Crypto Fungibility and the Rise of Anonymous CoinssteemCreated with Sketch.

in dash •  2 months ago


The fundamental properties of what makes "good money" have been known to mankind, whether outlined officially or understood intrinsically, since the dawn of money itself.

The ideal money should function as a medium of exchange, a unit of account, and a store of value.

Some detractors of cryptocurrency may argue that assets like BTC are not a true "store of value" due to their volatility, but the exponential rise in both price and adoption would beg to differ - even when considering its recent price correction:

BTC's price chart when measured in a logarithmic scale

However, there is one often overlooked quality of money that some cryptocurrencies are at serious risk of violating, and that is fungibility. Merriam-Webster defines fungibility as:

"Being something (such as money or a commodity) of such a nature that one part or quantity may be replaced by another equal part or quantity in paying a debt or settling an account."

You may be thinking to yourself, "Hey, Exodus, what gives? 1 BTC is equal to 1 BTC, so why is it not a fungible asset?" I'm glad you asked, hypothetical reader!

Enter colored coins.

Simply put, colored coins are a way to tag specific coins with extra metadata, but what this metadata is (and more importantly, how it is used) is a topic of much debate.

There has been something of an effort to "rebrand" colored coins as little more than an innovative manner of cooking metadata onto the blockchain for unique physical-world attributes like verifying property ownership, mortgages, or legal title. To be sure, colored coins can be used for these applications and it would be great to see this technology mature!

That being said, this is not the only application of colored coins, as this metadata can effectively be used to "mark" specific coins or addresses with any kind of information, including transactions that certain entities may not like. Imagine, for example, that you donate funds using cryptocurrency to a wallet of a political campaign or ideologically-minded organization not deemed "appropriate" by a centralized exchange or government and colored accordingly.

Your crypto is now at the mercy not of market forces, but the arbitrary will of its "color" and the metadata attached to it. Compare this to gold - yes, a State or private entity can mark the precious metal with an arbitrary insignia banning it from certain types of commerce, but gold can easily be melted down and re-cast to maintain its fungibility.

Thankfully, there are coins designed specifically to combat fungibility issues inherent in cryptocurrencies, affectionately known as anoncoins. As cryptocurrencies march forward to a world of mass adoption, perhaps now more than ever it is important to be aware of the teams striving to keep coins anonymous, private, and fungible.


Founded by Evan Duffield, DASH has been around, in some form, since 2014. Originally launched as X11Coin, rebranded as DarkCoin, and renamed yet again as DASH, the project's history and focus has shifted many times since its inception. Throughout every iteration of DASH, however, has been a focus on privacy and fungibility.

DASH in the Exodus Wallet

The feature previously known as DarkSend (now PrivateSend) is effectively an implementation of Gordon Maxwell's CoinJoin. DASH achieves anonymity and fungibility via mixing services powered by MasterNodes, which are incentivized with a portion of the block reward to continue their operation.

Detractors of DASH's privacy model have noted that an "anonymity as a choice" privacy model can never be as fungible as "anonymity by default." Furthermore, some have drawn attention to the fact that MasterNodes are centralized largely with a few cloud hosting companies, like Amazon's AWS and Microsoft's Azure.

This doubtlessly makes DASH's method of privacy more fragile and less fungible than the next coin in our list, but one fact cannot be argued: Some anonymity functionality is better than none at all.

These concerns are further compounded when one considers the now-infamous instamine scandal. While the DASH Foundation ensures us that these instamined coins have been largely sold off since the days of X11Coin, some still desire more conclusive proof to this end.


Arguably the most anonymous coin on our list, Monero is also the only coin under examination today that has as a stated goal fungibility. It is also the only anoncoin herein which applies anonymity universally - an anonymous transaction is not a choice in Monero, it is the de-facto standard.

Monero achieves this through a combination of Ring Signatures and Stealth Addresses. Ring Signatures mix the input of spenders with others transacting on the network - this makes it increasingly difficult to link transactions with each subsequent mix. Monero's unique RingCT technology not only obfuscates the amount of funds being transacted, but the recipient's addresses as well.

Stealth Addresses are a novel way of obfuscating public addresses even further - a public Stealth Address can be shared openly, but incoming payments to a Stealth Address will automatically be paid to a fresh address behind the scenes.

A research paper published in part by members of the ZeroCoin/Zcash Team noted in 2017 that a majority of Monero transactions can be linked - however, this study examined only Monero transactions from 2014 to 2016, before the implementation of RingCT.

Unlike DASH and Zcash, Monero's codebase is also not based on BTC, LTC, or any other BTC-like asset. Proponents of Monero note that this ensures a strong foundation for crafting a fungible and anonymous coin, but it must be noted that this design choice also comes with baggage:

  • XMR is increasingly difficult for other developers to implement as it is not based on common source code and tools developed for the BTC ecosystem
  • By virtue of its uniqueness, XMR development has been sluggish - after four years, a Monero GUI wallet has yet to be released in stable form


Released to the public in late 2016, ZEC is the "new kid on the anoncoin block," but its inception predates its launch by many years. The ZeroCoin protocol which powers Zcash has been long-awaited by the crypto community since the early days of Bitcoin and has been hailed by many as the closest thing to "perfect anonymity" yet to hit the crypto market.

