...snip...
"Anonymous Bitcoins" is a complete contradiction in terms ...
Bitcoins are pseudonymous only. The entire bitcoin ledger is public.
Using a mixer for transactions only provides plausible deniability and/or obfuscation at best.
Monero provides reasonable anonymity and Zcash (z-addr) transactions have strong privacy.
Monero provided good anonymity and privacy but Zcash transaction dont have strong privacy as people thought and
chain analysis have proof that
Zcash’s shielded pools can provide stronger privacy than mixing transactions but shielding is not bulletproof
Zcash has much stronger privacy than people think, as always people don't read the manual ... perhaps Zcash should carry a similar warning to the Tor software itself ...
"[notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning"z-addr > z-addr = private.
Don't allow your t-addr > z-addr inputs to 'match' with your z-addr > t-addr outputs.
Where possible insist on z-addr > z-addr transactions.
Do keep your Zcash in a cold storage z-addr.
You can think of t-addr as HTTP and z-addr as HTTPS.
Chain analysis is now much, much harder.
Bitcoin is currently only HTTP in this regard.
Zooko and company are some of the very best folks in crypto. Even the real satoshi told us that zero-knowledge-proofs were hard to implement ...
This is a very interesting topic. If a solution was found, a much better, easier, more convenient implementation of Bitcoin would be possible.
Originally, a coin can be just a chain of signatures. With a timestamp service, the old ones could be dropped eventually before there's too much backtrace fan-out, or coins could be kept individually or in denominations. It's the need to check for the absence of double-spends that requires global knowledge of all transactions.
The challenge is, how do you prove that no other spends exist? It seems a node must know about all transactions to be able to verify that. If it only knows the hash of the in/outpoints, it can't check the signatures to see if an outpoint has been spent before. Do you have any ideas on this?
It's hard to think of how to apply zero-knowledge-proofs in this case.
We're trying to prove the absence of something, which seems to require knowing about all and checking that the something isn't included.
...
DASH is just a glorified on-chain mixer, its also more akin to money laundering through intentional obfuscation.
It might actually be more
anonymous to use Coinjoin (Wasabi) and a Bitcoin Mixer ... than DASH.
...
Monero and Zcash are currently the best privacy coins.