Comparison of the different "Privacy Coins"

Most of this was written by the mods at /r/Privacy. It's a very good summary of the current privacy coins of the day. I thought I'd share it here.

There are several cryptocurrencies out there that claim to offer privacy. Some do a better job than others, but none are perfect. Nevertheless, some may be private enough for your threat model. The cryptocurrencies are listed below in alphabetical order. If it is not listed here, please visit /r/CryptoCurrency to learn more, being cautious to verify any claims.

Bitcoin | /r/bitcoin

Bitcoin is perhaps the most transparent money system ever created. Anyone can look at the blockchain and see, for the history of time, the sender, receiver, and amount of money sent. Wallet account balances can be looked up, and IP transaction broadcasts are not hidden. Bitcoin is the most secure network of all the cryptocurrencies, but do not expect Bitcoin to provide any level of privacy alone. Certain mixing services like CoinJoin or TumbleBit can help, but someone needs to use these with an expert level of caution for them to have the intended effect. Most users of these services are probably not as private as they hope they are.

Bitcoin Cash | /r/BitcoinCash

It's a fork of Bitcoin but with 8 MB blocks size limit.

Bytecoin |

Bytecoin is the first coin released that uses the CryptoNote protocol. Unfortunately, it is a heavily-premined and well-orchestrated scam. With such a large premine, any privacy benefits they claim to provide are undermined by the large number of outputs controlled by one person. Furthermore, transaction amounts are visible.

DASH | /r/dashpay

Dash is a completely transparent fork of Bitcoin with CoinJoin implemented into the protocol. Users can optionally pay an additional fee to mix their coins with centralized servers called masternodes. Mixing can take some time, especially if the maximum of 8 mixing rounds are used. It is debatable whether Dash provides more privacy than a mixing service on top of Bitcoin, though it offers more convenience when using these services. Dash began its controversial history with an instamine, which further increases concern that masternodes are controlled by few people. Given the faulty launch, some people consider this coin a scam.

Monero | /r/Monero

Monero is a fair launch of the CryptoNote code. It hides the sender, amount, and receiver with ring signatures, ring confidential transactions (RingCT), and stealth addresses, respectively. It is the only cryptocurrency that has mandatory privacy for all transactions. Ring-signatures are not zero-knowledge, so an advanced user must take special care to maximize their privacy, which could include "churning" coins several times.

PIVX | /r/PIVX

PIVX is a fork of Dash with some changes, including a revision of the masternode mixing process to instead use Zerocoin technology (similar to Zerocash/zkSNARKs). It can optionally hide the sender and receiver of the transaction, but not the amount. Its security is reliant on the trusted RSA-2048 setup. There has been little analysis into the effectiveness of these methods.

Verge | /r/VergeCurrency

Verge is basically Bitcoin + Tor. There is no reason to use Verge over Bitcoin + Tor. Their "wraith protocol" uses optional stealth addresses, which are mostly ineffective alone.

Zcash | /r/Zcash

Zcash has two types of addresses: t-addresses and z-addresses. The t-addresses are completely transparent, just like Bitcoin. The z-addresses allow you to make transactions with zk-SNARKs. These transactions from a z-address to another z-address hide the sender, receiver, and amount. The sender is hidden in a better way than what is possible with other technologies currently available. Unfortunately, few services support this feature, with less than 0.3% of transactions being sent between two z-addresses at the time this was written. It takes a moderately powerful computer several minutes to sign these transactions. Furthermore, the system is vulnerable to a trusted setup, wherein the six participants in the trusted setup could collude to destroy the coin's value. Read more about the trusted setup here. In Zcash, the founders take 20% of the rewards for the first 4 years leading to 10% control of the entire monetary supply.

Zcoin | /r/Zcoin

Very similar to Zcash, but there are some serious differences. Zcash conceals the amount of money sent in each transaction, whereas Zcoin does not. So Zcash is less prone to privacy timing attacks than Zcoin. On the other hand, this comes with a big tradeoff for Zcash, in the form of potentially undetected hyper-inflation in Zerocash's money supply. In Zcash's current state it is impossible to know whether a successful attack occurred. Unless a saboteur turns whistleblower, we'll know it was compromised only after damages have occurred. And the more valuable Zcash is, the more dangerous it is. There is no "Undo" button. Zcoin vs Zcash. Johns Hopkins researcher Matt Green says that he and his fellow researchers are not interested in facilitating criminal activity with Zerocoin. "Zerocoin would give you this incredible privacy guarantee, then we could add on some features which let the police, for instance, to be able to track money laundering. A back door."


Comments


[8 Points] TheKingOfKingsMill1:

So, Monero?


[2 Points] savingfluffybunnies:

r/vergecurrency is the right sub


[2 Points] el_marihuano:

why no one uses shitcoin :(


[-4 Points] PhenomeDon:

Linda coin has had a recent surge in popularity.

  1. It has Masternode with good ROI.
  2. It has 99% APR.
  3. Transaction is confirmed in seconds.
  4. It has high level security and privacy.