On the linkability of Zcash transactions

TL;DR

This paper investigates the linkability of Zcash transactions, revealing that a significant portion of shielded transactions can be linked back to transparent addresses through heuristic analysis of round-trip patterns.

Contribution

The study introduces a heuristic method to identify linkable transactions in Zcash, demonstrating that over 30% of shielded coin flows can be traced back to transparent addresses.

Findings

31.5% of coins sent to shielded addresses are linked back to transparent addresses

Most coins sent to shielded addresses are later returned to transparent addresses

Round-trip transaction patterns exhibit high linkability

Abstract

Zcash is a fork of Bitcoin with optional anonymity features. While transparent transactions are fully linkable, shielded transactions use zero-knowledge proofs to obscure the parties and amounts of the transactions. First, we observe various metrics regarding the usage of shielded addresses. Moreover, we show that most coins sent to shielded addresses are later sent back to transparent addresses. We then search for round-trip transactions, where the same, or nearly the same number of coins are sent from a transparent address, to a shielded address, and back again to a transparent address. We argue that such behavior exhibits high linkability, especially when they occur nearby temporally. Using this heuristic our analysis matched 31.5% of all coins sent to shielded addresses.