
A Brief Discussion on the Technological Evolution of Privacy Transactions
TechFlow Selected TechFlow Selected

A Brief Discussion on the Technological Evolution of Privacy Transactions
To achieve data privacy protection, privacy protocols are required.
Author: 0x1, IOBC Capital
Would you be willing to publicly share your wallet address and let everyone know how much money you have? Would you want everyone to know your investment preferences and every single expense? I think many people would not. To achieve privacy protection for such data, privacy protocols are required.
There have always been cryptocurrencies in the market that emphasize privacy as a selling point, including DASH, XMR, Zcash, Grin, Rose (Oasis Network), FRA (Findora), PHA (Phala Network), SCRT (Secret Network), and others. Throughout the past decade of development in the crypto industry, the privacy sector has consistently held a place.
If we further细分 the privacy track, it can be divided into four categories: privacy computing networks, privacy transaction protocols, privacy applications, and privacy coins. Among these, privacy coins were developed earliest; Tornado, a privacy application, is currently widely adopted; while privacy transaction protocols and privacy computing networks are now receiving the most attention.

Due to space limitations, this article only discusses the technological evolution and implementation methods related to privacy transactions from a technical development perspective.
To date, there have been mainly four types of technical solutions for achieving privacy transactions in cryptocurrency:
1. CoinJoin
CoinJoin: CoinJoin is a coin mixing mechanism that takes tokens from different senders and combines them into a single transaction. A third party bundles and sends the tokens to recipients. On the user side, each recipient receives their tokens at a previously unused address, thereby reducing the likelihood of tracing specific transactions.
DASH is a typical example of using CoinJoin technology to enable private transactions. Launched in 2014, DASH was not designed solely for privacy but offers privacy transactions as an optional feature—users can choose to use the PrivateSend function or conduct regular transactions.
In terms of mechanism, the DASH network incentivizes miners to act as masternodes by offering higher rewards, with each masternode holding 1,000 DASH as buffer funds. Users initiating transactions can utilize these pooled funds, creating a "coin mixing" effect. This obfuscates transaction details, making tracking difficult and thus achieving privacy protection.
2. Stealth Addresses + Ring Signatures
Stealth Address: Creating a stealth address means generating a new address each time cryptocurrency is received. It ensures external parties cannot link the payment address to a permanent wallet address.
Ring Signature: Blockchain transactions require digital signatures to verify the sender. Since each user's signature is unique, it’s easy to trace transactions back to the signer. The ring signature approach mixes the actual signer's signature with those of other ring members—the more signatures involved, the harder it becomes to directly associate the signer with the transaction.
Monero (XMR) uses a combination of stealth addresses and ring signatures to achieve privacy protection. Monero does not offer optional privacy—it provides full privacy by default. It gives each wallet owner a new private view key, recipient address, and private spend key. Additionally, XMR mining can be done using ordinary computer CPUs without specialized mining hardware, contributing to greater decentralization.
To further enhance privacy effectiveness, Monero has undergone multiple technical upgrades over time. To hide transaction amounts, RING-CT (Ring Confidential Transactions) was introduced. While RING-CT improved privacy on the Monero blockchain, it came at the cost of scalability. Later, Bulletproofs—a zero-knowledge proof protocol—was integrated, significantly increasing transaction capacity and reducing verification time by 80%.
3. Mimblewimble
The term "Mimblewimble" comes from a spell in the Harry Potter series—"the Tongue-Tying Curse." Two main projects, Grin and Beam, use this privacy protocol. Mimblewimble employs technologies including Confidential Transactions, CoinJoin, and Cut-through.
The Mimblewimble protocol represents a tradeoff between anonymity and scalability. It is a design solution that provides cryptographic privacy for public ledgers based on the output model, without involving the consensus layer, so it can work with almost any consensus rule.
Mimblewimble was initially proposed to add privacy features to Bitcoin. With this technology, ownership of accounts, transaction links, and transaction amounts can all be hidden. It also enables "coin laundering"—in Bitcoin, some coins may be marked as "tainted," leading institutions to refuse them. Mimblewimble helps eliminate such taint.
4. Zero-Knowledge Proof Based Approaches
Zero-Knowledge Proof (ZKP) refers to a method where a prover can convince a verifier that a certain statement is true without revealing any information beyond the validity of the statement itself.
Zero-knowledge proofs were first theoretically formalized by Goldwasser, Micali, and Rackoff in 1989. Today, ZKPs are primarily used in the blockchain industry for two purposes: privacy protection and scalability. This article focuses on their application in privacy.
The first practical application of zero-knowledge proofs for privacy was on Zcash, followed by numerous other projects adopting ZKP mechanisms, leading to the development of various new technologies such as Aztec and Manta Network.
To illustrate zero-knowledge proofs, consider the "Alibaba and the Forty Thieves" analogy:
Alibaba is the prover, and the thieves are the verifiers. The thieves capture Alibaba and demand he reveal the incantation to open the treasure cave, threatening death otherwise. If Alibaba reveals the incantation directly, he might be killed once useless. If he refuses, the thieves will kill him, believing he doesn’t know it. Alibaba proposes a solution: let the thieves stand one arrowshot away—if he fails to open the stone door or tries to escape, they can shoot him.
This way, Alibaba proves he knows the incantation without letting the thieves hear it. The prover (Alibaba) convinces the verifier (thieves) of a truth (knowing the spell) without disclosing the secret itself.
zk-SNARK
zk-SNARK stands for "Zero-Knowledge Succinct Non-Interactive Argument of Knowledge," often translated as "zero-knowledge succinct non-interactive proof." Proposed by Ben-Sasson et al. from the Technion in Israel in the 2014 Zerocash paper, zk-SNARK is currently the most widely used zero-knowledge proof-based privacy technology. Notable projects deploying zk-SNARK include Zcash and Loopring. It allows users to prove possession of specific information without revealing the content.
zk-SNARK translates zero-knowledge proof logic into computer-programmable form. The basic workflow is shown in the diagram below:

What kind of privacy does zk-SNARK actually provide? It achieves full privacy—not only hiding the addresses of both parties and transaction amounts, but even nodes do not know the content of the transaction. However, zk-SNARK's drawback lies in its requirement for a trusted setup, which inherently carries potential security risks regardless of how carefully it is conducted.
Building upon zk-SNARK, newer zero-knowledge proof systems like Bulletproofs, zk-STARK, Sonic, PLONK, and Supersonic emerged to improve privacy while optimizing transaction throughput and cost.
Bulletproofs
Compared to zk-SNARK, Bulletproofs do not require a trusted setup, though verifying Bulletproofs takes longer than zk-SNARK proofs. Bulletproofs have been implemented in the XMR project to increase transaction capacity and reduce verification time by 80%.
zk-STARK
zk-STARK stands for "Zero-Knowledge Scalable Transparent Argument of Knowledge." Developed by StarkWare, zk-STARK uses novel cryptography and modern algebra to enforce computational integrity and privacy on blockchains. StarkEx implements zk-STARK technology. zk-STARK allows blockchains to offload computation to a single off-chain STARK prover, then verify the correctness of these computations via an on-chain STARK verifier.
Compared to zk-SNARK, zk-STARK is considered faster and lower-cost because although computation increases, communication between prover and verifier remains constant—resulting in much smaller overall data size than zk-SNARK proofs. Moreover, zk-STARK does not require a trusted setup, relying instead on collision-resistant hash functions and simpler cryptographic assumptions. Overall, while zk-SNARK has made significant progress in refinement and adoption, zk-STARK addresses many of its shortcomings (faster, cheaper, no trusted setup) and is seen as an improved version. However, zk-STARK’s off-chain computation with on-chain verification may introduce relatively weaker security compared to zk-SNARK.
Sonic
Sarah Meiklejohn (University College London), Markulf Kohlweiss (University of Edinburgh), and Sean Bowe (Zcash) proposed a zero-knowledge proof protocol called Sonic. Sonic is a universal SNARK, meaning only one setup is needed to validate any possible program.
Sonic represented a major step forward in the evolution of zero-knowledge proofs. However, its speed is slower—proof generation time increases by about two orders of magnitude compared to non-universal SNARKs—so no prominent privacy project currently uses Sonic.
PLONK
PLONK is an efficient,通用 zk-SNARK co-developed by Aztec Protocol’s CTO Zachary Williamson and chief scientist Ariel Gabizon (Protocol Labs, formerly Zcash). Ariel Gabizon and Zac Williamson conceived PLONK during a chance meeting at the Binary District workshop in London.
It is a brand-new, highly efficient通用 zk-SNARK that requires only one trusted setup, reusable across all programs. This technology even earned a retweet from Vitalik. How fast is PLONK? On standard consumer hardware, PLONK can process circuits exceeding one million gates within 23 seconds—no server farms or HPC clusters involved; these results come from a Microsoft Surface tablet.
Take Aztec as an example to explain how the PLONK-based privacy protocol works:
First, Aztec requires a trusted setup known as Ignition CRS. Initially, Aztec randomly gathered 200 participants worldwide, each contributing to the Ignition CRS. Each participant generates randomness—an essential foundation for Aztec’s proof security. (Think of it as 200 people shuffling a deck of cards: as long as not all 200 collude, and at least one is honest, the shuffle—and thus system security—is guaranteed.)
Then, a standard Aztec privacy transaction can be understood as a UTXO (see image below). Similar to Bitcoin’s model, except Aztec transactions are encrypted. Ethereum then verifies whether this UTXO is valid—i.e., checks if 60 + 40 = 75 + 25.

