Zcash and Monero are both “privacy” coins which are cryptocurrencies that can be used to make anonymous payments. They both achieve privacy in different ways. But which has stronger privacy?
How does Zcash achieve privacy?
Through encryption and zk-Snarks.
- Encryption: Zcash uses encryption to achieve privacy. It hides sender, receiver, amount data that goes on its public blockchain for single-signature transactions.
- zk-Snarks: Zcash uses zk-SNARKs to verify payments. zk-SNARKs is an implementation of Zero-knowledge proofs in cryptography. Zero-knowledge proofs used in a cryptocurrency means that transactions can be verified without knowing the details of the transaction (sender, receiver, amount).
- Optional privacy: In Zcash, transactions can be anonymized (via shielded addresses that utilize the encryption and zk-Snarks above) or unanonymized (via transparent addresses that work like Bitcoin transactions).
How does Monero achieve privacy?
Through ring signatures and stealth addresses.
- RingCT: Ring signatures group together a bunch of sender’s inputs together, obfuscating who are making payments.
- Stealth addresses: Stealth addresses are one-time use transaction addresses that senders and receivers use to make payments with each other.
Credit: This post from Cryptobriefing did a great job summarizing the differences between Monero and Zcash.
From a non-technical standpoint, because Zcash encrypts transaction history while Monero jumbles it, I would argue that Zcash has stronger privacy.
But a Reddit user in the Monero Subreddit, Vespo, makes an interesting argument. Hypothetically, if Zcash and Monero transactions were deanonymyized, the consequence is far smaller in Monero. He argues that in Monero transactions, even if the transaction is deanonymized, they would only get information pertaining to a one-time-use-only address. So the sender/receiver data wouldn’t be able to be exploited more than once.
Would love to get your thoughts on which privacy coin ensures greater privacy.
How do the vulnerabilities and attack vectors of each coin factor into this?
The Monero protocol recently updated itself to use Bulletproofs. What affect does this have?