15. Green, M.D. and Miers, I. Bolt: Anonymous payment
channels for decentralized currencies. IACR
Cryptology ePrint Archive, 2016, 701.
16. Heilman, E., Baldimtsi, F., Alshenibr, L., Scafuro, A.
and Goldberg, S. TumbleBit: An untrusted tumbler
for Bitcoin-compatible anonymous payments. In
Proceedings of NDSS, 2017.
17. Hileman, G. and Rauchs, M. Global cryptocurrency
benchmarking study. Cambridge Centre for Alternative
Finance Global Cryptocurrency Benchmarking Study, 2017.
18. Juels A., Kosba, A. E., and Shi, E. The ring of Gyges:
Investigating the future of criminal smart contracts.
In Proceedings of ACM CCS, 2016, 283–295.
19. Kosba, A.E., Miller, A., Shi, E, Wen, Z., and
Papamanthou, C. Hawk: The blockchain model of
cryptography and privacy-preserving smart contracts.
In Proceedings of IEEE SP, 2016, 839–858.
20. Maxwell, G. CoinJoin: Bitcoin privacy for the real
world. bitcointalk.org, Aug. 2013.
21. Maxwell, G. CoinSwap: Transaction graph disjoint
trustless trading. bitcointalk.org, Oct. 2013.
22. Meiklejohn, S. and Orlandi, C. Privacy-enhancing
overlays in Bitcoin. In Proceedings of FC Workshops,
BI TCOIN, WAHC, and Wearable, 2015, 127–141.
23. Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko,
K., McCoy, D., Voelker, G. M., and Savage, S. A fistful of
Bitcoins: Characterizing payments among men with
no names. In Proceedings of IMC, 2013, 127–140.
24. Merkle, R.C. A certified digital signature. In
Proceedings of CRYPTO ’ 89, 218–238.
25. Miers, I., Garman, C., Green, M., and Rubin, A.D.
Zerocoin: Anonymous distributed e-cash from Bitcoin.
In Proceedings of IEEE SP, 2013, 397–411.
26. Moreno-Sanchez, P., Kate, A., Maffei, M., and Pecina,
K. Privacy preserving payments in credit networks:
Enabling trust with privacy in online marketplaces. In
Proceedings of NDSS, 2015.
27. Möser, M. An Inquiry into Money Laundering Tools
in the Bitcoin Ecosystem. In IEEE 2013 eCrime
28. Nakamoto, S. Bitcoin: A Peer-to-Peer Electronic Cash
System, 2008; http://bitcoin.org/bitcoin.pdf.
29. Noether, S., Mackenzie, A., and the Monero Research
Lab. Ring confidential transactions. Ledger 1 (2016)
30. Reid, F. and Harrigan, M. An analysis of anonymity in
the Bitcoin system. In Proceedings of IEEE PASSAT
and SocialCom, 2011, 1318–1326.
31. Ron, D. and Shamir, A. Quantitative analysis of the
full Bitcoin transaction graph. In Proceedings of FC
32. Ruffing, T. and Moreno-Sanchez, P. Mixing confidential
transactions: Comprehensive transaction privacy for
bitcoin. IACR Cryptology ePrint Archive, 2017, 238.
33. Ruffing, T., Moreno-Sanchez, P., and Kate, A.
CoinShuffle: Practical decentralized coin mixing for
Bitcoin. In Proceedings of ESORICS, 2014.
34. Ruffing, T., Moreno-Sanchez, P., and Kate, A. P2P
mixing and unlinkable Bitcoin transactions. In
Proceedings of NDSS, 2017.
35. Sahai, A. Non-malleable non-interactive zero
knowledge and adaptive chosen ciphertext security.
In Proceedings of FOCS ’ 99, 543–553.
36. Sweeney, L. k-Anonymity: A model for protecting
privacy. Intern. J. Uncertainty, Fuzziness and
Knowledge-Based Systems 10, 5 (2002), 557–570.
37. Valenta, L. and Rowan, B. Blindcoin: Blinded,
accountable mixes for Bitcoin. In Proceedings of the
2015 FC International Workshops, BI TCOIN, WAHC,
and Wearable, 112–126.
38. van Saberhagen, N. CryptoNote v 2.0; https://
39. Ziegeldorf, J. H., Grossmann, F., Henze, M., Inden, N.,
and Wehrle, K. CoinParty: Secure multi-party mixing
of Bitcoins. CODASPY (2015), 75–86.
Daniel Genkin ( email@example.com) is a postdoctoral
researcher at the University of Pennsylvania, Philadelphia,
and the University of Maryland, College Park, MD, USA.
Dimitrios Papadopoulos ( firstname.lastname@example.org) is an
assistant professor of computer science and engineering
at Hong Kong University of Science and Technology.
Charalampos Papamanthou ( email@example.com) is an
assistant professor of electrical and computer engineering
at the University of Maryland, College Park, MD, USA.
Copyright held by authors/owners.
