Research Team Discovers a Major Flaw in Zcash Anonymity Protocol

Altcoins Blockchain
Research Team Discovers a Major Flaw in Zcash Anonymity Protocol

Privacy-centered digital currency Zcash is caught in an ironic dilemma, as a group of researchers discovered a series of code patterns which diminish the coins’ praised unique selling point; its anonymity protocol.

Paper Debunks Zcash’s Prized Anonymity

Titled “An Empirical Analysis of Anonymity in Zcash” and published on Scirate on May 8, 2018, the paper explores particular types of transactions which contain the anonymity-reducing pattern.

As per the University College of London research team, which consists of Mary Maller, George Kappos, Haaroon Yousaf, and Sarah Meiklejohn, zcash coins moving from “unshielded” to “shielded” and back were found to be “losing” their anonymity, which is highly regarded by the Zcash community.

In the team’s words:

“Their relatively simple heuristics reduce the size of the overall anonymity set by 69.1 percent.”

Currently the world’s 27th largest cryptocurrency by market cap, and regarded amongst the few privacy-focused coins, the Zcash protocol makes use of two types of addresses for transactions; “z-addresses” for invisible transactions, and “t-addresses” for transparent transactions.

In the Zcash protocol, all transactions between two t-addresses are pseudonymous, meaning that only the payment history along with wallet balances are publically accessible on the blockchain. Opposed to this, transactions between z-addresses remain completely anonymous, displaying only associated timestamps and mining fees on the blockchain.

However, when transactions happen between the two types of addresses, the z-addresses undergo a varied degree of code complication, making it possible for an outsider to view a part of the private transactional data.

The chart below shows the frequency of types of transactions taking place on the network.

Source: Benhams Gaze

The researchers believe the problem to be behavioral in nature, and blame the fallacy to Zcash founders interacting with the protocol regularly. As per the researchers:

“Our heuristics would have been significantly less effective if the founders interacting with the pool behaved in a less regular fashion. In particular, by always withdrawing the same amount in the same time intervals, it became possible to distinguish founders withdrawing funds from other users.”

Source: Benhams Gaze

The researchers also released an official blog summarizing the paper, explaining that majority of the transactions were of a specific amount; 249.9999 ZEC, which equaled to 100 block rewards.

Furthermore, on comparing the particular value with the transparent blockchain, only five other instances of a value between 249 and 251 ZEC were noticed, all originating to a founder address.

On analyzing the value in detail, which is explained in the research paper, the researchers concluded that a correlation between z-to-t transactions came from only a few particular addresses, thus allowing them to find out the identities of an otherwise anonymous transaction.

Zcash Founders Quick to Take Measures

Before the paper was published online, the Zcash founders’ team was notified of the development, which was followed by the researchers observing an immediately “change in behavior” in the network.

Quickly taking to their official blog to explain their position on the issue, Zcash founder Zooko Wilcox said:

“We congratulate this research team for this insightful new paper, and invite other scientists to join with us in investigating these questions that are important to the future of human society.”

Adding to the privacy concerns from using the coin, Wilcox said:

“It is valuable to understand how much privacy is lost when using shielded addresses as a pass-through mechanism, but using it in that way is not recommended. Instead, store your Zcash in a shielded address.”

In conclusion, Wilcox added that several upgrades are planned for the Zcash protocol, in particular, the Sapling hard fork, which aims to lessen risks pertaining to anonymity as was rightly identified in the paper.

A copy of the Empirical Analysis of Anonymity in Zcash is available here.