Zcash in the Exodus Wallet

Zcash achieves this by a novel protocol known as zk-SNARKs, a form of zero-knowledge proof described by even studied mathematicians as "moon math."

Described in more pragmatic terms, Zcash splits its addresses into two formats: "t" addresses (for transparent transactions) and "z" addresses (or shielded addresses whose balance and transaction information is not displayed on a block explorer). In effect, this means a z-to-z address value transfer is effectively "ghosted," knowable only to the two parties involved in the transaction.

One of the primary reasons the ZeroCoin protocol is so exciting is that it is coin-agnostic. zk-SNARKs could theoretically be implemented in BTC, LTC, ETH, or any other coin, and there has already been talk of implementing zk-SNARKs atop Ethereum. It is also the only coin in this article whose anonymity is not achieved through some form of coin mixing, making Zcash and its zero-knowledge proofs a true breakthrough in cryptography as well as a fantastic "proving ground" for ZeroCoin overall.

However, Zcash (and zk-SNARKs more broadly) are not without their faults - like DASH, the anonymity model Zcash uses is completely voluntary and the amount of z-to-z address transfers is incredibly low. This means that privacy on the network at present is very weak.

Furthermore, the "trusted setup" inherent to Zcash has been hotly debated, and with good reason, as a backdoor at the time of this setup would render all Zcash's revolutionary privacy technology moot.

By virtue of Zcash's z addresses, such a backdoor could also allow for the unfettered creation of new coins that are hidden from the overall supply, effectively undermining the money supply of Zcash itself. For a coin whose supply is designed to be inherently deflationary, this is a rightful concern.

Finally, many have debated the funding mechanism of the Zcash Foundation known as the Founder's Reward by which 10-20% of the block reward is paid directly to the coffers of Zcash's developers - a hefty sum, to be sure, but this method of funding is arguably more transparent in nature than the premine or ICO models so common in other coins.

In Closing

It's worth noting that the privacy features of DASH and Zcash require functionality not included in most light wallet multi-coin clients, Exodus included. But such wallets are still great ways of acquiring and storing anonymous coins, using them as a staging area before sending them off to more full-featured wallet clients to take advantage of these unique privacy features. By merely holding these coins in an Exodus wallet, you are signaling to the market your intention to support fungibility and privacy in cryptocurrencies, and moreover, removing coins from the circulating supply.

Exodus supports all assets under discussion here with the exception of Monero - but were it to be added to Exodus at some point in the future, its anonymity functionality would also be in tow, unlike DASH and Zcash which require far more infrastructure to deploy.

Regardless of which fungibility model you are a fan of, the technology has an increasingly important role to play in the cryptocurrency realm. We would implore readers to explore these offerings by doing more research on them, and we at Exodus will be equally as diligent in supporting the anoncoin ecosystem.

Onward and upward, fellow cryptonauts!

Header image credit: Descryptive

Please reserve the comments section for lively and honest discussion about the article! If you have technical issues with Exodus, our Community Support team will be happy to speedily assist you if you send a descriptive email to:

This post first appeared on Steemit as an exclusive article but was also reblogged on the Exodus Movement Medium page. We give the <3 to our fellow Steemians first and foremost, but this article may appear elsewhere after its initial publication.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

steemit - fantastic.gifpost!

I love my exodus wallet.

Awesome post, great discussion of these coins. 😎


Wow, thanks for taking the time to read and resteem @personz :) That's too kind of you.

Following you now, hopefully we'll see each other again in the future!


I hope so too! 😎

@exodus, enjoy the vote!

Have you claimed your FREE Byteballs yet? Check out this post on how you can get $10-80 just for having a Steem account:

Do you plan to ever include the security features of DASH and Zcash on @Exodus generally speaking? Still would love to get monero onto the Exodus wallet one day too. I'm aware of the roadmap so no worries, partna 🤠


Hey there @muppetdingdong ;) Thanks for taking the time to upvote and comment!

This is a great question - while we cannot comment directly on future inclusions to Exodus, I'd be happy to at least explain the challenge with adding PrivateSend and z addresses to Exodus in its present form.

zk-SNARKs is actually a very resource-intensive method of sending coins. Generating a z address in Zcash used to require a minimum of 8GB of RAM! It's my understanding that this requirement has gone down a lot since the Overwinter upgrade, but it's still a pretty "RAM hungry" application.

As such, z address generation would change the resource requirements of Exodus and require a lot of UX considerations, as ZEC would then operate completely differently from any other asset in Exodus. Furthermore, z addresses require a full node to use properly, which comes with a lot of extra considerations on the back-end as well.

