hush
/
attackingzcash.com
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
attackingzcash.com website
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
132 Commits
1 Branch
0 Tags
5.3 MiB
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
attackingzcash.com/anonset/index.html

249 lines
14 KiB
Raw Permalink Blame History

<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset='utf-8'>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="/assets/css/style.css?v=47bbb5f0c2b88c044894e21dc589cc64b0a99fe4">
<!-- Begin Jekyll SEO tag v2.6.1 -->
<title>Anonymity Sets in Zcash Protocol Cryptocoins | Attacking Zcash For Fun And Profit</title>
<meta name="generator" content="Jekyll v3.8.7-CVE.2020.14001" />
<meta property="og:title" content="Anonymity Sets in Zcash Protocol Cryptocoins" />
<meta property="og:locale" content="en_US" />
<link rel="canonical" href="https://attackingzcash.com/anonset/" />
<meta property="og:url" content="https://attackingzcash.com/anonset/" />
<meta property="og:site_name" content="Attacking Zcash For Fun And Profit" />
<script type="application/ld+json">
{"@type":"WebPage","headline":"Anonymity Sets in Zcash Protocol Cryptocoins","url":"https://attackingzcash.com/anonset/","@context":"https://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>
<body>
<header>
<div class="container">
<a id="a-title" href="/">
<h1>Attacking Zcash</h1>
</a>
<h2></h2>
<section id="downloads">
</section>
</div>
</header>
<div class="container">
<section id="main_content">
<h1 id="anonymity-sets-in-zcash-protocol-cryptocoins">Anonymity Sets in Zcash Protocol Cryptocoins</h1>
<h2 id="tldr">TLDR</h2>
<ul>
<li>We exactly define anonymity sets (anonsets), AKA “shielded pools”</li>
<li>Most/all privacy coins seem unaware of the actual definition</li>
<li><a href="https://hush.is" target="_blank">Hush</a> is currently the only cryptocoin that can calculate anonset in real-time</li>
<li>We show why Hush has the largest anonset size of any privacy coin</li>
<li>Detailed current statistics</li>
</ul>
<h2 id="zcash-privacy-in-5-acts">Zcash Privacy in 5 Acts</h2>
<center>
<a target="_blank" href="sarah-connor-dream-zcash.png?zec=milktoast"><img src="sarah-connor-dream-zcash.png?zec=milktoast" /></a>
</center>
<h2 id="what-is-an-anonymity-set">What is an anonymity set?</h2>
<p>An anonymity set, also called a “shielded pool” in <a href="https://github.com/zcash/zips/blob/master/protocol/protocol.pdf?zec=milktoast" target="_blank">Zcash Protocol</a> is the set of
potential funds that could be part of a transaction. The anonymity set is exactly the feature
which adds privacy to a privacy coin. When a Zcash Protocol transaction is made, and shielded
funds are spent from a shielded address (<a href="https://github.com/MyHush/terminology#zaddr" target="_blank">zaddr</a>), zero-knowledge mathematics is used to spend
the funds without leaking the metadata of <em>which</em> funds are being spent or where they came from.</p>
<p>Cryptocoins with very small anonymity sets seem like they have privacy, but in practice, they are
like a football stadium with only a few dozen people in the seats. All of them are very easy to
identify because there is no “crowd to hide in”. After four years, Zcash mainnet has a very small
anonymity set and because they do not publish correct statistics about it, nor provide tools to
measure it in real-time.</p>
<h2 id="anonymity-sets-of-various-coins">Anonymity sets of various coins</h2>
<p>
According to the latest data which can be seen on <a href="https://explorer.hush.land" target=_blank>explorer.hush.land</a> or verified by running a Hush full node with -zindex=1 ...
</p>
<h1>HUSH Has The Largest Anonset Of Any Privacy Coin!</h1>
<p>
We are very proud of this fact, and worked hard to get here. Here are the exact stats:
</p>
<table>
<tr><th>Rank</th><th>Coin</th><th>Block Height</th><th>Anonset Size</th></tr>
<tr><td>1</td><td>Hush</td><td>784370<td>876786</td></tr>
<tr><td>2</td><td>Pirate</td><td>1748743<td>674749</td></tr>
<tr><td>3</td><td>Zcash</td><td>1404593<td>193593</td></tr>
</table>
<p>NOTE: The above stats only track Sapling anonset data. Pirate has two anonsets (Sprout and Sapling) and Zcash currently has three anonsets (Sprout, Sapling, Orchard) which
hurts each coin, since it's anonset stats are split across different sets. The latest Pirate anonset stats can be seen on <a href=https://anonset.dexstats.info/ target=_blank>anonset.dexstats.info</a>, which
Duke Leto helped design while he still worked on Pirate. Unfortunately this website provides no source code for 3rd parties to verify the numbers, you must trust it on faith.
