Communications of the ACM

review articles

I M A G E B Y A N D R I J B O R Y S A S S O C I A T E S / S H U T T E R S T O C K

CRYPTOCURRENCIES PROMISE TO revolutionize the financial industry, forever changing the way we transfer money. Instead of relying on a central authority (for example, a government entity or a bank) to issue and manage money, cryptocurrencies rely on the mathematical design and security proofs of the underlying cryptographic protocols. Using cryptography and distributed algorithms, cryptocurrencies offer a fully decentralized setting where no single entity can monitor or block the transfer of funds. Cryptocurrencies have grown from early prototypes to a global phenomenon with millions of participating individuals and institutions. 17

Bitcoin28 was the first such currency launched in 2009 and in the years since has grown to a market capitalization of over $15 billion (as of January 2017). This has led to the emergence of many alternative cryptocurrencies with additional services or different properties as well as to a fruitful line of academic research.

Apart from its other benefits (decentralized
architecture, small transaction fees, among others),
Bitcoin’s design attempts to provide some level
of “pseudonymity” by not directly pub-
lishing the identities of the participat-
ing parities. Every user interacts with
the network by establishing a public
address that acts as a “pseudonymous
identity.” In practice, there is no bound
on the number of addresses a user
can create; therefore there exists no
single address a user can be related
with. However, this pseudonymity is
far from the desired unlinkability prop-
erty in centralized e-cash protocols, 11
where when Alice sends an amount to
Bob, the original source of these funds
cannot be deduced. The reason for this
problem is that in most decentralized
cryptocurrencies all transaction in-
formation (payer and payee address,
amount, among others) is publicly vis-
ible, stored in a distributed data struc-
ture called blockchain (for example, see
www.blockchain.info). Therefore, an
attacker can easily observe how money
flows. This can lead to quite devastat-
ing deanomyization attacks and there-
fore there is a need for cryptocurren-
cies with stronger privacy guarantees.
In this article, we review widely stud-
ied mechanisms for achieving privacy
in blockchain-based cryptocurrencies
such as Bitcoin. We focus on mixing ser-
vices that can be used as a privacy over-
lay on top of a cryptocurrency; and pri-
vacy-preserving alternative coins that,
Privacy in
Decentralized
Cryptocurrencies

DOI: 10.1145/3132696

When it comes to anonymizing cryptocurrencies, one size most definitely does not fit all.

BY DANIEL GENKIN, DIMITRIOS PAPADOPOULOS,
AND CHARALAMPOS PAPAMANTHOU

key insights

˽ While blockchain-based cryptocurrencies like Bitcoin do not directly reveal users' identities, they are often prone to deanonymization attacks. By observing the flow of transactions stored in the public blockchain, third parties can make accurate guesses about the identities of involved individuals.

˽ Existing privacy-enhancing techniques for cryptocurrencies mostly come in two flavors: Mixing overlay protocols that can be executed on top of an existing cryptocurrency to hide the flow of funds among a set of participants, and alternative privacy-preserving cryptocurrencies that use advanced cryptographic techniques to achieve strong user privacy by design.