What’s up n00bs?
Are you using the word “Zerocoin” in your vocabulary, but secretly have no idea what it means? Well, you’re probably not alone…..BUT, have no fear.
We will break this shit down for you.
Let’s dig in…
Alright...some of you won’t like this shit as it can get quite technical, but we will do what we do best, simplify it so even you can understand (jk...we’re sure you’re a smartypants).
Now...the point of the Zerocoin protocol is to provide a method of transferring coin with absolute privacy. If you read our Dandelion explanation then you understand that Bitcoin is pseudonymous - not completely private or anonymous.
Most Zerocoin based projects actually have two coins, Basecoins and Zerocoins. Generally, privacy is merely an OPTION in a user’s wallet. Quite literally this means that you have to intentionally mint Basecoins into Zerocoins, by clicking on a button in your wallet. This can take a few minutes depending on how many coins you have to mint and can be computationally expensive...there is an added cost to spending Zerocoins.
So if you have a project called “PrivacyCoin (PVC)” - an average user will really be concerned with one balance, say 100 PVC. But this 100 PVC might actually be 50 Basecoin PVC and 50 Zerocoin PVC.
There is a process of first, MINTING a Basecoin into a Zerocoin, and then of course, SPENDING those coins you minted, to spend coins as privately as possible.
Let’s explore this process of turning Basecoins into Zerocoins.
First, this minting process begins by burning Basecoins. Once those Basecoins are burned, a serial number is generated which represents the value of those Basecoins. This means that if you burned 10 Basecoins, you have 1 serial number representing 10 Basecoins, or 1 Zerocoin denomination of PVC.
HOLD UP - “why isn’t every coin a zerocoin?” Great question!
Remember we mentioned that this is computationally expensive, there are resources being used for minting and spending Zerocoins. As a matter of fact, Zerocoins are not even really held on the blockchain (we'll save that for another discussion). So...in the cryptography world there is this concept of “accumulators”...without getting into too much detail these accumulators help aggregate functions or duties to be executed periodically, relieving stress from the network. Many coins will have an accumulator of say 10 and 100. This means that every 10 Basecoins, or 100 Basecoins, you can burn them and turn them into Zerocoins. If every single coin was a Zerocoin there would be serious performance and scalability issues.
So...let’s refresh ourselves here. First, you have to mint (or create) Zerocoins, by burning Basecoins, let’s say 10, and then generating this serial number, representing 10 coins.
The user then takes this serial number and cryptographically commits it to the blockchain.
Let’s visualize this cryptographic commitment of the serial number. Pretend that the serial number is a message placed in a lockbox. You go on a public stage and show the lockbox publicly for the audience (network) to see (this is committing it to the blockchain). Keep in mind that your lockbox looks like everyone else’s and no one knows whose box belongs to who. Additionally, only each individual owner can open their own lockbox since they will have the corresponding private key. All that the network knows is that there are a bunch of lockboxes out there that only certain individuals can access. SO...now you have minted your Basecoins into Zerocoins and cryptographically committed that serial number represneing the coins (this is a small explanation for how the “coins” don’t exist on the blockchain, they’re just represented by this serial number).
Next...you want to SPEND these Zerocoins. You don’t want to send Bob your Basecoins, you want to send Zerocoins because this shit needs to be private.
To spend the Zerocoins, you have to first gain access to them (duh)...in other words, gain access to your lockbox. To do this, you must prove to the network that you have the key. Cryptographically, the process of proving that you have the key to the box is done through zero-knowledge proofs. A zero-knowledge proof is a mathematical way to prove to someone that you know something, without showing them anything about it...and furthermore, without enabling them to go and prove to anyone else that you know something. So...you do this, you unlock your lockbox, gain access to your coins and send them to your friend.
Basically, to summarize, the Zerocoin mint and spending action is what allows the network to confirm and verify that the person who spent the Zerocoins must be the same person who minted them, and in the end, the serial number is marked as used.
To onlookers, when you spend these Zerocoins, it looks like a brand new coin, with no history or source address. This allows for 100% unlinkability between the sender and the transaction. It looks like the coins were spent from nothing, out of thin air, since they were simply generated from the serial number and spent. They are not necessarily coming from some public wallet with a long history of transactional data. There is NO transactional data.
Welp...a bit technical, but hope you learned some shit. Be sure to follow us on Twitter if you like learning stuff.
- Mike and Aaron