Andy Greenberg Forbes Staff
When a group of cryptographers launched Zerocoin last year, they hoped their cryptography project could upgrade Bitcoin to be as anonymous as its most privacy-focused users have always wanted it to be. Now, after six months of waiting in vain for their code to be adopted by the Bitcoin community, they’re taking a bolder approach: Creating their own cryptocurrency, with privacy baked in from the start.
At the Real World Crypto conference Monday in New York, Johns Hopkins cryptography professor Matthew Green announced the next phase in the evolution of Zerocoin: creating an alternative cryptocurrency with an infrastructure independent of Bitcoin. The new coins, which Green says will go into circulation in May in some sort of beta program, will have their own exchange rate with existing currencies, their own “miners” producing new coins, and their own public ledger of transactions known as the “blockchain,” just as Bitcoin does. But unlike Bitcoin, Zerocoin is designed to be spent and received without revealing any trace of a user’s identities.
That’s a very different strategy from Zerocoin’s ambitions when it launched in May of last year as an attempt to integrate anonymity features to Bitcoin’s code. “We were kind of naive, and we’ve realized that putting this new technology into Bitcoin is not going to happen,” says Green. “That’s kind of liberating, because now we don’t have to worry about being friendly with Bitcoin’s technology. We can change it however we want.”That new freedom allowed Zerocoin’s coders to take full advantage of a decades-old mathematical scheme called a “zero-knowledge proof,” which makes it possible to prove that a mathematical statement is true without revealing the content of the computation. Thanks to that seemingly magical trick, Zerocoins can act as sealed envelopes of cash that can be combined, split, or spent without either revealing the value of the cash inside those envelopes or their path through the network, all while still protecting against fraud and forgery. “All the balance of Bitcoin is preserved. You can’t create coins out of thin air,” says Green. “But you can do all these merges or splits without ever revealing the value of the coins.”
Green and his collaborators on the Zerocoin project initially hoped that Bitcoin users would upgrade their cryptocurrency’s protocol to include that trick. But they say they soon realized that the cryptocurrency’s core developers as well as the Bitcoin Foundation didn’t want to complicate Bitcoin with new, untested features. Bitcoin’s developers worried, Green says, that Zerocoin would add to the size of the public ledger of Bitcoin transactions known as the blockchain and potentially slow down the network, despite recent mathematical breakthrough in how to accomplish those proofs that made them hundreds of times faster for applications like Zerocoin.
So one element of the Zerocoin coders’ new effort to make it an independent currency is proving that their system works, says Ian Miers, a graduate researcher in cryptography at Johns Hopkins who helped to develop the system. “We’re not trying to circumvent Bitcoin,” Miers says. “This is the means to get Zerocoin battle-tested and proven.”
Aside from technical concerns, the political considerations of making Bitcoin perfectly anonymous may have also been too controversial for many of Bitcoin’s most influential supporters. Even in its current, less-than-perfectly anonymous form, after all, the cryptocurrency is already used by hackers, money launderers, and online black markets like the recently reborn Silk Road drug marketplace. “Adding anonymity might have been a politically unwise move for Bitcoin developers,” says Green, noting that the cryptocurrency has just started to be accepted by lawmakers and financial regulators, who took a mostly-positive approach to Bitcoin in recent congressional hearings. “They’re just starting to get respect from congress and regulators,” says Green,”and this might have thrown it all away.”
That effort among Bitcoin Foundation members to make Bitcoin acceptable to governments that fear a fully-anonymous currency has caused a recent split in the Bitcoin community. One group of anarchists known as Unsystem, for instance, casts itself in opposition to the Foundation’s mainstream approach and has started work on a Bitcoin client called Dark Wallet, which they say will anonymize a user’s bitcoins at the click of a button.
Green says that Zerocoin’s approach will be much more rigorous than current efforts to “mix” or “launder” Bitcoins. But before it can enable anonymous transactions, it will have to grow in value enough to be a viable currency–a feat that most of the dozens of existing alternate cryptocurrencies have failed to pull off.
But Green says he was inspired by the rise in value of the new cryptocurrency Dogecoin–a mostly-frivolous creation based on the “Doge” dog-picture meme. In just the last months, Dogecoin has achieved a per-coin value of around 3.3.% of a cent, despite having no real value beyond Bitcoin other than humor. Zerocoin’s privacy properties, Green argues, could make it far more valuable. “If people will put money into Dogecoin, they’ll put it into anything,” says Green.
In fact, interest in Zerocoin has been growing even without a working anonymous currency in circulation. A Zerocoin exchange website, created by a fan of the group’s work, already exists. And Green says another alternative coin known as Anoncoin has written to him several times about implementing Zerocoin in its currency system.
Green warns that despite that anticipation, initial users should be wary of potential bugs in Zerocoin’s code, and shouldn’t invest serious amounts of real money. But he’s hopeful that Zerocoin will soon be more than an experiment. “We don’t expect to be Satoshi Nakamoto,” Green says, referring to Bitcoin’s pseudonymous creator. “But we’re going to put it out there and hope it has value someday.”