Shrinking the "anonymity set" in Zcash

Leo Zhang

By Leo Zhang

Technical Updates

A group of researchers published a scientific study that shows how moving funds between Zcash's t-addresses and t-addresses may compromise the anonymity feature. Although this is not a new finding, the researchers discovered new heuristics that can further reduce the "anonymity set." (The size of the anonymity set is a yardstick for the level of anonymity of a transaction). The Zcash team has been open about this issue and recommended users who seek full privacy not to transact this way (see blog post below).

In related news, Signal, the encrypted messenger that's generally considered secure, is also not perfect. Security experts discovered that its MacOS desktop client retains disappearing messages indefinitely.

"The pool's run dry"-analyzing anonymity in Zcash
(Bentham's Gaze)

"Our main finding is that is possible in many cases to identify the activity of founders and miners using the shielded pool (who are required by the consensus rules to put all newly generated coins into it). The implication for anonymity is that this activity can be excluded from any attempt to track coins as they move through the pool, which acts to significantly shrink the effective anonymity set for regular users."

Maintaining privacy
(Zcash Blog, Zooko Wilcox and Josh Swihart)

"It is valuable to understand how much privacy is lost when using shielded addresses as a pass-through mechanism, but using it in that way is not recommended. Instead, store your Zcash in a shielded address. When paying someone, send Zcash from your shielded address to their shielded address. If Zcash is transacted in this way, the results of this paper do not apply and transaction privacy is maintained."

Signal disappearing messages can be recovered by the macOS client
(Security Affairs, by Pierluigi Paganini)

"Former NSA hacker and security expert Patrick Wardle analyzed the issue and discovered that macOS client makes a copy (partial for long messages) of disappearing messages in a user-readable database of macOS’s Notification Center. This copy could be recovered anytime by researchers and hackers."

News & Commentary

Bitcoin Lightning payments are slowly becoming less reckless
(CoinDesk, by David Floyd)

"For instance, when users create a channel, they need a certain number of confirmations to make sure its been accepted, and as such, the user needs to keep monitoring the channel. And while he admits the watchtower concept will improve this, that feature will likely take some time to be built into a sleek UX."

Commentary on token community supporters

Commentary on claims of ASIC-resistance

The many moods of macro
(Epsilon Theory, by Rusty Guinn)

"At their core, most macro models are central banking models and macro managers are carry investors. They willingly tied themselves to success in predicting bank actions, and in so doing had a wonderful stretch of good returns and low correlations with stocks. Now that predicting bank action will increasingly require short carry positioning, and now that betting on uncoordinated action has gotten tougher, they’re feeling the spurs. This is your choice, too: buck the rider or feel the spurs."