Previously we evaluated the privacy of Monero and Zcash. Today, we’re going to look at some other coins that are frequently recommended for their privacy preserving capabilities. Bytecoin, PIVX, Verge, and Dash are usually all classed as privacy coins. Although, as we shall see, there are huge discrepancies between their levels of anonymity.
Here, we’re focusing purely on privacy capabilities, breaking down the blockchain and network privacy features, followed by an examination of any centralization that undermines their supposed anonymity.
Blockchain privacy refers to features that obfuscate data on the blockchain such as addresses and transaction amounts. This is the most important level to secure privacy, without which, you can be identified relatively easily.
Bytecoin has a strong set of privacy features at the blockchain level. It leverages the CryptoNote protocol that provides it with ring signatures and one-time keys. Monero is actually a fork of Bytecoin, so you can be confident in the reliability of this well-tested technology. Unfortunately, the development team has proposed few privacy upgrades since then. The gap between Monero and Bytecoin’s blockchain privacy continues to grow and in this regard, and Bytecoin offers little unique value when comparing the two.
PIVX has developed its own custom-made code, based on the Zerocoin protocol. It uses a blockchain-level mixing feature that is done through zero-knowledge proofs, the same technology that drives Zcash’s zk-snarks. Zero-knowledge proofs are relatively old, originating in 1985, so PIVX’s privacy backbone is well tested. This means that your private zPiv balance is dissociated from any particular address and the transaction record of all your spent coins is hidden.
January 2018 saw the advent of Verge’s Wraith Protocol, which enabled optional stealth addresses on the network. This is the first, and to date only, blockchain-level privacy feature for Verge. Unfortunately, given the several false claims and repeat major technical failures by the project, you should take this claim with a pinch of salt.
Dash’s single privacy feature is PrivateSend. This is a modified version of the CoinJoin proposal for Bitcoin, whereby transactions are mixed together in the hope of muddling the transaction pool sufficiently to achieve anonymity. Mixing like this is probably the weakest form of blockchain level privacy as nothing happens at a cryptographic level to anonymize users. Furthermore, as we shall see, this feature’s operation makes it far less secure.
Network privacy refers to features like the Tor and I2P networks that seek to anonymize users activity on the network such as the hiding of IP addresses. They can either be built-in or optional.
Currently, Bytecoin has no network level privacy built-in. This is unfortunate as it leaves your IP addresses and geolocations subject to scrutiny.
PIVX offers reasonable privacy at the network level with the optional use of the Tor network. The development team is also working on the Dandelion Protocol and I2P integration, both of which should vastly improve network anonymity. We do not yet know release dates for these upgrades, though.
Verge’s privacy claims mainly attest to its network anonymity. Tor and I2P are both supported for transactions, aiming to obfuscate IP addresses. Unfortunately, again these claims have been subject to harsh scrutinies, such as reports that IP addresses were not being protected at all despite these supposed features.
Dash currently offers no network privacy features. Similar to Bytecoin, this leaves your network activity vulnerable to examination.
Centralization Threats to Privacy
Masternodes and Rewards
Regardless of what any particular privacy features a coin offers, people often overlook how and who delivers these features. Even though, they can completely undermine the desired anonymity.
Such is the case with Dash. Its PrivateSend mixing service can only be performed by masternodes. Unlike with other privacy coins, privacy depends on the goodwill and trust of another party. There is little to no way that any user of the Dash network can verify whether a masternode has effectively mixed their coins.
Dash’s PrivateSend problem is potentially made worse because of its susceptibility to malicious actors. There is nothing to stop a government, or any other entity operating masternodes from being able to identify addresses attempting to obfuscate their transactions. If the feature was instead built into the Dash protocol and trustless, as with CoinJoin, then it would be far superior for private uses. As it is, you should be cautious using Dash for purposes that require high-level or even moderate anonymity.
Trusted vs. Trustless
Fortunately, neither Bytecoin, Verge, or PIVX have this problem.
The CryptoNote protocol that Bytecoin uses doesn’t require trust other than in the open-source code itself. The protocol has been around for several years and is well-reviewed and researched.
Verge, likewise, has no direct reliance on trust. Although, the gap between its promises and what it delivers is debatable.
PIVX’s setup is more nuanced. zPiv accumulators, which are responsible for ensuring privacy, are encrypted through RSA-2048 challenge keys. Technically this is not trustless. Although, according to the team, the hard drive that stored the generated factors was destroyed 25 years ago, and the PIVX team does not know them.
This, though, is as a much an assumption as a fact. So, as it stands, you cannot have total confidence in the setup. Fortunately, if the keys were compromised this would undermine coin creation rather than privacy. What is more, the developer team is planning on migrating to a fully trustless setup through the integration of Bulletproofs, which are currently in their testing phase.
Of all these coins, PIVX seemingly offers the highest level of privacy for users right now. This is on account of its high-level of blockchain and network-level anonymity. It also has an active development team and promising roadmap, both of which place privacy as the number one concern.
The same cannot be said for either Verge or Dash. Verge’s privacy claims are both contentious and difficult to corroborate with very little obfuscation at the blockchain level. Whereas, Dash’s single privacy feature is potentially undermined by its dependence on masternode trust.
Bytecoin is a worthy runner-up to PIVX, with its adherence to the well-tested CryptoNote protocol. Although, little development is scheduled in the way of privacy. All things considered, you would be wise to stay hesitant of both Dash and Verge for any privacy demanding purposes.