Skip to content

A layman's explanation on how Zerocoin works

Jump to bottom
reubenyap edited this page Oct 26, 2016 · 7 revisions

Most cryptocurrencies including Bitcoin rely on public ledgers where all transactions are public and the history of a coin can be traced from its inception and all the transactions that it has been involved in.

Although the ownership of addresses are not known, through advances in statistical analysis and other meta-data (such as IP, time, use of exchanges) researchers have managed to reasonably accurately tie ownership of addresses to a real life identity. As the blockchain form a permanent record, they can be endlessly analyzed and once the identity is revealed, all the history of the coin is also tied to the identity. This can be problematic for example if someone used Bitcoin to do some illegal activity and that Bitcoin somehow ended up in your hands, you may be implicated just by virtue of having those Bitcoins.

Some have tried to make it harder to do this by using coin mixers/tumblers but they involve trusting the mixer/tumbler in that they won't steal your money and that they aren't secretly recording how the coins are being mixed. Zerocoin technology which Zcoin uses allows the anonymization of coins that doesn't require you to put your trust in a mixer.

The easiest way to visualize Zerocoin tech is a jar where everyone who wants to anonymize their coins places their coins in it. When they are ready to spend the coin, they produce proof that they did placed coins in the jar. If the proof is valid, the proof entitles them to take out any other coins in the jar provided that it is of the same value. This means there is no linkage between the deposit transaction into the jar and the redemption transaction whereby a coin is taken from the jar.

The innovative part of Zerocoin is how this proof is generated where although you deposited the money into the jar (and this transaction is recorded in the blockchain), you are somehow able to prove that you deposited into the jar without revealing which 'deposit' transaction was originally yours hence the term 'zero knowledge proof'.

Clone this wiki locally