While we'd love to be the first to market with a z-address compatible light wallet client, there's good reasons why no one has created one yet ;)

PrivateSend also requires a full node to interact with DASH's MasterNode system, and like Zcash, would also come with a bevy of new UX concerns. For example, one would have to set the amount of mixins in the wallet directly - a big design and user experience overhaul, to be sure!

Even the official DASH light wallet client does not include PrivateSend:

In short, these advanced privacy features really do require full nodes to work as intended and Exodus is designed specifically so you don't have to download the entire blockchain to use it. While it's certainly tedious and not ideal to maintain multiple wallets like this, full nodes really are your only option for private transactions in DASH and ZEC.


Thank you for your detailed and informative response @exodus. Interesting stuff to think about! Always appreciate learning a bit more, and as always you're online / social media people are AAAA+++++ superior. You make everyone else look bad, and they should feel shame.

The official dash wallet — hilarious lol yes. Touche.

What about Cloakcoin with their enigma transactions?


Interesting question @ctheprince! In my experience running a CLOAK full node on a Raspberry Pi for a short amount of time, CLOAK has a very similar privacy model to DASH, but with a few key differences.

In DASH, a MasterNode costs 1000 DASH to run and these nodes receive a portion of the block reward for their services. CLOAK, however, allows any full node to effectively act like a "MasterNode" in DASH. A CLOAK full node will help provide CoinJoin-esque mixing services when Enigma is enabled and your wallet is unlocked for minting.

Unlike DASH, Cloakcoin is a pure Proof of Stake coin whereas DASH still has a Proof of Work element. This means that a Cloakcoin wallet that's in "minting mode" will receive new coins roughly in correlation to the amount of funds the wallet has staked.

Whether or not a PoW or PoS algorithm is more secure is a topic of much debate in the cryptocurrency world, so some of this will come down to personal preference.

The privacy tech at the heart of both coins is virtually identical, though! I hope this helps to explain a bit further.

Quality write up, hope that this rich spectrum of writing continues, fully lock in and ready for the next blog..... Some of these coins are ahead of its time, I believe as adoption increases the appreciation of these projects would be welcome, particularly impress with Zcash z to z transaction, this would fit well with a project I am working on...


Thank you so much for the kind words! We are working really hard at maintaining an active presence on Steemit now, and we plan to keep the articles coming!

What type of project are you working on if you don't mind me asking? =)


That's great keep the articles coming, looking forward to them....
The Project is EDNA, you can get all the information directly from the website with the link here
We are considering tumbling as a way of mixing the data together as to make it difficult to identify a given sample with the identity of the person... The z to z option here sounds like an interesting option... If you have any suggestion, feel welcome to share it or possible models of achieving our desired outcome....
If you want to find out anything else feel free to reach out to me or possible developers you may know of with the technical skills would be greatly appreciated....

The ideal money should function as a medium of exchange, a unit of account, and a store of value.

The above is fundamental and tends to get lost in the mania and community division a lot of the time.

Some detractors of cryptocurrency may argue that assets like BTC are not a true "store of value" due to their volatility

This argument is — precisely as you write — no good, but a better one would be regarding the changed transaction parameters and fees on the BTC chain. While BCH may be a controversial alternative, it does return to the roots of what Bitcoin was created to be; A cheaply transferable e-cash, comparable in money function to gold coins.

When the fees can rise and fall wildly, when they are expected to rise to compensate for lost block reward, or when it becomes accepted that transactions must wait to be timestamped before being accepted as payment and may not be timestamped for days unless you hold a lot of economic or other power in the ecosystem (as if it were a typical fractional reserve based system), the fungibility of the individually transacted coin is seriously degraded and hence also the performance in each of the previously mentioned areas associated with good money. (Satoshi made a big point about this in the Bitcoin design and in several of his letters, but today it has become all too common to simply brush aside such reminders as "argument from authority" when it instead actually is a very important realization to make.)

BTC is leading a trend where it is considered unnecessary to have a chain with enough throughput and second layer solutions such as sidechains are counted as part of the main network itself. "Bitcoin is not a timestamp server" has become an increasingly popular position to hold, which misses the point of what nodes and timestamping meant and were intended for in the first place.

There was a time when Bitcoin was considered decentralized by default, when 3-4 anonymous network nodes (hashing nodes, or operators) were understood to be plenty, and when scaling at the pace of evolving computational power using SPV was known to be both safe enough and fully sustainable. None of this has been thoroughly refuted as no longer viable, but the crypto currency culture has changed to such a degree that it is hardly recognizable anymore.

As always, time will tell what works and what doesn't.


"None of this has been thoroughly refuted as no longer viable, but the crypto currency culture has changed to such a degree that it is hardly recognizable anymore."

That's a very interesting observation, @the-ego-is-you - personally, I never thought about this as couched in cultural terms as opposed to technological ones. Many of us here at Exodus are fans of Electrum so we're no strangers to SPV! :D

We appreciate the resteem, we're now following your account and looking forward to checking out more of your thought-provoking content.