UK Scholars Find Faults in Zcash Anonymity

Vulnerabilities in Zcash protocol can reduce anonymity by 70%, company says it concerns only unshielded transactions.

by Marin Marinov
11 May • 4 min
In News

Several vulnerabilities in the protocol of cryptocurrency Zcash (ZEC) can reduce anonymity of transactions by almost 70%, researchers from the University College London have found in a newly-published report. 

ZEC founder Zooko Wilcox has welcomed the findings but claimed that the results apply only for shielded-to-unshielded transactions and vice-versa.

The UK academics have made a case study to examine Zcash privacy finding significant issues when coins move from “unshielded” to “shielded” addresses and vice-versa because they lose much of the anonymity that ZEC users expect:

“We find that 65.6% of the value withdrawn from the pool can be linked back to deposits made by either founders or miners. We also…capture an additional 3.5% of the value using this…thus reduce the size of the overall anonymity set by 69.1%,” George Kappos, Haaroon Yousaf, Mary Maller and Sarah Meiklejohn, the authors of report explain. 

The findings within Zcash protocol 

Zcash claims that it “is the first open, permissionless cryptocurrency that can fully protect the privacy of transactions”. It has two types of addresses: 1. The so-called “t-addresses” or “unshielded” are transparent and public. Balances and transactions in these protocols can be viewed by everybody, similarly to the blockchain of the Bitcoin (BTC); 2. The so-called “z-addresses” are the “shielded” ones, meaning that they allow users to transfer coins without revealing the details of the transaction like amount and participants.

The university research has found several problems:

 “We were able to easily identify their deposits into the pool because: (a) in shielded transactions the source addresses are transparent, (b) founder addresses are publicly known and act as recipients in coingen[eration] transactions, and (c) miner addresses can be isolated as the set of all distinct addresses that received newly minted coins but were not founders,” the authors of the report explain in the university blog.

a lot of people with question mark instead of faces

ZEC requires founders and miners to find consensus before adding newly generated coins into the protocol of the shielded addresses, academics explain. Since the release of the altcoin, a total of 3 106 643 ZEC have been generated, of which 80% went to the miners and 20% to founders.

Regarding regular users in the shielded addresses, 87% of their coins were in transactions already attributed to the founders and miners. The academics disclosed all findings to ZEC developers before publishing the report.

Zcash answer

Zcash founder Zooko Wilcox and marketing director Josh Swihart promised upgrades and invited other scientist to further research anonymity guarantees.

“It is valuable to understand how much privacy is lost when using shielded addresses as a pass-through mechanism, but using it in that way is not recommended. Instead, store your Zcash in a shielded address. When paying someone, send Zcash from your shielded address to their shielded address. If Zcash is transacted in this way, the results of this paper do not apply and transaction privacy is maintained,” Zooko Wilcox and Josh Swihart explain in Zcash blogpost.

Last year, Michigan-Dearborn University report matched 31.5% of all coins sent to shielded addresses.

Zcash has several competitors among cryptocurrencies that claim to guarantee anonymity, including Monero (XRM), Dash (DASH) and Verge (XVG). XRM and DASH have recently been defined as “highly problematic virtual currencies” by Japanese regulator.