tumbling

Use Case:

ZeroCash is to bitcoin like Tor is to traffic. ZeroCash wants to mix everybody's traffic up between users in order to get privacy. Bitcoin's dirty little secret is that it has very little privacy; anybody who reads the chain can figure out what accounts are doing. By following the flow of money, an adversary can spy on a person's monetary activities. 

Increasingly worrying is the lack of forward secrecy on the blockchain. There's nothing to stop a heavy-handed agency from subpoenaing everybody who sent someone bitcoin. Someone can be found guilty through association. 

Forget a court of law, bitcoin transactions can make someone guilty or vulnerable in the eyes of another party. Hacktivists and simple hackers will know who has a bitcoin nest egg and might be motivated to attack your computer to get access to the keys for the bitcoin.

Many people turn to sites called tumblers. Tumblers are centralized sites that take in bitcoin and allow users to "cash out" bitcoin. This works to split a bitcoin wallet up into hundreds of pieces and to give a different hundred pieces to a different bitcoin account. This policy is currently the standard way to get privacy with bitcoin. This way is not perfect though.

This centralized tumbler might act in bad faith. They might act good for 99 days and on the 100th day run off with thousands of dollars in bitcoin. They might be working with an attacker to profile transactions. They may take your hundred bitcoins and give them all to somebody who uses them to break the law in a way that traces back to you. They may do all of these at the same time.

ZeroCash is a protocol underlying the newer tumbler pool called ZCash that hopes to provide a trustless solution to tumbling.

Implementation:

The basic idea behind ZeroCash is to create a pool of funds that anybody can use to mix their holdings in. After adding one's bitcoins to the pool, one can take out an equal amount of other bitcoins in order to hide a paper trail. The problem with this is that the process of identifying which deposit the withdrawing user had used is enough information to identify the withdrawing user. This could defeat the purpose. ZeroCash thus uses zero-knowledge proofs to check and manipulate what people's balances are without exposing which users are being manipulated.

ZeroCash has a construction which uses some tools that we haven't seen before. ZeroCash falls back upon non-interactive zero-knowledge proofs (zk-SNARKs). These are slower than some of the other cryptography that we've seen before. These zk-SNARKs are quite complex things. They enable someone to validate certain characteristics about a piece of encrypted data without seeing the decrypted data. The crazy thing is that in ZeroCash, this zero-knowledge proof will provide evidence that someone has been owed enough

ZeroCash has two operations, Mix and Pour. Both of them build up the cryptographic state to create a new "now." When someone adds new coins to the pool, they perform a Mix. When someone removes coins from their pool, they perform a Pour.

Since it's relatively expensive to use the zk-SNARC, most of ZeroCash's design is based around minimizing the amount of reliance on the mechanism. Mix and Pour both create states to validate, but only Pour transactions really require a full validation as Pour transactions are the only ones that require action from the pool. These transactions are a few microseconds, so they're not incredibly slow. They would definitely pose a problem to scaling to a proof on every bitcoin transaction.

One of the secrets to scaling ZeroCash is that the zk-SNARC is not forced to handle a structure tracking every account in the pool. ZeroCash maintains a Merkle tree. The depth of the tree is logarithmic in the number of transactions, making it much more computationally tractable to carry out the slower zk-SNARC operations.

Effectiveness:

ZeroCash is just fast enough to do what it promises but too slow to do much more. The algorithm underlying the system is quite powerful and complex, using cryptographically-verified manipulation of ledgers that nobody can read the entirety of. People interact with the ledger to carry out their ZeroCash activities, creating a state that can be queried and verified later. 

Nowhere in this state is there a decrypted copy of whom has inserted and removed the coins in question. When someone wishes to remove a unit of currency from the system, they cause the state to change in a way that does this without exposing their role in the operation. This offers near perfect anonymity to the user. 

The problem is that this system is both very powerful and fairly slow. While only taking milliseconds to verify a number of proofs, these add up. This means that most people won't use ZeroCash between every transaction, only as a way to "clean" a quantity of coins of a paper trail.

This nature is reinforced more by the fact that ZeroCash is unsuitable for transactions. Transactions require a long chain of money changing hands; which may become arbitrarily difficult to process. Because of this, and because of the lack of ZeroCash proof checking by bitcoin miners, ZeroCash cannot work as a sidechain and transfer money between peers. ZeroCash is only a money tumbling service. 

How good of a money tumbling service is it? So no longer can a tumbler operator collect traffic analysis or steal from a user. No longer does bitcoin laundering require communication with multiple active parties. 

On the other hand, someone who analyzes the ZeroCash network may be able to perform attacks which are quite similar to the attacks on any mixnet. If an attacker observed someone pay 0.083 btc to ZeroCash and then 0.083 btc in transactions leaving the network and all eventually going to the same address, then the attacker can correlate the message. Likewise, if someone uses the network for a quick Mix and Pour in the middle of the night when the network has few other people, then the timing of the transaction is enough to betray who was doing the mixing. Lastly, you have no control what the coins that you put into the pool are doing. You may be unintentionally implicating your bitcoins in felonies. 

ZeroNet thus needs enough users for "privacy in numbers" in order to get real privacy. 



Extensions of Idea:

The really interesting thing is to consider the mechanics of this system. By anonymously allowing users to "check in" and "check out" resources from a global pool, ZCash contributes a novel cryptographic technique. In many systems, embedded devices will take and return resources such as shared locks. These systems must work hard to prevent reverse engineering and obfuscation.

ZCash seems like a reliable model for cooperative resource sharing among agents with strong ownership. After it becomes more mainstream, it will be interesting to see how it may be applied to the embedded blockchain domain. 


