The Veil cryptocurrency is a privacy coin with the motto, “privacy without compromise.”
It was created to grant users the ability to remain incognito while engaging in transactions on the blockchain.
Here, we take a look at how the Veil cryptocurrency allows you to spend Veil while remaining anonymous.
Zerocoins
Before we delve into the specifics of Veil, we will first cover the privacy protocol it uses, known as the Zerocoin protocol.
The protocol was devised back in 2013 by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman. The aim was to create an extension for Bitcoin which offers optional anonymity in the Bitcoin network.
The process involves converting public Bitcoins into anonymous Zerocoins and back again. The public token is referred to as a Basecoin, while the anonymous coin is known as a Zerocoin.
For Veil, the public token is called Basecoin Veil and the anonymous coin is dubbed Zerocoin Veil.
However, rather than use the word ‘public,’ Veil use ‘on-chain’ because their Basecoin transactions are also made anonymous.
Veil want to give users the functional ability to convert crypto into Zerocoins and then spend them at a later date entirely anonymously.
But, in Bitcoin for example, to ensure the monetary supply can be audited, the creation of a Zerocoin cannot be fully anonymous.
This is because of a process known as ‘minting,’ which refers to when a Zerocoin is created. However, to mint a Zerocoin, a Bitcoin (public token) has to be taken out of the total supply to be ‘burnt.’
The problem for Veil now lies in the fact the owner of the Zerocoin is not anonymous. This is because if a very specific amount of crypto was burnt, creating a very specific amount of Zerocoins, it isn’t difficult to determine who has minted the Zerocoins when they are spent at a later date.
Fixed denominators and accumulators
An answer to this problem is the implementation of ‘fixed denominators.’
A fixed denominator would mean you could only mint and burn a set amount of coins, for example 10, 20, or 100.
If only 10 Veil coins existed, it wouldn’t be too hard to figure out who owns them, but if there are millions of users with 10 Veil coins, it becomes significantly harder to identify people.
A fixed denominator also needs a contrasting ‘accumulator.’ For example, if Bitcoin’s network functioned with three denominators, then it also has three accumulators.
You would be forgiven for thinking that an accumulator holds all of the coins related to a particular denominator. However, this is incorrect.
An accumulator is actually a singular number that cryptographically embeds the knowledge and existence of each outstanding Zerocoin in that specific denominator.
The Veil cryptocurrency functions by utilising four accumulators with the following denominators: 10, 100, 1,000, and 10,000.
How the Zerocoin protocol works with Veil
The following process occurs automatically within the Veil cryptocurrency wallet.
Let’s say you received 22.5 Basecoin Veil. You know you can convert this into 20 Zerocoin Veil. The remaining 2.5 Basecoin Veil stays the same in your Veil wallet.
The wallet will create a unique serial number for your 20 Zerocoin Veil. Alongside this, the wallet will generate a random number.
The wallet then enacts a one-way cryptographic calculation known as the Pederson Commitment.
It takes the serial number and random number as inputs and produces the Pederson Commitment as the output. It is one-way because the inputs cannot be retroactively calculated from the output.
At this juncture, the wallet burns the 20 Basecoin Veil and removes them from circulation. This is recorded on the blockchain with the output displayed publicly.
The 20 Zerocoin Veil network accumulator is then updated cryptographically to embed knowledge of the new output value.
This achieves privacy because the 20 Basecoin Veil have been burnt, with 20 Zerocoin Veil now minted. This is associated with the output, which is linked to you and the unique serial number, which is only known to the wallet.
How does this enable anonymous spending?
To spend the Zerocoin Veil anonymously means they cannot be linked back to the mint.
The wallet then calculates two zero-knowledge (ZK) proofs. The first can be used independently while the second can only ever be used in tandem with the first.
Zero-knowledge (ZK) proofs is a privacy process in which a party can prove to another party that a given statement is correct without conveying any additional information apart from that the statement is true.
The first ZK proof mathematically proves that the Zerocoin Veil you want to spend exists in the Zerocoin Veil accumulator, without revealing any information about the coin.
To achieve this, a Pederson Commitment must be computed using the output and an additional random value that you choose to produce a new output.
The additional random value is pivotal since the previous output is recorded on the blockchain and can be linked back to you.
With the new output produced, it will be provided to the network where it will be validated alongside the accumulator to confirm that you are the owner of a particular coin in the accumulator.
But, the network will not know which coin it is you are spending.
Then, you publicly reveal the unique serial number which corresponds to the 20 Zerocoin Veil alongside providing the second ZK proof.
This proves you know the random value which in turn proves you still control the unrevealed output used in the first proof.
ZK proofs therefore allow you to prove that you control a specific token among the 20 Zerocoin Veil tokens without any connection to the specific blockchain transaction that minted the coin.
In doing so, the spent transaction is made public through the unique serial number so that coin cannot be double-spent.
A new set of 20 Basecoin Veil will be put into circulation and sent to the destination address of the transaction, and the 20 Zerocoin Veil cannot be spent again because of the public recording of the unique serial number.
Other features
Ring Confidential Transactions (RingCTs) are also used by Veil to further increase anonymity. RingCTs are added to Basecoin transactions to bring as much anonymity as the technology currently allows for.
Alongside this, Bulletproofs technology has also been adopted to help reduce transaction sizes.
Eventually, the Veil network will implement a Proof-of-Stake (PoS) consensus algorithm to ensure maximum decentralisation and energy efficiency.
But, for at least its first year, the Veil network will be using a hybrid approach with Proof-of-Work (PoW) mining. However, since it is a hybrid approach, it will also have PoS benefits.
The choice to use a hybrid approach is to eliminate the need for an Initial Coin Offering (ICO) or pre-mine to enable a fair distribution of the Veil cryptocurrency.
Interested in reading more about privacy coins? Discover more about the top five privacy cryptocurrencies here on Coin Rivet.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.