A layman's explanation on how Zerocoin works

This is a legacy article. It may no longer be accurate or up to date.

Most cryptocurrencies including Bitcoin rely on public ledgers. This means that all transactions are public, and the history of a coin can be traced from its inception, and all the transactions that it has been involved in.

Although the ownership of addresses are not known, through advances in statistical analysis and other meta-data (such as IP, time, use of exchanges), researchers have managed to reasonably accurately tie ownership of addresses to a real life identity.

As the blockchain forms a permanent record, they can be endlessly analyzed and once the identity is revealed, all the history of the coin is also tied to the identity.

This can be problematic for example if someone used Bitcoin to do some illegal activity and that particular Bitcoin somehow ended up in your hands, you may be implicated just by virtue of being in possession of that Bitcoin. Furthermore, if you are business or merchant, you may not want competitors to have knowledge of your transactions. With a public and transparent blockchain like Bitcoin's, this may be problematic to achieve.

Some have tried to make it harder to do this by using coin mixers/tumblers. However, this involves trusting that the mixer/tumbler will not steal your money and also is not secretly recording how the coins are being mixed.

Zerocoin technology, which Zcoin uses allows the anonymization of coins that doesn't require you to put your trust in a mixer.

The easiest way to visualize Zerocoin tech is a black box, where everyone who wants to anonymize their coins places their coins in it. When they are ready to spend the coin, they produce a proof that they did place coins in the box, but the proof does not state which coin they placed. The proof could refer to any of the millions of coins in the box, and nobody knows which coin the proof is referring to. The proof simply states that the creator of the proof has placed a coin in the box, without giving any specific information about which coin it is. When other people see this proof, they have no idea who created this proof but are mathematically convinced that it is a valid proof. If the proof is valid, the proof entitles the proof creator to create a new coin with no transaction history and not related to any of the coins in the box, provided that it is of the same value. This means there is no linkage between the deposit transaction into the box and the redemption transaction whereby a coin is taken from the box.

The innovative part of Zerocoin is how this proof is generated where although you deposited the money into the box (and this transaction is recorded in the blockchain), you are somehow able to prove that you deposited into the box, without revealing which 'deposit' transaction was originally yours, hence the term 'zero knowledge proof'.