Loading...


Bitcoin 2 Zerocoin (zBTC2) Technical Paper

Last updated March 5 2018

Bitcoin 2 OVERVIEW

Bitcoin 2 is a Bitcoin-based community-centric cryptocurrency with a focus on decentralization, privacy, speed, scalability and real-world use. It utilizes an energy efficient Proof of Stake protocol and a second-tier Masternode network to handle transactions that confirm in a second.

Bitcoin 2 is continuously striving to achieve instantaneous private transactions, and fungibility in order to remain as one of the most advanced cryptocurrencies.

In layman’s term, Bitcoin 2 is basically a form of online digital money that can be easily transferred all around the world in a blink of an eye with nearly non-existent transaction fees. You can convert your money into Bitcoin 2 and just hold to earn rewards similar to interest, trade on an exchange to buy other digital currencies or buy goods or services online and offline where it is accepted.

It is not owned or governed by any single person or organization and its network is secured by nodes all around the world by its users.

The goal of Bitcoin 2 is to be an advanced digital currency that is fast, secure, decentralized & private.

CRYPTOCURRENCY TRANSACTION PRIVACY

Most common cryptocurrencies such as Bitcoin have a well known public ledger system where all transactions are visible and traceable through its block explorer. This results in everyone having the ability to see all associated transactions and balances but more importantly its associated addresses as well. This means that the history of its previous address owner is now visible through your own address once the coins have traversed through the blockchain and end up in your own wallet address.

An address may seem like it is fully anonymous but if you made a transaction with an address that is generated by the exchanges and/or other merchant services, you have essentially linked your anonymous address with an address that may lead to your identity.

Such transparency may not always be an issue. But it could become a serious problem if the coin that you hold was once associated with an undesirable history or if your address was being targeted by potential thieves.

For example, coin you received was from an address owned by a person or organization that has been conducting illegal activities and was being monitored and tracked by governing authorities. This now means that you may be questioned on your relationship to the previous owner of those coins that you now possess even though you received them legitimately and without knowledge. This could also mean that the coins with such history may be deemed less valuable, resulting in reduced fungibility.

OUR SOLUTION = ZEROCOIN PROTOCOL (zBTC2)

To overcome this issue, Bitcoin 2 has implemented a well known highly-vetted protocol called Zerocoin with many custom enhancements allowing blockchain-level transaction anonymity in the way of unlinkability.

We call this zBTC2, where BTC2 is a unit of Bitcoin 2 and z prefix is for Zerocoin.

What zBTC2 provides is a protocol-level coin mixing service using zero knowledge proofs to sever the link between the sender and the receiver with 100% anonymity and untraceability. This means that each coin that gets sent using zBTC2 is now 100% fungible as it has no determinable history attached to them.

The use of zBTC2 also means your balance can be masked to avoid being targeted by potential thieves. This is a very unique feature that nearly no other cryptocurrency currently in the market possesses.

Bitcoin 2 zBTC2 accumulators are encrypted using RSA-2048[1] challenge generated keys which negates the need for a developer trusted setup and means that no individual knows the factors. This means that everyone’s privacy is ensured through the use of zBTC2.

UNIQUE FACTOR

Based on the original libzerocoin public repository that was created by academic cryptographers, with additions made by the PIVX and Bitcoin 2 development teams.

Original Zerocoin Whitepaper: https://isi.jhu.edu/~mgreen/ZerocoinOakland.pdf

Unlike most other cryptocurrencies that currently utilize a zerocoin-based protocol, Bitcoin 2 zBTC2 utilizes a very efficient accumulator checkpointing system which allows the zBTC2 spend process to utilize checkpoints that contains all mints that were made prior to the zBTC2 mint being spent, as well as a user selected amount of zBTC2 mints beyond the checkpoint. This allows for a large pool of coins in the accumulator while still having much smaller computation requirements. Bitcoin 2’s zBTC2 implementation yields minimal resource consumption and makes zBTC2 transactions one of the fastest private transfers in the market today.

