We take privacy features to a whole new level

For a cryptocurrency to truly be private, it needs to be able to do each of the things listed below.

Privacy mechanisms

Sapling Zero Knowledge Proofs

Iron Fish

Yes All transactions private with strongest zk-SNARK based privacy mechanism (Sapling)

Yes View key and memo field support for compliance

Yes Full node can be ran entirely in the browser

Yes Future support for custom assets, fully private

Yes Built to be simple — 15s block times, WebRTC based networking layer

Zcash

Yes Pioneered ZKP-based privacy and invented Sapling with the help of world leading cryptographers

Yes Optional privacy (95% of Zcash transactions are not fully shielded)

Yes View key and memo field support for compliance

Ethereum Smart Contracts

Zether, EY's Nightfall, Tornado Cash, and others

Yes Smart contract solutions with ZKPs to provide some privacy

No Linkable in practice

Yes View key and memo field support for compliance

Mimblewimble

Grin, Beam, Tari (upcoming)

No Linkable transactions by design weakens privacy

No Interactive protocol requires both parties to be online to form a transaction (Note: Beam uses a variation that abstracts the interactive nature of Mimblewimble)

Bitcoin Privacy Tools

Mixers, Coinjoin

No Can send to offline recipient

No Slow down the transaction time. Can be expensive

Bitcoin Privacy Tools (Mixers, CoinJoin, etc)

Transacting in Bitcoin is akin to tweeting out your transaction details to the world. From very early on, Bitcoin developers have worked on privacy preserving tools for Bitcoin and came up with concepts of Mixers, CoinJoin, CoinSwap, and many others.

A Mixer (aka tumbler), is used to hide a direct link between a sender and the recipient. If Alice wanted to send 1 bitcoin to Bob, instead of sending it directly, she can instead use a Mixer. A Mixer service will wait to collect such requests from other users, and eventually distribute intended funds to recipients, but not from their original senders.

A Mixer is custodial which means that users must trust the Mixing service to honor a user’s request to send the appropriate amount to the intended recipient, and not keep any records after all the transactions are settled.

CoinJoin is a non-custodial service and works very similarly to a Mixer, but users have to coordinate among themselves to manually execute mixing their transactions together. Wallet services like Wasabi for Bitcoin help with that coordination.

Mixers, CoinJoin, and other such services ultimately do NOT provide strong privacy guarantees. Static analysis can be applied to identify Mixers, tumblers, and even CoinJoin transactions. Multiple research papers have shown using various, and oftentimes simple, techniques that a great majority (>90%) of transactions using a mixer or coinjoin services are identified (source).

Ethereum Smart Contracts (Tornado Cash, etc)

Ethereum does not give any privacy guarantees. However, Ethereum does support smart contracts (arbitrary programs validated on the blockchain) and various projects have created “shielded pool” smart contracts to obfuscate ether (ETH) and other Ethereum assets. Some examples of these are Zether, EY’s Nightfall, and Tornado Cash. These privacy mechanisms vary, but a high level perspective they all work something like this:

A user wanting to obfuscate their funds would first deposit funds into a shielded pool smart contract (e.g. Tornado Cash). They can then move those funds privately within that smart contract to other accounts. The recipient would then withdraw those funds when they’re ready.

(Note that Tornado Cash requires deposits and withdraws to be strictly in set denominations of .1, 1, 10, 100 ETH)

There are several caveats to this design: moving funds inside the privacy preserving smart contract still requires a transaction, and in Ethereum all transactions are public and reveal which address made what action. Even the action of moving funds within the shielded pool smart contract leaks some information. A user also has to remember that if a specific amount (like 1.337 ETH) is deposited and withdrawn, that could potentially link the sender and the recipient.

The bigger flaw however, is that these protocols suffer from being built on top of a fundamentally transparent system where deposits and withdraws must be made public. From a practical standpoint, the overall design for all privacy preserving solutions on top of Ethereum, even those that use zero-knowledge proofs, closely resemble the privacy guarantees of previously mentioned Mixers.

