Zcash Privacy Weakened by Certain Behaviors, Researchers Say

Patterns in usage have allowed four researchers to link many supposedly private zcash transactions to mining pools and founders. Zcash has responded.

AccessTimeIconMay 9, 2018 at 9:00 p.m. UTC
Updated Sep 13, 2021 at 7:55 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

Researchers have identified patterns in certain kinds of zcash transactions that weaken their anonymity, according to a paper published Tuesday.

George Kappos, Haaroon Yousaf, Mary Maller and Sarah Meiklejohn found that when coins move from "unshielded" to "shielded" and back to "unshielded" addresses, they lose much of the anonymity that zcash users expect. The University College London team wrote that their "relatively simple heuristics … reduce the size of the overall anonymity set by 69.1 percent."

Zcash, one of the most prominent and well-regarded privacy coins, offers two kinds of addresses: "t-addresses" are transparent or unshielded, meaning that their balances and transactions are publicly visible on the blockchain; "z-addresses" are shielded, meaning that their balances and transactions are invisible.

Transactions from one unshielded address to another are completely public, if pseudonymous, as in bitcoin. Transactions from one shielded address to another are almost completely invisible, showing only the timestamps and fees associated with mining.

Transactions between different types of addresses introduce complications, however, making it possible to glean some information about the z-addresses involved, according to the paper.

Part of the reason is behavioral, the authors explain. "Our heuristics would have been significantly less effective if the founders interacting with the pool behaved in a less regular fashion," they write. "In particular, by always withdrawing the same amount in the same time intervals, it became possible to distinguish founders withdrawing funds from other users."

The reason for these transactions – and similar ones performed by miners – is that zcash coins are required to pass through the "shielded pool" of z-addresses before they can be used for another transaction.

The researchers wrote that they alerted the founders to this problem before publishing their research, which they add has already led to a change in behavior.

In a response, Zcash founder Zooko Wilcox and marketing director Josh Swihart congratulated the research team, saying they "invite other scientists to join with us in investigating these questions that are important to the future of human society."

Regarding the actual privacy concern, the post said:

"It is valuable to understand how much privacy is lost when using shielded addresses as a pass-through mechanism, but using it in that way is not recommended. Instead, store your Zcash in a shielded address."

Further, Wilcox and Swihart said that planned upgrades to the zcash protocol - specifically the Sapling hard fork - would lessen the risks to anonymity identified in the paper.

Currently, only a minority of transactions are shielded, and far fewer are fully shielded, with z-addresses on both sides. According to the Zchain block explorer, 85 percent of transactions over the past month are fully public, and just 0.6 percent are fully shielded.

Fence image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.