Bitcoin 2 zBTC2 TECHNICAL ADVANTAGES

  1. Smaller spend transaction sizes by an average of 25% over any other current implementation in a production environment (further optimization in the works)
  2. Fast verification and network sync performance
  3. Direct spend of zBTC2 to a Bitcoin 2 address
  4. Multiple Zerocoin denomination spends is possible in a single transaction. Up to 17.
  5. Ability to spend exact amounts and issue the remaining change to either a Bitcoin 2 address or more zBTC2.

REAL LIFE BENEFITS OF USING zBTC2

  1. zBTC2 can hide your coin balance from prying eyes protecting you from being targeted.
  2. So your zBTC2 balance isn’t linked to any particular address.
  3. zBTC2 can hide the transaction history of the coins being sent.
  4. Source & target addresses aren’t visible making it private, safe & fungible.
  5. zBTC2 anonymous transactions are very fast.
  6. It takes as little as 0.5 seconds to mint and 2.5 seconds to spend zBTC2.
  7. Automatic conversion to zBTC2 is disabled by default, but can be turned on if wanted.
  8. It means that you can always send a fully transparent transaction when required.

HOW ANONYMITY IS ACHIEVED

  1. Mint (convert) your BTC2 into zBTC2 denominations.
  2. Spend (send) your zBTC2 as BTC2 to any internal or external Bitcoin 2 address

Essentially the zerocoin protocol pools combine all the zBTC2 that people have converted (minted) from their BTC2 balance into set denominations and uses them to send when a spend is initiated. Keep in mind that the pooling does not mean that everyone’s zBTC2 is stored in a centralized location. Rather, the public ledger (decentralized blockchain) keeps track of how many zBTC2s have been created and the amounts are displayed by the Bitcoin 2 Core Wallet

When you want to send (spent) some zBTC2 amount to a Bitcoin 2 address, your wallet sends a zero-knowledge proof to the blockchain that allows the zBTC2 to be converted back to BTC2 and sent to the target address all in a single step.

Since zBTC2 spending creates brand new coins if a spender can provide zero-knowledge proof that he/she has coins in the accumulated pool (accumulator), the coin’s transaction history from its previously associated addresses become unlinked and thus results in an untraceable transaction.

Finally, a simple analogy. Think of zBTC2 as casino chips. You give your 100 dollar bill (i.e. BTC2) to the cashier and you get some 1x$10, 2x$20, 1x$50 dollar chips (i.e. zBTC2). This means that you no longer own that particular 100 dollar bill you exchanged and instead have “proof” that you still own $100. Now when you need 50 dollars of it back as fiat (BTC2), you give your chips (zBTC2) back to the cashier and the cashier delivers a brand new uncirculated 50 dollar bill to a recipient of your choosing.

zBTC2 Minting & Spending Process

In this example, Jack wants to send BTC2 to Jane using the Zerocoin protocol to anonymize the transaction.

Step by step Minting Process

  1. Jack initiates a request to mint 960 zBTC2.
  2. Zerocoin Protocol converts Jack’s 960 BTC2 to the equivalent amount of zBTC2, using the largest available zBTC2 denominations.
    1. Behind the scenes, Jack has been given secret knowledge proving ownership of this mint (a unique serial number that is used by Zerocoin Protocol to track ownership of specific zBTC2 denomination amounts).
  3. Jack’s balance is updated accordingly
    1. With a 960 decrease in BTC2, and a 960 increase in zBTC2.
    2. Jack also sees that the 960 zBTC2 is comprised of the following denominations that have been added: 1x 500 zBTC2, 4x 100 zBTC2, 3x 20 zBTC2.

Step by step Spending Process

  1. Jack initiates a send of the 960 zBTC2 to Jane’s Bitcoin 2 address.
  2. Zerocoin Protocol receives and validates Jack’s secret knowledge that proves ownership. Once used, the original minted balance cannot be re-spent.
  3. Zerocoin Protocol creates 960 BTC2 at Jane’s Bitcoin 2 address.
    1. Jane receives 960 BTC2 from an anonymous sender.
    2. Jack’s balance is updated accordingly — with a 960 decrease in zBTC2.

