George Kappos, Haaroon Yousaf, Mary Maller and Sarah Meiklejohn found that when coins move from "unshielded" to "shielded" and back to "unshielded" addresses, they lose much of the anonymity that zcash users expect. The team noted that "relatively simple heuristics ... reduce the size of the overall anonymity set by 69.1 percent." This is reported by Coindesk.
Note that ZCash, positioned as one of the most promising and respected confidential crypto currency, offers two types of addresses: "T-addresses" are transparent and unprotected, transactions and balances are publicly available. In turn, "Z-addresses" are protected and invisible to the general public.
Thus, transfers from one unprotected address to another are completely public, whereas transactions between protected addresses are almost anonymous (only time marks and commissions related to mining are displayed).
At the same time, researchers found that transactions involving different types of addresses are much less confidential. So, if you want, you can get information even about Z-addresses, the report says.
Our heuristics would have been significantly less effective if the founders interacting with the pool behaved in a less regular fashion. In particular, by always withdrawing the same amount in the same time intervals, it became possible to distinguish founders withdrawing funds from other users.
The University College London Research Team
These transactions (as well as similar ones carried out by the miners) are caused by the necessity of holding ZCash coins through secure Z-address pools before they can be used for other operations.
Researchers also noted that they told the founders about the problems found before the publication of the report, which has already led to a change of patterns. In turn, the founder of ZCash Zooko Wilcox and marketing director Josh Swihart in the reciprocal message congratulated the university team.
It is valuable to understand how much privacy is lost when using shielded addresses as a pass-through mechanism, but using it in that way is not recommended. Instead, store your Zcash in a shielded address.
Zooko Wilcox and Josh Swihart
Wilcox and Swihart said that planned upgrades to the zcash protocol would lessen the risks to anonymity identified in the reasearch.