Zcoin utilizes the Zerocoin protocol to provide anonymous transactions in a unique scalable way. The protocol, originally intended to be an extension of Bitcoin, allows you to send coins with no transaction history. Bitcoin records the history of every transaction on a public ledger for anyone to see. Wallet addresses are only pseudo-anonymous with the potential for people to link your identity to an address. However, with Zcoin, you can preserve the fungibility and privacy of your spending.
When sending Zcoins, the process works exactly like Bitcoin, with transactions recorded in a public ledger. However, the Zerocoin protocol involves destroying your Zcoins to mint a Zerocoin. Zerocoins are new coins with no transaction history. “You can think of the Zerocoin layer as a form of coin laundry where you will put in your existing ‘dirty‘ coins (that have a long transaction history) and then redeem new ‘clean‘ coins that appear to be brand new and have no prior transaction history.”
You are then able to use the Zerocoins in a spend transaction, which converts the Zerocoins back into Zcoins. With many people minting Zerocoins, it will not be obvious who the spent Zerocoins came from, thus preserving your anonymity.
Minting and Spending
Creating Zerocoins involves selecting the number of coins you’d like to mint and a fee of 0.01 Zcoins (XZC).
There are a predetermined amount of coins you can mint to improve anonymity. For example, if you mint 1723 Zerocoins and then spend 1723 later, it would be easier to trace the transaction back to you.
You must wait about 70 minutes before you’re allowed to send the Zerocoins so it’s advised you mint ahead of time if you know you will eventually do some spending. Once you actually click spend, the address of your choice receives the Zerocoins with no transaction history.
To conceptualize how Zerocoins maintain anonymity, you first need to understand zero-knowledge proofs. “In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party can prove to another party that she knows a value of x, without conveying any information apart from the fact that she knows the value of x.”
A very simplified example of a zero-knowledge proof would be proving you know your Reddit password to a friend without telling it to them, by simply logging in and showing them it worked.
Ultimately for Zcoin, you need to show proof that you can send Zerocoins without conveying information that it was your Zcoins that were burned for them.
First, you destroy a Zcoin and the Zerocoin protocol generates a random serial number S for a Zerocoin and a secret number r. Then you use S and r cryptographically to create a value C which you are committed to. This value C is posted on the blockchain so that you cannot change it later. Anyone can see the public C values created from numerous people minting coins.
To spend the Zerocoin S, you give a zero-knowledge proof that you have an S value that corresponds to a public value of C. The zero-knowledge proof only shows that there is some C that corresponds to your S, not explicitly which one. Thus some Zerocoins would be spent but no one would know it’s the value of C that corresponds to you.
To avoid double spending of Zerocoins, nodes verify that the zero-knowledge proof was valid and that Zerocoin S was not already spent.
Currently, Zcoin uses the Lyra2z algorithm for proof of work. Eventually, they will transition to a Merkle Tree proof of work algorithm, known as MTP. MTP is a unique memory hard algorithm that aims to solve several problems. Memory hard algorithms help prevent the development of ASICs which lead to centralized mining farms.
Memory hard algorithms also prevent the use of botnets infecting computers for mining purposes. If a botnet was using up multiple gigs of memory, you’d be likely to notice something is wrong.
“The basic concept is that it should establish the same price/cost for a single computation unit on all platforms meaning that there is no single device that should gain a significant advantage over another for the same price hence promoting egalitarian computing."
The ultimate goal is to keep CPU mining as a feasible way to participate in the security of the network. Previous memory hard algorithms also required a lot of memory for verifying nodes to confirm transactions, making running a node relatively expensive and vulnerable to DOS attacks.
As mentioned earlier, Poramin Insom is the founder and core developer of Zcoin. He originally founded Vertcoin but saw the need for anonymous transactions in the cryptocurrency space. As he was already working under Matthew Green at Johns Hopkins University, it provided the perfect mentor to be able to work on implementing Zerocoin. He says he wants to eventually return to development on Vertcoin but Zcoin is his main focus for the time being. In addition to Insom, there is Peter Shugalev, head developer, as well as several other developers and contributors to the Zcoin team.