How exactly is this verified? First, input notes must equal output notes. To prevent overflow attacks (e.g., 10 = 11 + (-1)), range proofs are added. Aztec later upgraded to set membership proofs—users must prove their output notes originate from Codex to gain approval from Aztec’s Cryptographic Engine (ACE). Only after this series of steps can the UTXO be successfully validated.
Aztec aims to achieve three aspects of privacy: (1) data privacy—encrypting and hiding transaction amounts; (2) user privacy—making it impossible for observers to identify sender and receiver IDs; and (3) code privacy—enabling dApps built with Aztec SDK to conceal their smart contract code. The first goal has been achieved; the latter two remain unimplemented.
SuperSonic
SuperSonic combines Sonic and DARK proofs into a short proof that requires no trusted setup. Under a circuit of one million logical gates, proof size can be compressed to 10–20 KB, with room for further optimization. This technology was first deployed on the financial blockchain Findora.
The following table compares various zero-knowledge proof technologies in terms of proof size, verification speed, need for trusted setup, and real-world applications:

Overall, the emergence of these efficient,通用 SNARKs enables Web3 privacy and scalability through at most one MPC setup, allowing privacy transactions to be generated on all user devices (phones, tablets, etc.) and executed efficiently on public networks—greatly accelerating progress in the privacy field.
Based on the current state of privacy transactions, two trends may emerge in the near future:
1. Current usage of privacy transactions is still low, but有望 increase with technological advancements.
There are three main reasons for low adoption: first, high technical barriers—early privacy transactions offered poor user experience for average users. Despite the existence of privacy coins like Zcash and XMR for years, most ordinary people have never truly used them; second, awareness of the need for privacy transactions remains limited. Historically, people assumed only illicit activities required privacy, and consciousness around hiding on-chain transactions, transfers/payments, and amounts is still weak. However, with the rise of DeFi and increased on-chain activity, awareness of on-chain privacy is awakening; third, early privacy protocols did not support the assets users actually want to transact with—mainstream tokens like ETH, USDC, DAI—so few users are willing to switch to privacy coins just for privacy.
2. Mainstream blockchains integrating privacy features may become the ultimate trend in privacy development.
Privacy coins as standalone entities may no longer attract popularity, especially after years of regulatory crackdowns globally. For instance, due to FATF regulations, Coinbase UK delisted Zcash in 2019, while OKEx Korea removed Monero, Dash, Zcash, ZCache, Horizon, and SuperBitcoin.
However, the demand for private transactions is real and enduring—where there's demand, there's a market. Judging from the most watched privacy projects recently, incorporating privacy features directly into mainstream blockchains like Bitcoin, Ethereum, and Polkadot may become the prevailing trend.
Using CoinJoin in Bitcoin transactions is currently one of the most widespread mixer services for hiding transaction information. Mixers break the link between sender and receiver addresses via third-party services.
On Ethereum, the most discussed privacy solution is the zero-knowledge proof suite (zk-SNARK, zk-STARK, etc.). Vitalik once said, “Zero-knowledge proofs are the most powerful privacy solution. Although technically challenging, they offer the best results in protecting privacy and security on the Ethereum network.” Among ZKP-based solutions, Aztec’s PLONK technology is particularly well-regarded.
In the Polkadot ecosystem, Manta Network is a notable privacy transaction project. Built by P0xeidon Labs, Manta Network is a zk-SNARK-based privacy protocol (using Plonk with Lookup) deployed on Polkadot, with its testnet Calamari on Kusama. The project plans to expand to other public chains in the future. Manta Network aims to launch MantaPay, a multi-asset decentralized anonymous payment protocol, and MantaSwap, a decentralized exchange protocol with an AMM mechanism powered by zk-SNARKs.
In summary, private transactions represent a genuine market demand, and this sector deserves ongoing attention. As the volume and value of on-chain transactions grow, so too will the demand for privacy solutions.
References:
1. https://vitalik.ca/general/2022/06/15/using_snarks.html
2. https://developers.aztec.network/
3. https://emphasized-seed-161.notion.site/PVM-P0xeidon-VM-primer-5bf16a3ef16e4a8696e99ede6d71ea95
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News














