Zero cash bitcoin wallet
Third, users need to actively participate in a mix in order to ensure continuing privacy enhancement. While typical legitimate users worry about their own privacy, they are also risk-averse, do not wish to expend continual effort in protecting their privacy, and are often not sufficiently aware that their privacy has been compromised. Mixes in particular are not an adequate solution because they entail substantial costs, ongoing risks and effort.
In contrast, for users with "something to hide", e. Thus, to protect their day-to-day privacy, legitimate users need an instant, risk-free, and, most importantly, automatic guarantee that data revealing their spending habits and account balances is not publicly accessible by neighbors, co-workers, and merchants.
Zerocash guarantees users' privacy by providing "Zerocash payment transactions" that do not reveal the payment's origin, destination, or amount of any transaction. Any transaction is recorded in the ledger as a random-looking string that suffices to ensure the monetary invariants, yet is zero-knowledge: Zerocash improves on Zerocoin , work by some of the same authors, both in functionality Zerocoin only hides a payment's origin and in efficiency Zerocash transactions are less than 1KB and take less than 6ms to verify.
Zerocash is a novel cryptographic payment scheme that creates a separate anonymous currency, existing alongside a non-anonymous base currency, which we refer to as Basecoin. Each user can convert non-anonymous basecoins into anonymous Zerocash coins, which we call zerocoins. Users can then send zerocoins to other users, and split or merge zerocoins they own in any way that preserves the total value.
Users can also convert zerocoins back into basecoins, though in principle this is not necessary: Basecoin, which is the generic name we use for the non-anonymous currency in an altcoin implementing the Zerocash protocol, should not be confused with Bitcoin, which instead we typically use to denote the Bitcoin protocol and codebase that underlies many altcoins, including the currency with the name "Bitcoin".
Zerocash's functionality is realized using just two new types of transactions, mint transactions and pour transactions , which are broadcast and appended to the ledger. A mint transaction allows a user to convert a specified number of basecoins from some Basecoin address into the same number of zerocoins belonging to a specified Zerocash address. The mint transaction itself consists of a cryptographic commitment to a new coin, which specifies its value and owner address.
A pour transaction allows a user to make a private payment, by consuming some number of coins owned by this user in order to produce new coins. Roughly, a pour transaction, for two input coins and two output coins, involves proving, in zero knowledge , that:. The pour transaction consumes the input coins by revealing their serial numbers, but does not reveal any other information such as the values of the input or output coins, or the addresses of their owner.
Optionally, the pour transaction can also output some non-anoymous basecoins, subject to the constraint that the total output value equal the total input value. For a mint transaction, the commitment cointained therein is constructed so that that anyone can verify that the committed coin has the claimed value.
For a pour transaction, anyone can verify that the zero-knowledge proof contained therein is valid and that a few other simple invariants hold. For efficiency, however, Zerocash does not use "any" zero-knowledge proof, but leverages zero-knowledge Succinct Non-interactive ARguments of Knowledge zk-SNARK systems, which are zero-knowledge proofs that are particularly short and easy to verify.
We do not plan to deploy Zerocash in Bitcoin but, rather, we plan to release an altcoin that uses the Zerocash protocol. At present, we are working on finishing a first release of the client software, based on the Bitcoin 0.
There is a big difference between research software, and a clean implementation that is working and usable! Ultimately, we hope to achieve a production-quality client that can be used to create a real privacy-preserving currency. For updates, follow ZerocashProject on Twitter or check this website. Zerocash's privacy guarantees are designed to benefit legitimate users who do not want their financial details made public.
There is a concern, as always, that decentralized anonymous payments will facilitate laundering of ill-gotten funds by criminal users. As we now explain, however, Zerocash barely affects the status quo for criminal users, who already have strong incentives to hide their activity, while it provides notable benefits to legitimate users.
First, the main difficulty with money laundering does not typically lie in how to privately transfer money from one person to another, but in how to make the eventual income appear legitimate: In this respect, Zerocash does not help.
Second, even without the "help" of Zerocash, criminal users can already anonymize their activities via existing financial systems e. Thus, the introduction of yet another method to anonymously move money is of little consequence. Finally, Bitcoin is increasingly subject to regulation that narrows the gap between it and traditional financial systems. Presumably such regulations would apply to Zerocash exchanges as well.
Zerocash extensions can accommodate various choices of balance between accountability and privacy. For instance, there are promising techniques for preventing money laundering without violating the privacy of legitimate users e. Roughly, the idea is to build the cryptographic protocol so that, once the total amount paid between any two users over any number of payments exceeds some public threshold, the payments are not private.
Zerocash could incorporate such techniques though the initial prototype does not do so. More generally, the underlying zk-SNARK cryptographic proof machinery is flexible enough to enforce a wide range of policies.
It can, for example, let users prove that they paid the taxes due on all transactions, without revealing those transactions, their amounts, or even the amount of taxes paid. As long as the policy can be specified by efficient "nondeterministic" computation, it can in principle be enforced using zk-SNARKs and added to Zerocash. This can help to verify and enforce a wide range of compliance and regulatory policies in a manner that is non-invasive to privacy. Morever, once codified, policies will be enforced even in the presence of corrupt employees among the authorities.
This raises intriguing research, policy, and engineering questions over what policies are desirable and practically realizable.
Zerocash requires a trusted entity to conduct a one-time setup of the parameters of the system. During the setup procedure, secret random bits are drawn and used to compute the public parameters; the random bits are then destroyed, and the parameters are broadcast. If done correctly, then no secrets or backdoors remain. If this setup procedure were to be corrupted, the system would continue to provide anonymity guarantees, but it would be possible to "forge" coins.
As long as this setup procedure is conducted honestly, it is not possible to corrupt the public parameters of the system. A different question is the possibility of bugs in the code. Such bugs need to be found and resolved via extensive review and testing, as in any other software project. To facilitate this, Zerocash will be released as open-source software.
The Zerocash protocol is being developed into a full-fledged digital currency, Zcash. What is Bitcoin's privacy problem? Moreover, since no single trusted party operates the Zerocoin system, attacks on Zerocoin must take on a substantial fraction of the Bitcoin network. The Zerocash protocol uses provably secure cryptographic techniques to ensure that Bitcoins cannot be traced. These techniques allow users to conduct transactions on the Bitcoin network while receiving strong mathematical guarantees that the transactions cannot be traced.
These guarantees remain in place even if a portion of the Bitcoin network is compromised by an attacker. Other anonymous cash systems rely on distributing the work of anonymizing users amongst a set of parties. Because Zerocoin is built on top of Bitcoin, it is widely distributed among all the Bitcoin peers, ensuring that the system can remain available even when many nodes are compromised.
With the new Zerocash protocol, unlike the old Zerocoin protocol, users can make direct payments to each other with a vastly more efficient cryptographic protocol that also hides the amount of the payment, not just its origin. With the new Zerocash protocol, Zerocoin allows direct anonymous payments between parties.
Zerocoin transactions exist alongside the non-anonymous Bitcoin currency. Each user can convert non-anonymous bitcoins into anonymous coins, which we call zerocoins. Users can then send zerocoins to other users, and split or merge zerocoins they own in any way that preserves the total value. Users can also convert zerocoins back into bitcoins, though in principle this is not necessary: For a more detailed explanation of the new Zerocash protocol see the website for Zerocash protocol.
The plan is to make an altcoin, powered by the new Zerocash Protocol, that provides consumers with the financial privacy they expect from debit cards, credit cards, and cash. To do this, we plan on release a working, non research code quality client based off the bitcoin 0.