</p>
<p>
In the past this place was held by <a href="https://pirate.black/?cg=lulz" target="_blank">Pirate</a> (ARRR) but Hush quickly surpassed them because of our Sietch technology.
This is because Sietch gives z2z transactions 8 outputs on average, which means our anonset velocity is much larger. Hush adds to it's anonset at a much greater speed than
Pirate adds to it's anonset. This can also be seen from the fact that the current HUSH mainnet is much younger than Pirate mainnet, but our anonset is <font color=red>29% larger than the Pirate anonset</font>!!! Another
way to look at this is per block. Hush has added, on average, <font color=red>0.8945</font> to it's anonset per block, while Pirate has added only <font color=red>0.3858</font> to it's anonset per block, on average. Pirate's low number is also related to the fact that all early transactions where in the Sprout anonset which is currently locke, unspendable, and trivially distinguishable to a blockchain analyst from their Sapling anonset data. Zcash added just <font color=red>0.1378</font> to it's anonset per block, on average, which is directly related to it spreading out across three anonsets, and possibly a fourth soon.
</p>
<p>Since no other coins can measure theirs in real-time, we implore Zcash, Pirate, Arrow and all Zcash Protocol coins to port the
Hush Shielded Index <code class="language-plaintext highlighter-rouge">-zindex</code> so that we can have industry-wide comparison of our privacy, in real-time. If we cannot
give our users and investors real-time detailed data about our privacy metrics, what kind of technology
are we really creating?</p>
<h2 id="zcash--hush-anonymity-sets">Zcash + Hush Anonymity Sets</h2>
<p>The anonymity set is a <em>set</em>, not a count! <a href="https://twitter.com/jswihart/status/1273022506014834688?zec=milktoast" target="_blank">Josh Swihart, Head of Growth at Zcash Company</a> does not seem to understand
the difference between a daily count of transactions and the current set of privacy.
They are completely different, yet he talks as if they are the same. All graphics
from Swihart and Zcash Company related to transaction counts are <em>NOT</em> anonymity sets counts.
They are transaction counts, which is not related directly to anonsets at all. It’s possible
to have very high transaction counts and very small anonset sizes.</p>
<p>Zcash Company does not seem to understand that the anonset can change with every block, and go up and down.
For instance, if Alice uses 10 shielded spends but creates 2 shielded outputs (the default transcation with change), that transaction
will reduce the size of the anonset by 9, since 10 - 1 = 9. This is what happens on both Zcash and Pirate. But on Hush, we have Sietch,
which gives the default transaction 8 outputs, and so the same transaction would only reduce the Hush anonset size by 1. This is one
of the reasons why Hush has the largest anonset size: We add more outputs than any other coin in an average transaction and we subtract
the least from the anonset in transactions that reduce the anonset size.
</p>
<center>
<a target="_blank" href="zcash-ztxs.png?zec=milktoast"><img src="zcash-ztxs.png?zec=milktoast" width="50%" height="50%" /></a>
</center>
<p>They show graphs of counts monotonically going up, attempting to lie (badly) with statistics.
Additionally, Zcash Company is running test scripts behind the scenes to massage their
incorrectly-defined data. For about 17 months, the blue bars of Sprout shielded transactions have
not increased or decreased noticeably but stay under 0.5% deviation month to month. This is almost
certainly automated software by Zcash Sprout fund owners to increase shielded statistics.</p>
<p>In the 30 days leading up to July 19th 2020, Hush had 40,180 Sapling shielded transactions, just over
the amount Zcash claims, of 38,016. We remind users that Hush was the very first Zcash Protocol coin
to remove the old Sprout addresses, which had a severe <a href="https://hush.is/sapling/?zec=milktoast">inflation bug CVE-2019-7167</a>. Hush has no Sprout transactions
in it’s history and in fact almost all Sprout code has been deleted from the Hush codebase, to reduce
potential attack surface of future bugs. It is the only coin which is able to claim these feats.</p>
<h2 id="anonymity-set-size">Anonymity Set Size</h2>
<p>The <em>size</em> of the anonset is a count, and we can measure it at every block with a very simple
equation:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> size(anonset) = size(outputs) - size(spends)
</code></pre></div></div>
<p>at a given block height <code class="language-plaintext highlighter-rouge">H</code>. It’s good to remember, anonsets are functions of block height!
They go up and down with time. They go up when more outputs are created then inputs spent.
