An Analysis of Anonymity in the Zcash Cryptocurrency

Abstract

Cryptocurrencies such as Bitcoin have shown that a game theory approach to decentralized consensus can create value. In Bitcoin’s game theory, as long as an adversary does not acquire a majority of computational power it is more profitable for them to obey by the rules of the network. Moreover, Bitcoin’s transparent, immutable, publicly auditable ledger allows any party to trivially verify the correctness of transactions. This transparency means that an adversary may, while obeying the rules of the network, trace the flow of transactions. By corresponding a transaction to an individual, the adversary may determine the source and destination of that user’s funds, resulting in a serious loss of privacy. Several alternative cryptocurrencies ("altcoins") have endeavored to create systems that preserve privacy. The chief difficulty in creating such a system is devising a way that the correctness of transactions can be easily verified while obscuring the underlying details of the transactions. Such systems are akin to homomorphic encryption, where operations carried out on ciphertext correspond to the same operation on the cleartext. In this thesis, we review a cryptographic method known as zk-SNARKs for anonymizing transactions in cryptocurrencies. We summarize the mathematical foundations of this construction, tracing the development of its underlying principles through the literature. We also analyze Zcash, a publicly traded cryptocurrency that uses zk-SNARKs. Using blockchain analysis along with certain heurestics, we are able to potentially deanonymize transactions that account for 31.5% of Zcash’s private transaction volume.