Resources:

https://github.com/scipr-lab/libsnark
http://zerocash-project.org/media/pdf/zerocash-oakland2014.pdf
http://eprint.iacr.org/2013/879
https://z.cash/

32 comments:

  1. Here is great facebook spy tool, if you are looking for one.

    ReplyDelete
  2. I agree with, of course, all of these varients of solving that issue are great, but as for me, it is much easier just to use this app https://www.hoverwatch.com/whatsapp-spy. It works very stable and good, try it.

    ReplyDelete
  3. How about you visit this blog and check out article about whatsapp spy application.

    ReplyDelete

  4. This is interesting! But you know, I would better install this wonderful whatsapp spy http://copy9.com/whatsapp-spy/ on your phone and spy anybody you

    ReplyDelete
  5. Yes, really, WhatsApp is a very popular messenger. My girl very often uses it. I'm not happy with her excessive activity on the Internet, that's why I decided to use a keylogger http://mxspy.com/spy-whatsapp/ . I installed it on Molly's smartphone. Of course, she doesn`t know anything about this.

    ReplyDelete
  6. I agree that your application is useful. But in my opinion , this app https://9spyapps.com/whatsapp-hack/ is probably the most widely used and most useful of all service ,who famous in our days. You can convince in it yourself!

    ReplyDelete
  7. When I heard about mobile phone spy app, I decided to buy and install it without the knowledge of my children, so I did. One of the reasons is that I had some suspicions about the activity of the older child - I was afraid that he was hanging out with the bad guys, and was not completely sure that he was honest with me when I asked him about some things.

    ReplyDelete
  8. I think that thanks for the valuabe information and insights you have so provided here. usitech

    ReplyDelete
  9. It literally something that gives you positive vibes.
    Binance affgadgets

    ReplyDelete
  10. Loaded with superb and virtuosic words.Powerful is all that is in this blog.
    Initial Coin Offering

    ReplyDelete
  11. You ought to have one at your own particular PC too with a specific end goal to comprehend bitcoins on the grounds that some test trades will be included.Ricona ICO

    ReplyDelete
  12. I have my own ways of describing Bitcoin. I think of it as store credit without the store.cryptocurrency.lu

    ReplyDelete
  13. Bitcoins are a decentralized form of crypto currency. Meaning, they are not regulated by a financial institution or the government.eroiycoin

    ReplyDelete
  14. I wouldn't touch a bitcoin with a 10-foot USB link. Be that as it may, a reasonable number of individuals as of now have, and many all the more soon may.
    crypto crowdfunding

    ReplyDelete
  15. I am not a techie person but I was forced to learn when I realized how much my investment grew through Bitcoins. Though the rates went down recently, I have sold enough and my ROI is way more than I ever expected. I received my first Bitcoin as a payment from a friend who borrowed cash from me a couple of years back. I think ZeroCash is a good thing, but again, not a technical person here and I think I’ll have a hard time learning how it works. Currently, I use VPN services, mine’s from Express VPN to keep my activities online private. I no longer feel vulnerable when transacting online and when I access my Bitcoin wallet. I guess this works for me.

    ReplyDelete
  16. The price of a bitcoin fluctuates from time to time. Just to put things in perspective, back in the beginning of 2013, the average price of a bitcoin was approximately $400 per bitcoin, but by the end of 2013, the price for bitcoin rose to over $1000. bitcoin gigs

    ReplyDelete
  17. Excited by the essayist's capacity to write in this brilliant way.
    bitcoin app

    ReplyDelete
  18. Recently, the popularity for crypto-currencies has grown rapidly within investment circles, hedge funds, and among the technologically inclined due to its rising value. ethereum

    ReplyDelete
  19. The Bitcoin exchange rate does not depend on the central bank and there is no single authority that governs the supply of CryptoCurrency. Bitcoin private key

    ReplyDelete
  20. You can remark your perspectives and ask anything important to bitcoins.
    Btc doubler

    ReplyDelete
  21. Traders are always concerned about 'Bitcoin''s volatility. It is important to know what makes the value of this particular digital currency highly unstable.The Crypto Guru

    ReplyDelete
  22. Here is how you can download iOS 12 beta IPSW for iPhone or iPad devices. Our download page contains direct links of iOS 12 firmware IPSW. You can use our website to get the latest update for your device.

    ReplyDelete
  23. Thank you because you have been willing to share information with us. we will always appreciate all you have done here because I know you are very concerned with our. cryptocurrencies reviews

    ReplyDelete
  24. Another propelled square chain venture is Ethereumor the ETH which has served considerably more than only an advanced type of cryptographic money and its prevalence over the most recent couple of decades have enabled billions of individuals to hold wallets for them. binance.con

    ReplyDelete
  25. Mix and Pour both create states to validate, but only Pour transactions really require a full validation as Pour transactions are the only ones that require action from the pool. ICOPulse at ico list are the good one to invest on.

    ReplyDelete
  26. Bitcoin has been in the news the last couple of weeks, but a lot of people are still unaware of them. Could Bitcoin be the future of online currency? This is just one of the questions, frequently asked about Bitcoin.
    best bitcoin casino

    ReplyDelete
  27. The down to earth approach of the essayist in this blog is commendable.
    Crowdfunding

    ReplyDelete
  28. These you will then see the most important thing, the application provides you a website a powerful important internet page:
    ビットコインニュース

    ReplyDelete
  29. Faucets are paying between 100,000 to 400,000 satoshi's per hour. Some offer premium payments for seniority or tasks achievements https://bitcoinvest.cc

    ReplyDelete
  30. A prepaid phone without the phone. Precious metal without metal Legal offer for any public or private debt,https://www.jetwin.com/en-us/bitcoin-casino unless the party to which it is addressed wishes to accept it.

    ReplyDelete