Denominations Explanation

To improve its transaction efficiency while retaining a high level of complexity, Bitcoin 2 has implemented a set of common denominators for the coin (BTC2) amounts that gets converted into a pool of coins as zBTC2. (Much like the casino chips example above.)

The denominations used by zBTC2 are: 0.05, 0.20, 1, 5, 20, 100, 500 and 2000. Using this set of denominations provides a good balance of simplicity, usability, and security. The ultimate way to reduce traceability would only use 1 denomination (i.e 1 zBTC2), however, it is not very practical to do that, as large transactions would require a huge amount of coins.

Using a very large set could potentially increase traceability to an insecure level, thus it was settled on a set of 8 possible coin denominations. This set is seen as a ‘sweet’ spot since it neither includes coins that are considered as too low or too high in a denomination. As the value of BTC2 changes, it’s conceivable that we will extend or change this set to meet users needs.

When you spend your zBTC2, you will simply have a proof that you have a coin of that denomination which includes other zBTC2 mints of that denomination.

This means that all zBTC2 redemption will be made in whole denominations (with change being issued for remaining amounts) thus making it near impossible to match before zBTC2 and after zBTC2 amount from 2 different addresses while there are many other identical zBTC2 to BTC2 transaction amounts being made.

Denomination Logic

When minting (converting) or spending (sending) zBTC2, each algorithm will automatically determine the denominations used.

When spending (sending) zBTC2 to a Bitcoin 2 address, following algorithm will automatically determine the denominations used from the user’s

1). If you have the exact amount then start with largest possible denomination and go down until you reach the total

2) Otherwise : Minimize Spends (a) find the next denomination higher than the spend amount (if possible) and use that if available, (b) if not available start with the larger denominations and go down until you reach an amount just over what is needed

3) Or: Minimize Change. If not exact, try to find the amount above what is needed that minimizes how many coins you receive in change

Auto Minting

The privacy of zBTC2 becomes more effective when there are more of each denomination minted from many different sources. So to ensure its effectiveness, Bitcoin 2 wallet has an optional feature to auto mint (convert) a configurable amount of BTC2 from the wallet’s balance into zBTC2 without the need to manually convert.

Automint starts when the wallet/daemon is started, the wallet is unlocked (either fully or staking only) and the blockchain is synced. This means that if your wallet is encrypted and locked, the auto-mint feature will not engage. When the wallet is unlocked, it will still not touch any UTXO that are locked such as those that are used as collateral for masternodes.

– default percentage: 10%. Can be changed via GUI or via command-line option `-zeromintpercentage=<n>` or bitcoin2.conf `zeromintpercentage=<n>`must not be less than 10%.

– default state: Disabled. Can be activated (e.g. for exchanges) via command-line option `-enablezeromint=1` or bitcoin2.conf `enablezeromint=0` or in the options menu.

User can now configure a preferred denomination for Automint via UI, command-line option `-preferredDenom=<n>` or bitcoin2.conf `preferredDenom=<n>` <n> is either one of the available denominations in cents `5/20/100/500/1000/5000/10000/50000/200000` or `0` (means no preference at all and let Automint do whatever it wants).

If there are not enough coins available for the preferred denomination Automint waits until there are enough coins available.

With each incoming new block, it does:

  1. Check how much mintable coins are available.
    1. This excludes immature coins and locked coins (e.g. from masternodes)
  2. Check how much Zerocoin/zBTC2 is available
  3. Check if the percentage is below the target percentage

If the percentage is below the target percentage, it does:

  1. Calculate how many BTC2 needs to be converted to zBTC2, e.g. 1005
  2. Use the next smaller denomination (here 500 BTC2) and mints 500 zBTC2
  3. Rinse and repeat until enough zBTC2 are minted.