Publication rights licensed to ACM. $15.00
may choose to opt for something more
thorough. Moreover, there exist other
approaches for privacy that do not fall
within any of the two categories, for example, private payments in credit networks26 and payment channels. 15,r Next,
we discuss a number of open problems
that arise while trying to design better
Unified formal privacy definition. One
particular issue has to do with the formal treatment of the problem. While
some existing works attempt to provide a
definition of anonymity in the context of
cryptocurrencies (for example, Bonneau8
and Meiklejohn22 for mixers and Ben-Sasson2 and Miers25 for alternative cryptocurrencies), there is no de facto unified privacy definition that would allow
a fair comparison of different proposals
(for example, it is difficult to quantitatively compare the security properties
of Zerocash and Cryptonote if they satisfy different privacy definitions). Due to
the nature and scale of cryptocurrency
implementations, one very robust (but
challenging in formulation) framework
would be that of universal composabili-ty, 10 along the lines of the one introduced
in Kosba19 for private smart contracts.
Strong anonymity with milder sssump-tions. A more concrete problem has to
do with designing cryptocurrencies
that achieve the strong anonymity levels of Zerocash but without the need
for a sensitive trusted setup phase and
without relying on the non-falsifiable
cryptographic assumptions inherent to
zk-SNARKs. The problem becomes even
more important in the context of smart
contracts as Hawk requires a separate
trusted setup process for the generation
of each different contract.
Scalable anonymous cryptocurrencies.
Perhaps the most important challenge
for Bitcoin (and other cryptocurrencies)
is scalability; for any privacy solution to
be widely used in practice, it must not
only protect the users’ anonymity but
also be able to scale to realistic numbers
of users and transactions. For example,
Zerocash2 reports more than 40 seconds
of proving time per transaction and requires approximately 1GB of memory.
Both of these inhibit the potential of
Privacy abuse and stricter policies.
r For detailed presentation, see https://z.cash/
While the goal of this article has been
to provide an overview of techniques
for achieving anonymity in cryptocur-
rencies, it should be noted that increased
user privacy may raise concerns, such
as users participating in illegal ac-
tivities18 or facilitating various cryp-
tographic ransomware.s This in turn
may lead to stricter government regula-
tion of cryptocurrency transactionst and
requests for auditability,u which seems
inherently incompatible with the need
for stronger user anonymity.
This work was supported in part by
NSF awards #1514261 and #1652259,
financial assistance award 70NAN-
B15H328 from the U.S. Department of
Commerce, National Institute of Standards and Technology, the 2017-2018
Rothschild Postdoctoral Fellowship,
and the Defense Advanced Research
Project Agency (DARPA) under Contract #FA8650-16-C-7622.
1. Androulaki, E., Karame, G., Roeschlin, M., Scherer, T.
and Capkun, S. Evaluating user privacy in Bitcoin. In
Proceedings of FC 2013, 34–51.
2. Ben-Sasson, E., Chiesa, A., Garman, C., Green,
M., Miers, I., Tromer, E. and Virza, M. Zerocash:
Decentralized anonymous payments from Bitcoin. In
Proceedings of IEEE SP 2014, 459–474.
3. Biryukov, A. and Khovratovich, D. Equihash:
Asymmetric proof-of-work based on the Generalized
Birthday Problem. In Proceedings of NDSS 2016.
4. Biryukov, A. and Khovratovich, D. and Pustogarov, I.
Deanonymisation of clients in Bitcoin P2P network. In
Proceedings of ACM CCS 2014, 15–29.
5. Biryukov, A. and Pustogarov, I. Bitcoin over Tor
isn’t a Good Idea. In Proceedings of IEEE SP, 2015,
6. Bissias, G.D., Ozisik, A.P., Levine, B.N. and Liberatore,
M. Sybil-resistant mixing for Bitcoin. In Proceedings of
WPES, 2014, 149–158.
7. Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll,
J.A. and Felten, E. W. SoK: Research perspectives
and challenges for Bitcoin and cryptocurrencies. In
Proceedings of IEEE SP, 2015, 104–121.
8. Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll,
J.A. and Felten, E. W. Mixcoin: Anonymity for Bitcoin
with accountable mixes. In Proceedings of FC, 2014,
9. Camenisch, J. and Lysyanskaya, A. Dynamic
accumulators and application to efficient revocation
of anonymous credentials. In Proceedings of CRYPTO,
10. Canetti, R. Universally composable security: A new
paradigm for cryptographic protocols. In Proceedings
of FOCS, 2001, 136–145.
11. Chaum, D. Blind signatures for untraceable payments.
In Proceedings of CRYPTO ’ 82, 199–203.
12. Fujisaki, E. and Suzuki, K. Traceable ring signature. In
Proceedings of PKC, 2007, 181–200.
13. Gennaro, R., Gentry, C., Parno, B. and Raykova,
M. Quadratic span programs and succinct NIZKs
without PCPs. In Proceedings of EUROCRYPT, 2013,
14. Gentry, C. and Wichs, D. Separating succinct
non-interactive arguments from all falsifiable
assumptions. In Proceedings of STOC, 2011, 99–108.