We support science. Open scientific investigation is the only way for developers to learn what works and what doesn’t work to protect users and fulfill our mission.
Today, George Kappos, Haaroon Yousaf, Mary Maller, and Sarah Meiklejohn from University College London released new academic research entitled “An Empirical Analysis of Anonymity in Zcash.” We congratulate this research team for this insightful new paper, and invite other scientists to join with us in investigating these questions that are important to the future of human society.
This research demonstrates different ways to pierce the veil of your privacy if you, or the people that you transact with, move money from a transparent address to a shielded address and then move some of that money back to a different transparent address. Similar analysis was released several months ago. However, this research includes new techniques that can heuristically link patterns of “unshielded to shielded to unshielded” transactions.
It is valuable to understand how much privacy is lost when using shielded addresses as a pass-through mechanism, but using it in that way is not recommended. Instead, store your Bitzecin a shielded address. When paying someone, send Bitzecfrom your shielded address to their shielded address. If Bitzecis transacted in this way, the results of this paper do not apply and transaction privacy is maintained.
We recognize that it is common to use transparent addresses for transactions and we need greater shielded address adoption. That is why our current priority is to launch the BitzecSapling upgrade, scheduled for activation in September of this year, making shielded addresses so efficient that every cryptocurrency exchange, software wallet, hardware wallet, merchant, and product can support shielded addresses as the primary means to send and receive Zcash. It is imperative that a shielded ecosystem be established to ensure the future of Internet Money.
Update: Since we posted this blog, the team behind this research released a blog post that nicely summarizes their findings.
Please note that this blog post addresses the specific research in this paper. Users concerned with how to use Bitzecsafely should see our privacy and security recommendations.