We just launched support for two notable cryptocurrencies in Chainalysis Reactor and KYT (Know Your Transaction): Dash and Zcash. As two of the most popular so-called “privacy coins” — cryptocurrencies with privacy enhancing features encoded into their protocols — they account for over $1.5 billion of reported daily trading volume.
You may be wondering how Chainalysis products could support privacy coins. Isn’t the whole purpose of privacy coins to make transactions impossible to trace?
That’s an oversimplification, in that it misunderstands both the privacy features coins like Dash and Zcash offer and how users actually utilize those features in everyday transactions. Below, we’re going to examine how Dash and Zcash allow investigators and compliance professionals to investigate illicit activity in a way that balances users’ privacy needs with the industry’s compliance needs.
Dash, Zcash and privacy
What actually makes a privacy coin a privacy coin?
Many people believe that Bitcoin transactions are private, but that’s a misconception. Transactions, addresses, and balances are all recorded in a public and permanently available ledger. Chainalysis can analyze transactions and use open source intelligence to label addresses with the real world entities that control them for compliance and investigation purposes (note: we identify services and do not label individual users’ wallets).
Generally speaking, privacy coins have features that aim to make the process described above harder. This is possible to do by adding privacy functionality on top of existing blockchains, including Bitcoin. Privacy coins however operate on entirely new blockchains with privacy features built into the protocol. Below, let’s look at the specific privacy features Dash and Zcash have implemented.
Dash’s privacy features
Dash was launched in 2014 as a code fork of Bitcoin; its most notable privacy modification is its PrivateSend functionality. PrivateSend is a branded implementation of the CoinJoin protocol such as those found in Bitcoin’s Wasabi Wallet and other mixers as a way to obscure the origin of funds. Keep in mind, however, that PrivateSend is optional, and that Dash transactions are unmixed by default.
The general principle behind these mixing services is that multiple people send funds into one big transaction and each person receives the same amount of funds to a new address that they control. It then becomes difficult to connect each input to each output.
For Dash’s PrivateSend transactions, a user’s funds are broken down into standard denominations: 10, 1, 0.1, 0.01 or 0.001 DASH. These funds are then sent in mixing transactions that only consist of that particular denomination, e.g. all inputs and outputs are 0.1 DASH like in the screenshot above. The user gets the same total amount of Dash back, but it’s been mixed together with other PrivateSend users’ funds. The outputs of these mixing transactions can then be sent in PrivateSend transactions to another user.
It’s possible to perform mixing transactions that are functionally identical to PrivateSend on other technologically similar cryptocurrencies. This means from a technical standpoint, Dash’s privacy functionality is no greater than Bitcoin’s, making the label of “privacy coin” a misnomer for Dash. In fact, independent wallet softwares provide more advanced forms of CoinJoin that are being used with major cryptocurrencies not labeled as privacy coins, such as Bitcoin, Bitcoin Cash, and Litecoin.
There are no fees for PrivateSend mixing transactions, unlike with most Bitcoin mixers. So although mixing transactions may not be more effective using Dash PrivateSend, it does make it cheaper and simpler for an end user to perform them.
Zcash’s privacy features
Zcash was launched in 2016 explicitly as a privacy coin with enhanced cryptography at its core. Instead of changing transaction patterns to obscure ownership, it offers the possibility for users to encrypt blockchain activity, through a process known as shielding.
Zcash provides this through its shielded pools, a collection of encrypted addresses where the balances and transactions within the pool are all always encrypted. Transactions into, out of, and between the pools are transparent, but the counterparty addresses within the pool remain encrypted. However, as with Dash’s PrivateSend, everyday users must opt in to take advantage of Zcash’s shielded pools. By default, transactions don’t take place in a shielded pool and are public and unencrypted, similar to Bitcoin.
So, if all that information is encrypted for some addresses and transactions, and only the owner of those addresses can decrypt their information, how can Zcash have a shared ledger? How does everyone know that an encrypted address in a transaction block is valid and has the funds it's sending?
