Zcoin Employs Burn-and-Redeem Privacy Model, Offering Alternative to Coinjoins
The project behind privacy coin zcoin is launching the privacy protocol Lelantus on its testnet today. Lelantus allows confidential and anonymous blockchain transactions with short verification times. Using a burn-and-redeem model, users are able to destroy coins of arbitrary amounts and to redeem new coins, such that there is no previous transaction history associated with them.
The burn-and-redeem model is an alternative to other privacy methods such as coinjoins or using other people’s transactions as decoys for possible sources and destinations. Instead, it allows you to destroy your coins and add them to a general pool of all the other coins that other users have destroyed.
“At any time in the future, you can submit a cryptographic proof that proves you destroyed/burnt coins without revealing which coin it was,” said Zcoin Project Steward Reuben Yap in an email. “This proof, once accepted, will allow you to redeem coins that do not have any previous transaction history or linkages.”
Zcoin’s new Lelantus functions
Lelantus uses a one-out-of-many proofs cryptographic concept, which proves that you are one of the many people who burned the coins, without showing which coins you actually burned. It also lets users redeem partial amounts of coin when they want. Previously, users had to redeem the total amount of coin they burned when redeeming.
Yap likens the Lelantus burn-and-redeem model to buying a ticket for a carnival ride. When you go to the turnstile, you just have to show a ticket.
“The ticket acts like a receipt of payment, but it doesn’t have to show that I was the person who paid for it or the exact bank notes that were used to purchase it,” said Yap. “The same principle is applied to the burn-and-redeem model for zcoins. As long as my receipt checks out, I can redeem it for new coins.”
With the Lelantus protocol, and partial redemption, what this means is a 24-hour ticket could be used for a few hours one day, none the next and then the remainder the following day.
“With previous burn-and-redeem systems such as Zerocoin and Sigma, if I burnt a 100 dollar note I had to redeem a 100 dollar note” said Yap. “Lelantus’ main innovation is that I can burn a 100 dollar note and redeem any amount that is smaller without revealing that it even came from the 100 dollar note.”
No trusted setup required for privacy focus
Lelatnus also requires no trusted setup. In cryptographic terms, a trusted setup creates a cryptographic system by generating certain initial parameters which will later be destroyed. It’s called a trusted setup because you must trust the person creating it to destroy said parameters.
Using a trusted setup offers a point of failure and goes against the blockchain motto of “Don’t trust. Verify.”
“A compromised trusted setup in zero-knowledge proofs allows someone to forge the proofs, meaning that coins can be created out of thin air leading to hyperinflation,” said Yap. “In privacy coins where amounts are obscured, such inflation can also remain undetected.”
Lelantus 2.0 to come?
The mainnet launch of Lelantus is currently scheduled in four to six weeks, depending on testnet feedback.
“We’re already working on Lelantus 2.0 or Aura, which allows you to pass the right to redeem to someone else, and the amounts are hidden,” Yap added. “You do not have to redeem the coins yourself, instead you can transfer that right which offers the very highest level of privacy.”
Zcoin was launched in 2016 and is based on the Zerocoin protocol, which used zero-knowledge proofs to protect user transactions. It is not to be confused with Zcash, which is based on the Zerocash paper. While the Zerocoin paper and Zerocash paper have some overlap in authors and use zero-knowledge proofs, they rely on different cryptography, according to Zcoin.