For all the talk of its anonymity, Bitcoin is, in many ways, very public. Anyone can, at any time, freely peruse the list of every transaction ever made. It’s not necessarily clear who owns each wallet, but once a wallet owner’s identity is disclosed, the facade of anonymity fades very quickly.
There are a few ideas about what to do with this. One solution is Darkcoin, which relies on a feature called “darksend” to ad anonymity – an ad-hoc network of payment mixers, who run what amount to Bitcoin-mixing services. Working together, these nodes form a network of mixers that work in a manner very much analogous to the Tor network, passing payments around to make their origin and destination difficult to detect. In exchange for their services, mixing nodes are allowed to keep a portion of each transaction. This leads to dramatically higher transaction fees, but its users argue that the increase in anonymity is worth it.
So how secure is this scheme? Well, let’s start with the protocol itself: The security muscle behind Darkcoin is a decentralized implementation of CoinJoin, a security solution that is known to be vulnerable to analysis tools. A more serious flaw, though, is that the DarkSend application itself is closed source, making it difficult to determine if there are bugs and if the software really does what it says it does. This caused issues two months ago when DarkSend bugs caused a widespread currency breakdown, necessitating a hard fork. Developers in the cryptography space will tell you that closed source cryptographic tools are suspect at best.
On the whole, it seems unlikely that Darkcoin is secure enough to hold up to a persistent, resource-rich attacker, making the security guarantees it can make cold comfort for many would-be users. Some have gone further and suggested that Darkcoin is a “pump and dump scheme” – a cryptocurrency which is primarily owned by its creator, which is aggressively promoted to produce a temporary bubble, during which the creator sells his holdings. There’s some merit to this claim: Darkcoin was aggressively mined by a small number of wallets very early on (when the reward rate was very high). Most of those coins were sold during the large price spike last year. Cryptolife, a website that analyzes various cryptocurrencies, ended a post critical of Darkcoin like this:
“All hype and no substance, DarkCoin is far from a serious contender in the altcoin world. Its suite of ‘anonymity’ features are falsely advertised, offering pseudonymity at best. At the end of the day, DarkCoin offers nothing of true value over other coins. Couple this with shady release tactics, a sizable instamine, and unsustainable price increases, only a fool would dare ‘invest’ in this coin right now.”
Fortunately, Darkcoin is not the only game in town on the anonymity front. Zerocoin, a new cryptocurrency under development (originally conceived as an addition to the Bitcoin protocol) takes a very different approach to anonymity. Users of Zerocoin, according to the proposal, will be able to “destroy” a unit of currency while preserving a secret piece of information about the destruction process. Later, they (using a new wallet) can claim control of the destroyed unit of currency by using that secret to prove that they owned a destroyed coin, without revealing which coin they owned. This is called a zero-knowledge proof, and is secure to the limits of modern cryptographic tools, though also slower and more complex than Darkcoin. Zerocoin doesn’t exist yet (developers say the initial release will be ready in less than three months).
On the whole, given Darkcoin’s various vulnerabilities (and a certain amount of potentially shady dealings by its creators), those of you with serious anonymity needs are probably best off waiting for a more robust and less sketchy alternative, like Zerocoin or a similar competitor.