A report by the New York-based firm Digital Asset Research (DAR) argues Zcash’s use of encryption makes it a far more secure privacy coin than its chief rival, Monero. The report argues the XMR network has suffered from past vulnerabilities and may be exploited again. “It is our [DAR] opinion that the privacy guarantees provided by Zcash’s zk-SNARKs are much stronger than that of Monero’s RingCT”, the report said.
Although both are designed to hide key user information, Monero and Zcash use very different methods. XMR uses something called RingCT, a ‘mixing’ system that collects user data from both senders and recipients together. This disassociates information that could be used to identify a user from their transaction history.
Zcash, in comparison, encrypts the data, meaning that the entire transaction history is hidden from sight. The platform uses a cryptographic technique called zero-knowledge proofs that can verify payments without having to know specific details about it.
ZEC isn’t as vulnerable as XMR
DAR’s Director of Technology Research, Lucas Nuzzi, who penned the report, told Crypto Briefing that the different methods used by Monero and Zcash made them very distinctive.
Whilst Monero’s RingCT system is ‘sophisticated’, it is nonetheless vulnerable; transaction data may not be attached to specific user information, like a wallet address, but is still not hidden and is publically visible on the blockchain.
“Monero does not hide anything at all,” Nuzzi said. “Technically, there is no obfuscation in Monero transactions; privacy is simply achieved by disassociating the identities of senders and recipients. While this approach has certainly contributed to Monero’s user adoption, it relies on the robustness of the heuristics used in the mixing process.”
Nuzzi explained how Monero was “greatly tainted” when researchers from the University of Illinois and Princeton managed to find systemic vulnerabilities, prior to the network adopting RingCT in January 2017.
The researchers showed that they were able to clearly identify Monero senders with an 80% accuracy. (Note: the individual identities of senders required additional information such as exchange records, according to Andrew Miller, one of the paper’s authors – see comments.) “While the activation of RingCT in January of 2017 diminished vulnerabilities related to blockchain analysis, it is unclear how sustainable this improvement is,” he added.
The DAR report found no such vulnerability existed with Zcash. Although still on a public blockchain, information regarding the source of funds, the destination and the amount of ZEC tokens sent, can currently not be accessed. Nuzzi highlighted that even if someone managed to hack into the platform, it would still be impossible to determine past transaction history. “While this [hack] would be a catastrophic event for Zcash, it’s guarantees of privacy are much stronger,” he added.
Zcash vs Monero.
Zcash is a privacy coin, but not by default. Transactions can be sent publically, as would be done on a conventional network like Bitcoin (BTC) or Ethereum (ETH), or it can be sent privately where no user information is made public. There are also options for either sender or recipient to ‘shield’ their own information whilst the other one lets theirs be made public. The platform’s specific encryption tool, zk-SNARKS, was also found to be able to validate private transactions in milliseconds.
Crypto Briefing reported on research findings earlier this month that predicted Monero would have a surge in investor demand. Published by the ICO advisory firm Satis Group, the researchers said they had already detected signs of increasing uptake by criminals who were using Monero for illicit activities, such as money laundering and ransoms.
Zcash’s developers claim ZEC, and other privacy coins, are not restricted to illicit activities; Crypto Briefing is inclined to agree. Privacy coins can be used for anonymous donations or for dissenters in autocratic regimes. They can be used on an everyday basis to stop tech-giants, a law unto themselves, spying on their users’ spending habits.
Privacy coins have a legitimate case; the debate has moved onto what’s the most effective method. If Zcash can protect users’ identities better than its competitors then it has the best potential to expand.
Best not to keep that a secret…
The author is invested in BTC and ETH, which are mentioned in this article.
This article has been updated to note that RingCT activation was in January 2017, not April 2017 as previously noted.
It has also been updated to clarify that additional information was required by researchers in order to identify up to 80% of Monero senders individually: as the paper concludes, “A significant fraction (91%) of non-RingCT Monero transactions with one or more mixins are deducible (i.e., contain at least one deducible mixin), and therefore can be conclusively traced. Furthermore, we estimate that among all transaction inputs so far, the GuessNewest heuristic can be used to identify the correct mixin with 80% accuracy.”