Zcash uses zk-SNARKs, a type of zero knowledge proof that offers a yes or no answer of whether something is true without sharing any of the details. In this case, a user can prove to the network that their account has the funds without revealing the account balance.
zk-SNARKs enable shielded transactions to take place in public, with only the counterparties involved knowing the details (and the receiver may not even know the sender’s address!). Transactions involving a shielded pool almost always have a fixed fee of 0.0001 ZEC to prevent opportunities to spot patterns or make inferences.
Real world use of Dash and Zcash privacy features
As we point out above, Dash and Zcash’s privacy features are optional and can be used at the discretion of each individual transacting. Therefore, the real world usage of those privacy features makes a big difference to each coin’s functional level of privacy.
Dash privacy in the wild
Mixing transactions related to PrivateSend make up roughly 9% of all Dash transactions. This is larger than the share of Bitcoin transactions that use CoinJoin or mixing techniques, but is still a relatively small and declining percentage of Dash transactions.
Users don’t have to use the output of these mixing transactions to perform a PrivateSend transaction. Instead, they can opt to use them with non-mixed funds. The percentage of Dash transactions that constitute actual transfers of funds using PrivateSend is less than 0.7%.
Mixing transactions are very easy to spot and identify on the Dash blockchain. As they are still public and transparent, the exact same techniques that can be used to analyse CoinJoin transactions performed using Bitcoin can be used on Dash.
If you would like to learn more about analysing mixing transactions, including PrivateSend, we recommend taking part in the Chainalysis Reactor Certification program, which covers this amongst other advanced analytic techniques.
It’s also possible to connect inputs and outputs on some PrivateSend transactions, due to the large number of inputs one has to send to break funds down into denominations. For example, a user sending 73.4 DASH results in 14 inputs: 7 in units of 10, 3 in units of 1, and 4 in units of 0.1. Researchers at Princeton University have shown that in certain circumstances it’s possible to use combinatorics to uniquely identify the single address a PrivateSend output came from.
This means that while PrivateSend does increase privacy for its users, successful investigations can still be performed.
Zcash privacy in the wild
Roughly 14% of Zcash transactions involve one of Zcash’s two shielded pools in some way. But of the transactions that interact with a shielded pool, only 6% are completely shielded, i.e. sender, receiver, and transaction amount are all encrypted. That’s only 0.9% of all Zcash transactions.
So even though the obfuscation on Zcash is stronger due to the zk-SNARK encryption, Chainalysis can still provide the transaction value and at least one address for over 99% of ZEC activity.
When it comes to address balances, only 5% of the total supply of ZEC is currently held within the shielded pools despite the higher total value of ZEC that flows through them every day. This is partly due to a requirement in the protocol that all proceeds from mining must first pass through one of the shielded pools before they can be transferred to transparent addresses. That means that if you trace the origins of any ZEC all the way back, it will always come from a shielded pool. This was deliberate, so that all transparent ZEC activity ultimately traces back to shielded activity.
Zcash’s shielded pools can provide stronger privacy than mixing transactions but shielding is not bulletproof. Research at University College London showed that using simple heuristics based on shielded pool usage patterns reduces the anonymity. They showed that most Zcash users don’t use the privacy functionality at all. Of those who do interact with the shielded pools, the researchers showed that most do it in a straightforwardly identifiable way, such as withdrawing exactly the same amount of ZEC that they deposited very quickly afterwards.
Balancing privacy and compliance
Dash and Zcash allow users to conduct transactions with greater privacy, but that doesn’t mean they provide total anonymity. The two cryptocurrencies’ privacy features — both in how they’re built as well as how they’re used in the real world — leave room for investigators and compliance professionals to investigate suspicious or illicit activity and maintain compliance. With Chainalysis product’s support, cryptocurrency businesses are now able to incorporate Dash and Zcash into their compliance programmes.
The majority of these two coins’ usage is for non-privacy purposes. Research by the RAND corporation, on behalf of Zcash, revealed that of the cryptocurrency addresses mentioned on the dark web, less than 0.2% were for either Dash or ZCash. Through Chainalysis’ technology and our customers’ vigilance we can make sure that these coins keep being used by legitimate, law-abiding people and businesses.
If you would like to learn more about how Chainalysis can help you investigate or compliantly interact with Dash or Zcash, please contact us or request a demo.