Zcoin (XZC)

When Satoshi Nakamoto released the Bitcoin whitepaper, he proved that the double-spending problem could be solved through a distributed payment network. Since then, there has been a large body of digital currency research which allows for significant improvements to be made on top of Bitcoin.

Zcoin has implemented the Zerocoin Protocol, one of the most groundbreaking academic developments in Bitcoin research. The Zerocoin Protocol uses Zero-Knowledge proofs to guarantee complete financial privacy and anonymity.


Where can I buy Zcoin?

Cryptopia: https://www.cryptopia.co.nz/Exchange/?market=XZC_BTC

What will Zcoin’s Founders Reward be used for?

 The Founders Reward will be given to early investors, developers, and Zcoin community members. We also have bounties for various tasks, such as Zcoin core development, web development, graphic design, marketing, ect. If you’d like to help out, please email or message us on Slack.

What is the distribution for Zcoin?

 There will be 21 million Zcoins. Zcoin follows the same halving cycle as Bitcoin (every 4 years). 10% of the total Zcoin supply will be distributed to the Founders Reward as time passes. In the first 4 years, 20% of Zcoins will be distributed to the Founders Reward. In other words, during the first 4 years, 40 Zcoins will go to the miners and 10 Zcoins will go towards the Founders reward. After the first 4 years, the block reward goes completely towards the miners.

What mining algorithm does Zcoin use?

Zcoin uses the ASIC-resistant Lyra2 key derivation function.

Lyra2 is designed for democratic mining, and is currently a very CPU friendly mining algorithm.

The parameters for Lyra2 are as follows:


How can I mine Zcoin here?

Mining from wallet ( Windows ) : https://github.com/zcoinofficial/zcoin/wiki/Mining-on-Windows-10-64bit
Pool mining guide: https://github.com/zcoinofficial/zcoin/wiki/Pool-Mining-Guide

What parameters does Zcoin use for its setup?

Zcoin uses the RSA-2048 number from the RSA factoring challenge. The computer’s hard drive which generated the factors were destroyed over 25 years ago. No factoring solution to the RSA-2048 number has been found for the past 25 years, and it is unlikely to be factored in the next several decades. In the long term, Zcoin would eventually shift to a different cryptographic scheme for its setup parameters.

How does Zcoin compare to other cryptocurrencies with anonymizing properties?

 Bitcoin and preceding alternative cryptocurrencies have attempted to solve this problem through the use of transaction mixers or ring signatures. But in the end of the day, they score very poorly on this metric called the traceability set. The traceability set is a key metric to understanding how private a cryptocurrency is. The traceability set in formerly proposed solutions is limited by the size of the mixing cycle or ring signature. Each mixing cycle or ring signature is limited by the number of transactions per cycle, which is transitively limited by the the block size of the cryptocurrency. Thus, the traceability set in previous attempts at privacy tends to only be a few hundred.

With ZCoin, the traceability set is on a dramatically higher magnitude. Instead of having a traceability set limited to the few hundreds, ZCoin has a traceability set that encompasses all minted coins in the ZCoin system. Thus, the magnitude of the traceability could be in the order of millions, rather than hundreds. So its privacy level is magnitudes higher than all previous cryptocurrency.

The other problem is that tumbling methods are only secure under the assumption of a lack of topological analysis and pre-existing network data, which is an incorrect threat model. As I mentioned earlier, there have been multiple research papers demonstrating that taking a separate network topology like Facebook can be used to de-anonymize a cryptocurrency as long as a long chain of transaction history exists. With all previous cryptocurrencies, a long chain of transactions is publicly viewable on the blockchain and prone to topological analysis.

With ZCoin, this long chain of transaction history simply does not exist, and there is zero information leakage about the sender and receiver of a transaction, so it is not prone to topological analysis and so the link between the sender and receiver disappears.

How do Zero-knowledge cryptographic proofs ensure Zcoin’s anonymity?

 Zcoin’s zero-knowledge proof makes a cryptographic statement. When someone is sent Zerocoin, the person only knows that X amount of money was sent to their wallet. Unlike Bitcoin, there is no other unintended identifying information about the sender and receiver. Zero Knowledge proofs ensure that there is zero information leakage about the sender and receiver of a transaction.

How does blockchain-tracking software work, and why is it so dangerous to anonymity?

 To best understand how blockchain-tracking software works, it helps to view Bitcoin as a kind of financial social network. The same kinds of mechanisms used to break privacy in social networks, by analyzing social network topology, can be used to break privacy in the Bitcoin network. By taking a pre-existing social network like Facebook, we can use that information to generate heuristics about who is transacting with whom on Bitcoin.

There is a relevant research paper that attempted to identify twitter users by using data from flickr. They took the twitter data, and stripped away all identifying information about the user such as name or username. Then, by looking at the social network topology of the anonymized twitter data and comparing it to the flickr data, they found that they could identify one third of twitter users, even though the twitter data was anonymized.

This research also applies to Bitcoin. If we take an anonymous network such as Bitcoin, and use data from a social network from Facebook, we can use topological analysis to identify a lot of users.


  1. I would really appreciate it if you would also review my profile!

Leave a comment