In the example above the first incoming block would trigger minting 500 zBTC2, the next one again 500 zBTC2 and the third one 5 zBTC2 (assuming that no new incoming BTC2 change the base amount of available BTC2).

The reason to use the next smaller denomination, and to only use one denomination per block is performance, exact denominations do not need to be broken down into exact denominations obviously, and one single mint can be done in a reasonable time.

Exception: if a large amount of BTC2 needs to be minted, we use NOT our biggest denomination of 2000 BTC2 but instead mint one of each denomination to have a more even distributions of available denominations.

Spend Security Level

When spending zBTC2 denominations, a user is prompted to enter a Security Level choosing from 1-100. In an indirect way, the Security Level parameter allows the user to choose how many coins to obfuscate their transaction with.

A Security Level of 1, for example, would take all of the minted coins in the blockchain before your mint was added to the blockchain, and would then add any coins that were minted within the next 10 blocks as well. A Security Level of 2 would do the same thing, except add the next 20 blocks worth of mints. A Security Level of 100 will add the maximum amount of mints up to the current end of the blockchain.

The higher the Security Level, the more computation and time it will take to spend. Although it takes longer, a level of 100 is recommended for transactions that need maximum anonymity.

Handling of Change

As zBTC2 is made up of fixed denominations, there will be times when the amount needed to be spent cannot be made up by existing denominations. For example, if you have a single 2000 zBTC2 denomination but you want to send 1985 BTC2 to an address, there will be a difference of 15 BTC2 that will be received back as change. This change can compromise the privacy of the transaction as it can lead back to your existing address if you mistakenly mix your change back in with your other Bitcoin 2 addresses.

In order to prevent this, there are 2 methods that can be used. First option is the use of the built-in feature that automatically converts the change back into zBTC2. This will spend the zBTC2 into the required amount of BTC2 to the target address, then mint the remaining change of BTC2 back into zBTC2. This is the most convenient method. However, the amount of change that is not convertible to a denomination (the lowest denomination available is 0.05) will be converted to a fee.

The second option is to issue change to a standard Bitcoin 2 address, which leaves you up to handling the segregation of that BTC2 from your day-to-day BTC2 balance. This option can lead to mistakes and is not recommended if anonymity is important for the transaction.

zBTC2 Data Integrity

Every minted zBTC2 denomination is associated with a unique serial number that is stored in the local wallet.dat and not on the blockchain. This means that when a new zBTC2 denomination is minted, the wallet.dat should be backed up as the previous backup will not have the serial numbers for the newly minted zBTC2 denominations.

The serial number and other essential zBTC2 data are committed to the database (wallet.dat) before the transaction is completed and broadcasted to the network. This minimizes the risk of losing your freshly minted zBTC2 denominations during an unexpected event during the minting of zBTC2, such as a PC crash or internet connectivity issues.

Due to its local database design, it is imperative that your wallet is backed up after every new zBTC2 mint to ensure that your denomination serial numbers are up to date.

Technical Specs (in Bitcoin 2 Core v2.0)

Key Features: Custom accumulator checkpointing system

Accumulator Encryption: RSA-2048

zBTC2 Denominators: 0.05, 0.2, 1, 5, 20, 100, 500, 2000

Mint time: >= 0.5 seconds
Spend time: >= 2.5 seconds

Maximum single Spend limit: 34,000 BTC2

Maximum single Spend denomination count limit: 17

Maximum block size: 4 MB

Fees (mint): 0.001 BTC2 per minted zBTC2 denomination.

Fees (spend): No fee to spend zBTC2 back to BTC2. (In other words no fee to send zBTC2.)

Minimum BTC2 confirmation count required to mint zBTC2: 6

Minimum zBTC2 confirmation count required before spend: 20

Maturity requirement before zBTC2 can be spent: 1 new identical denomination mint added to accumulator after yours is added.

REFERENCES

[1] https://en.wikipedia.org/wiki/RSA-2048