“While mixers, CoinJoins and solutions like Tornado Cash can make tracing funds more difficult, Chainalysis can often still follow funds through them,” Maddie Kennedy from Chainalysis via Coindesk (source)

Ultimately all privacy preserving tools that are built on top of transparent systems like Bitcoin or Ethereum result in transactions that can be linked, traced, and identified.

Confidential Transactions and Ring Signatures (Monero, Mobilecoin)

Privacy coins are projects designed from the ground up to focus on preserving privacy, the oldest being Monero.

Monero

Monero was initially an implementation of the Cryptonote protocol, which had many significant flaws rendering a large majority of its transactions traceable, according to a research paper from Princeton, Carnegie Mellon, Boston University, MIT, and the University of Illinois at Urbana-Champaign (source). Since then, Monero transitioned to rely on Confidential Transactions and Ring Signatures for its main privacy technique (for a detailed description see the Zero to Monero paper).

Despite Monero’s improvements and transition to using Confidential Transactions and Ring Signatures, the protocol is still fundamentally susceptible to deanonymization attacks due to the nature of how Monero works. A Bitcoin transaction directly reveals which UTXO (output) is being spent, while Monero obfuscates that information by mixing in other such outputs and using them as decoys.

Researchers have criticized decoys for privacy guarantees and numerous research and papers have since come out further exploring Monero vulnerabilities (such as this one and this one). Monero vulnerabilities go past being just theoretical —CipherTrace claims to have de-anonymized Monero transactions and IRS gave away over $1M in grants to Chainalysis and Integra FCC to further provide de-anonymization tools for Monero.

Mobilecoin

Mobilecoin a privacy coin that took Mobero’s privacy technique and relies on SGX technology to provide mobile support. Unfortunately, time and time and time again, new SGX vulnerabilities have been discovered, so much so that it can’t be seriously recommended for production use anymore.

Mimblewimble (Grin, Beam)

Grin

Grin is a privacy coin that uses an interactive protocol and Pedersen Commitments to hide transaction details. Since the protocol is interactive, both the sender and the receiver must be online for a transaction to be formed. The protocol also does not natively support public addresses, and so usually the user’s public IP is used as a “wallet address” instead which might reveal the user’s physical location.

Beam

Beam is a privacy coin that also implemented the Mimblewimble protocol, however they modified the protocol to handle pseudo public addresses.

From a privacy standpoint, the biggest flaw is that most outputs and inputs of a Mimblewimble transaction are traceable (similar to how a Bitcoin transaction is traceable). One experiment showed that 96% of Grin transactions can be traced.

Sapling with Zero Knowledge Proofs (Zcash)

The Sapling protocol utilizing Zero-Knowledge Proofs (specifically zk-SNARKs) has the highest privacy guarantees when compared to all other privacy techniques. This protocol allows transactions to have all sensitive data encrypted and completely unlikable.

Zcash is a privacy coin project and predecessor to the Zerocash protocol. In Zcash a transaction can be transparent (identical to a Bitcoin transaction from a privacy preserving perspective) and shielded.

Although the privacy guarantees of the Sapling protocol are very strong, in Zcash less than 5% of all transactions are fully shielded. This is due to Zcash shielded transactions being fairly difficult for a normal user to use, with limited wallet support.

Sapling with Zero Knowledge Proofs (Iron Fish)

Iron Fish is built on top of the Sapling protocol utilizing Zero-Knowledge Proofs (specifically zk-SNARKs). As mentioned earlier, the Sapling protocol has the highest privacy guarantees of all other privacy techniques. To learn more, check out how Iron Fish creates Accounts and Transactions using the Sapling protocol.

In contrast to Zcash, all Iron Fish transactions are fully shielded. Iron Fish always protects the user with a strong focus on usability to make privacy accessible and easy to use.

We believe privacy is a right—offering fully-private payments, with every transaction. We also understand that regulatory compliance is necessary. Every Iron Fish account provides view keys for optional disclosure. Individual transaction details can also be shared with the help of transaction decryption keys.