Why is Monero's Mandatory Privacy Better than the Rest?
There has been a lot of talks lately on how this or that network is "the only truly untraceable cryptocurrency" (I won't link to it, use Google) and how this or that network will "dethrone" Monero and so on.
Such claims are audacious at the very least if not outright lies to lure naive crypto-virgins and scam them for money.
Most "privacy"-oriented cryptocurrencies are barely private (if at all) and no amount of social media marketing (brainwashing) will change that.
The matter of fact is, a privacy system is as private as its weakest link.
Let's have a look at what are important properties of such systems.
Anonymity set size
Anonymity set is a necessary property of a private (or anonymous) system where different participants are indistinguishable from each other.
This set is not a strict boolean but rather a spectrum (more private - less private).
In general, the bigger the anonymity set is, the more private (or anonymous) the system is. On the other hand, with a tiny anonymity set, no amount of privacy (or anonymity) features may protect the system and its users.
To give you an example let's look at a situation where a government compromises all entry and exit nodes of an anonymization network (while encryption remains intact) and how it affects users with two distinct anonymity sets (S1, S2).
The network with the smaller S1 size has 10 users {U1, U10} whereas the network with S2 is 1000x larger {U1, U10000}.
No user can be directly identified because the encryption hasn't been broken but certain users have certain patterns that may repeat over time.
The attacker (e.g. government) analyzes data from entry and exit nodes (including time-analysis) and sees a pattern P1 which describes a situation where every time U1makes the first connection to the network, an "illegal" website W1 is accessed by one of the exit nodes shortly after.
When analyzing the data with S2, the P1 repeats around the time when U1, U12, U365, U1497, and U6578 make the initial connection.
In the case of much larger anonymity set S2, W1 could have been accessed by any of U1, U12, U365, U1497, and U6578. The government has no way of knowing which user is periodically accessing the "illegal" website and needs further resources to dig deeper.
Now the above is not to say that S2 is 100% secure against attackers.
It just shows that having the large anonymity set improves anonymity (and privacy) for all the participants. On the other hand, isolating certain behavior within a small set is considerably easier.
Optional privacy, bad privacy
There are numerous "privacy"-oriented cryptocurrencies and sidechains that try to compete with Monero.
Some of them do a better job than others but they mostly share the same design trade-off (fail) - optional privacy.
Not only the anonymity set size of such systems will almost always be relatively small("Less than 1% of Dash transactions use our optional privacy"), opt-in privacy endangers network participants that choose to protect their identity. More so when they are able to communicate with each other.
To illustrate how dangerous the optional privacy may be (even for those that opted-in) I use Facebook chat as an example.
Facebook has had end-to-end encryption for their Messenger mobile app for more than a year now. Privacy-conscious users can opt-in to use the "Secret" feature and send encrypted messages directly to their friends.
Let's assume Facebook doesn't have any master private keys to decrypt all messages (I doubt so) thus can't see the content of encrypted messages. Two parties that choose to communicate privately are protected.
However, the problem lies with users that don't care about their privacy (nor yours).
It only takes a single plain-text message from such user with keywords such as "marijuana", "boom", "murder" etc and all your previous attempts at using encryption go down the drain.
Facebook will go through these plain-text messages and if it finds it suspicious it will notify police.
In terms of cryptocurrencies, instead of receiving the plain-text message, you may receive tainted coins that could have been used to buy drugs before. It doesn't automatically make you guilty, but it may still be troublesome.
Monero vs Zcash vs Dash
Based on the above premises, let's compare 3 most valued cryptocurrencies that focus on privacy - Monero, Zcash, and Dash.
Monero
Monero's privacy is mandatory.
It uses Ring CT (confidential transactions) to construct a transaction in such way that tx outputs are mixed with similar outputs from the whole TXO (transaction output) set without revealing the amounts to anyone.
TX outputs themselves aren't revealed either as they are just one-time stealth addresses.
The TXO set grows with every tx made which also makes the anonymity set larger.
In the past month, there were 208208 transactions made which results in 6940 txs/day on average. All these transactions are private.
Cryptocurrencies – Hack your way to a better life
My "favorite" payment network is Monero. While I don't find the token economy all that useful (I doubt very strongly that Monero as a cryptocurrency will “go to the moon”), it does have its very interesting uses.
Unlike Litecoin, Dash and Bitcoin Cash, Monero is not based on Bitcoin. You don't directly see addresses or amounts in the Monero blockchain. Each transaction is automatically "mixed" with other transactions. The Monero blockchain also hides the amounts of each transaction.
Zcash
Zcash's privacy is optional.
It uses a fairly new technology called zkSNARKs which is a form of zero-knowledge proofs. It constructs transactions in a way that lets a sender prove that the transaction is valid without revealing any information like amount etc.
In fact, zkSNARKs are so private, that you could even create new coins without anyone noticing if the trusted setup is broken.
The simplest application of a zero-knowledge proof is a public key cryptography.
A prover signs a message M with his private key Q which creates a digital signature S. The verifier then uses the prover's public key Pk to decrypt S and if it matches M, the verifier knows that the prover is in possession of the private key Q without revealing it to the verifier.
Back to numbers. 22567 shielded and 791 fully shielded transactions were made on Zcash last month. That makes up for 778txs/day on average. Thus only ~8% of all txs are private.
Dash
Dash's privacy is optional.
Not only that, Dash is just a CoinJoin with no stealth addresses, no hidden output amounts, and potential centralization issues.
Most Masternodes that take care of output mixing are hosted at huge cloud hosting services that can easily be attacked by governments, logs can be seized etc.
With this information and perhaps a time analysis of each "joins", it may be possible to trace certain transactions.
Just for this reason alone, I believe Dash shouldn't be considered a viable competition to Monero or Zcash.
Despite that, let's look at tx numbers.
Dash's average per day (at the time of the writing) was 13824 transactions (both public and private).
As mentioned earlier, "less than 1% of all transactions were private" which is around 138 private transactions per day.
However, the data is over 1 year old so we can assume the percentage of private transactions grew too.
Since Dash's privacy is opt-in like Zcash's, let's use the same ratio of 8% which makes up for around 1105 txs/day of questionable privacy.
P.S. if you know the actual numbers please let me know in the comments below.
Conclusion
As can be seen from the above, mandatory privacy greatly contributes to the anonymity set size and privacy of a system in general.
Together with specific features, you can get an idea of how well the system protects you.
Based on the features alone, Zcash may look like a winner because zkSNARKs are totally private. But because of the fairly small anonymity set (only 778 txs/day or 8% of all transactions), it may be under certain circumstances much easier to isolate those users from the rest.
Cryptocurrencies – Hack your way to a better life
How Bitcoin, decentralized payment networks, cryptocurrencies and a return to hard, non-inflationary currency will help us change our lives and the world
Dash's privacy is poor by design and comparable to Bitcoin's JoinMarket (when it comes to features) which uses a similar technology to mix outputs. Output addresses and amounts are visible to anyone so Dash isn't very private despite the larger anonymity set than Zcash.
When it comes to Monero, 100% of transactions are private and with ~16000 txs/day on average it seems to be the best choice to protect your financial privacy for now.