The opposite happens, the anonymity set <em>goes down</em> when more spends are consumed and sent
to a smaller number of outputs. Both of these types of shielded transactions happen normally
in plain Zcash Protocol.</p>
<p>At every block, the Hush full node keeps track of all shielded spends and outputs, so it can
calculate the size of the anonset at any block height. To our knowledge, Hush is the first
cryptocoin to ever have this ability. Additionally, the custom <a href="https://eprint.iacr.org/2020/627?zec=milktoast" target="_blank">Sietch</a> technology
by Hush Developers ensures that no Hush transaction can reduce the size of the anonset. On
Hush mainnet, the size of our anonset can only stay the same, or increase.</p>
<h2 id="hush-details">Hush details</h2>
<p>When the <code class="language-plaintext highlighter-rouge">-zindex</code> CLI argument is enabled, the Shielded Index keeps tracks of many
statistics, two of which are <code class="language-plaintext highlighter-rouge">shielded_spends</code> and <code class="language-plaintext highlighter-rouge">shielded_outputs</code>. This data can
be retrieved via:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> hush-cli getchaintxstats
</code></pre></div></div>
<p>This will return a large amount of <a href="https://gist.github.com/leto/8c02406464d61b43c2e5f0bbd9b8311d" target="_blank">JSON data</a> where the current anonset size will be returned as
<code class="language-plaintext highlighter-rouge">shielded_pool_size</code> and can be verified as the differece between <code class="language-plaintext highlighter-rouge">shielded_outputs</code> and
<code class="language-plaintext highlighter-rouge">shielded_spends</code> .</p>
<h2 id="current-stats">Historical Stats</h2>
<p>As of Hush Block Height 263573 on 19th July 2020:</p>
<ul>
<li>Anonset Size = 93559</li>
<li>Shielded Spends = 38954</li>
<li>Shielded Outputs = 132513</li>
</ul>
<p>What this means, is that every time you do a shielded Hush transaction, it’s “hiding”
in the “anonymity set” of about 100,000 others, which gives us privacy. The larger the
anonset, the more privacy. If our anonset was just a small number, most privacy properties
are lost. It's like "Where's Waldo?". The larger the group he is hiding in, the better his privacy.</p>
<h2 id="comparing-to-monerocryptonote-coins">Comparing to Monero/CryptoNote coins</h2>
<p>The way privacy works in <a href="https://getmonero.org">Monero</a>/<a href="https://cryptonote.org/">CryptoNote</a> coins is different and the way anonymity set
is defined is different. With Monero, about 10 or so “mixins” are added to each transaction,
so that it’s unclear exactly which funds are being spent. So the anonymity set of every Monero
transaction is a different small set of about 10, which constantly changes.</p>
<p>The author believes that Zcash Protocol anonymity sets are stronger, but concedes that Monero
has a much stronger dedication to privacy than Zcash and has better GUI wallets with great UI/UX.</p>
<p>For these reasons, Hush considers Monero to be it’s main competition, as Zcash mainnet is now
supported by Chainanlysis, Elliptic and most likely Ciphertrace.</p>
<h2 id="questions">Questions</h2>
<ul>
<li>Why doesn’t Zcash provide these stats in real-time?</li>
</ul>
<p>The author proposes they realize it would bad for marketing to broadcast how small their anonset is, after four years. This is why Josh Swihart lies with statistics and tells investors whatever they want to hear, including only showing some statistics which
put Zcash in a positive light.</p>
<ul>
<li>Is Josh Swihart commiting financial fraud by knowingly misrepresenting ZEC mainnet statistics?</li>
</ul>
<p>The author believes Electric Coin Company is purposefully misrepresenting numbers, grossly inept, or both.</p>
<h1 id="conclusions">Conclusions</h1>
<p>Zcash investors are being grossly lied to, with cooked statistics that border on outright lies, as well
as lies of omission about how the surveillance tech of ChainAnalysis, Elliptic and Ciphertrace actually work.</p>
<p>Electric Coin Company is part of the Military-Industrial-Surveillance complex, which involves all blockchain
analysis companies and the Law Enforcement/Government entities which pay them like an IT department. If the agency
has an acronym, it is involved. </p>
<p>As proof of this, we have <a href="https://git.hush.is/hush/docs/src/branch/master/notes.md" target="_blank">documented</a> a <a href="https://www.bitchute.com/video/PWXU7D4VV0lB/" target="_blank">video</a> which was deleted from YouTube and describes
how Zcash Company works with these organizations. It is a presentation from ChainAnalysis and Ciphertrace to Law Enforcement agencies, describing their technology for de-anonymizing privacy coins.</p>
</section>
<div>
<section id=footer>
<hr>
<a href="https://hush.is/telegram">Telegram</a> <br/>
Buy/Sell HUSH: <a href="https://safe.trade/trading/hushbtc">SafeTrade</a>
</section>
</div>
</div>
</body>
</html>