Zcoin Employs Burn-and-Redeem Privacy Model, Offering Alternative to Coinjoins

The Lelantus protocol, launched on privacy coin Zcoin’s testnet, lets users redeem partial amounts of a total coin burn rather than all of it at once.

AccessTimeIconOct 20, 2020 at 1:00 p.m. UTC
Updated Sep 14, 2021 at 10:11 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

The project behind privacy coin zcoin is launching the privacy protocol Lelantus on its testnet today. Lelantus allows confidential and anonymous blockchain transactions with short verification times. Using a burn-and-redeem model, users are able to destroy coins of arbitrary amounts and to redeem new coins, such that there is no previous transaction history associated with them.

The burn-and-redeem model is an alternative to other privacy methods such as coinjoins or using other people's transactions as decoys for possible sources and destinations. Instead, it allows you to destroy your coins and add them to a general pool of all the other coins that other users have destroyed.

“At any time in the future, you can submit a cryptographic proof that proves you destroyed/burnt coins without revealing which coin it was,” said Zcoin Project Steward Reuben Yap in an email. “This proof, once accepted, will allow you to redeem coins that do not have any previous transaction history or linkages.”

Zcoin’s new Lelantus functions

Lelantus uses a one-out-of-many proofs cryptographic concept, which proves that you are one of the many people who burned the coins, without showing which coins you actually burned. It also lets users redeem partial amounts of coin when they want. Previously, users had to redeem the total amount of coin they burned when redeeming. 

Yap likens the Lelantus burn-and-redeem model to buying a ticket for a carnival ride. When you go to the turnstile, you just have to show a ticket. 

“The ticket acts like a receipt of payment, but it doesn’t have to show that I was the person who paid for it or the exact bank notes that were used to purchase it,” said Yap. “The same principle is applied to the burn-and-redeem model for zcoins. As long as my receipt checks out, I can redeem it for new coins.”

With the Lelantus protocol, and partial redemption, what this means is a 24-hour ticket could be used for a few hours one day, none the next and then the remainder the following day. 

“With previous burn-and-redeem systems such as Zerocoin and Sigma, if I burnt a 100 dollar note I had to redeem a 100 dollar note” said Yap. “Lelantus' main innovation is that I can burn a 100 dollar note and redeem any amount that is smaller without revealing that it even came from the 100 dollar note.”

No trusted setup required for privacy focus

Lelatnus also requires no trusted setup. In cryptographic terms, a trusted setup creates a cryptographic system by generating certain initial parameters which will later be destroyed. It’s called a trusted setup because you must trust the person creating it to destroy said parameters. 

Using a trusted setup offers a point of failure and goes against the blockchain motto of “Don’t trust. Verify.”

“A compromised trusted setup in zero-knowledge proofs allows someone to forge the proofs, meaning that coins can be created out of thin air leading to hyperinflation,” said Yap. “In privacy coins where amounts are obscured, such inflation can also remain undetected.”

Lelantus 2.0 to come?

The mainnet launch of Lelantus is currently scheduled in four to six weeks, depending on testnet feedback.

“We’re already working on Lelantus 2.0 or Aura, which allows you to pass the right to redeem to someone else, and the amounts are hidden,” Yap added.  “You do not have to redeem the coins yourself, instead you can transfer that right which offers the very highest level of privacy.”

Zcoin was launched in 2016 and is based on the Zerocoin protocol, which used zero-knowledge proofs to protect user transactions. It is not to be confused with Zcash, which is based on the Zerocash paper. While the Zerocoin paper and Zerocash paper have some overlap in authors and use zero-knowledge proofs, they rely on different cryptography, according to Zcoin. 


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.