Roughly $13 billion is afloat in the privacy coin market, but are holders of these tokens really getting what they’re paying for? That depends. If they’re of the mind that all they have to do is to denominate transactions in Monero or Zcash and nobody could ever trace their path or hack their accounts, then no. If they fully understand that buying and selling with privacy coins is one necessary component – but not the one only component – of a completely anonymous transaction, then yes.
Fortunately, a project called Pirate Chain is seeking to fix the issue. The collaborators behind Pirate Chains know they can’t do it simply by changing minds. Minds and behaviors don’t necessarily change just because new information is provided.
Instead, Pirate Chain takes the tack of changing the environment. It starts at the protocol level, where all transactions are encrypted using Zero-Knowledge Succinct Non-interactive Arguments of Knowledge, or zk-SNARKs. These prove possession of certain information without revealing that information, and without any interaction between the prover and verifier.
But encryption shouldn’t end there. The goal is for the transaction’s entire ecosystem to be private. Only then is the transaction assured of privacy without further thought or action.
Putting the ‘wall’ in ‘wallet’
From the holder’s perspective, the face of any privacy coin isn’t the code; it’s the wallet. Pirate Chain has four different ones on offer.
Treasure Chest uses multiple types of encryption, according to Draeth, the pseudonym of Pirate Chain’s captain (what less decentralized companies would call their CEO). Draeth goes on to note that Pirate Chain’s coin, which trades under the ticker symbol ARRR, provides encryption that goes beyond other crypto projects – including many privacy coins, which only encrypt the private spending keys contained within a wallet.
Treasure Chest encrypts all wallet records, including all spending keys, all viewing keys, all key metadata, all transactions and all other data that can provide any information to an unauthorized user, he says.
Pirate Chain’s Lite wallet and its Android-ready Skull Island wallet both use standard SSL/https encryption to connect to a web server, but then add the Rust crate from the sodiumoxide toolkit to encrypt the local wallet files. This solution enhances security while improving usability and speed.
SSL/https is a good place to start, though. To accept ARRR as payment, that’s all an ecommerce site needs.
Standard SSL/https is sufficient for web transactions of many denominations and credit cards across multiple countries, Draeth says. Accepting ARRR over the web only requires exposing a public address of the recipient to the buyer. Even if a malicious attacker were to compromise the SSL/https of the merchant, they still wouldn’t be able to determine the transaction used to make the purchase or any of the spending/viewing keys of the parties involved.
Skull Island, which was specifically designed for the mobile device market, has some additional application data stored outside of the wallet. These are encrypted using AES-256, which is what the National Security Agency uses when it needs to share top-secret information with civilians.
For clients who bring their own privacy protocols, though, Pirate Chain can provide its Paper wallet, which has no encryption functionality.
A nod to node-to-node
Of course, the main stock-in-trade remains privacy in flight, or node-to-node encryption. This refers to the peer-to-peer traffic between programs within the network, called full nodes, which fully validate transactions and blocks.
Treasure Chest is a native full-node wallet based on the Bitcoin-Qt user interface. It directly connects to other full nodes and performs all of the same chain and transactions validations that any full node would. The communication between nodes has recently been upgraded to support a wider variety of encrypted connections.
But let’s not ignore one key distinction for privacy coin issuers and their holders: that between privacy and security.
Pirate Chain has the same level of security as Zcash from which it forked, according to Draeth. We use the same sapling implementation that is currently active on their network. We don’t claim to be more secure, we are more private. Pirate Chain has made the choice to enforce privacy by removing the ability to use transparent addresses except for Coinbase transactions. This prevents companies like CipherTrace from using chain analytics to deanonymize our transactions.
Pirate Chain, which now has a market cap of around $250 million, changed the game by adopting zk-SNARKs as the default rather than an option, so that virtually all transactions would be shielded from such deanonymization. It’s not done innovating, though. Over the coming months, for example, the team anticipates integrating with AtomicDEX, an open-source atomic swap protocol built on the Komodo DeFi Engine.