Anonymity of safe coins

I’ve read the Safecoin white paper and have some questions concerning anonymity.

The paper states that “only the past and current coin owner are known”, and I am trying to figure out what this really means. Some people are claiming that Safe coins are as anonymous as zerocoin and zerocash because of this feature, but I am not quite sure.

It is true that the safecoin transactions are not stored on a single giant blockchain like bitcoin, but the transactions do need to be validated by 32 “close” nodes. Would it be possible for these nodes to store all the transactions that they validated, allowing analysis at a later date? Or are these transactions somehow hidden from the validating nodes, such as by using zero-knowledge proofs? Are the 32 nodes always the same? And is there an easy way for these validating nodes to share the transaction details with more nodes, effectively broadcasting it to everyone?



When vaults go off-line and rejoin the network they are placed under a different address, and as the vault network gets denser, vaults can also be pushed out of close groups of a coin. So they’re not always the same, but a vault that tries to stay connected 24/7 might monitor some coins for a very long time. I also think one could simply GET a coin to check it’s current ownership field.

So yeah, the network itself doesn’t track coin history, but it’s not impossible for independent actors to do so, to some degree. But you’ll have to focus on a particular coin or group of coins rather than a particular wallet address.


Zero cash is certainly an exciting development! To answer a couple of your questions. The 32 nodes (28 minimum) required for consensus are not the same and are based on XOR closeness, also I believe that the current and previous owners are actually only known to the network and as to zero knowledge proofs I can’t give you a definitive answer although I have seen that pop up in the forum before (use the search bar in this forum to dig deeper). I have also read David Irvine saying that each user could have multiple personas and could pass safecoin to his/herself so that they are the only current and previous owner. Hope this helps a little although someone more qualified to answer is welcome to step in


The answers here are fairly accurate as far as I know, but once work starts on the Safecoin RFC - as soon as the MVP is released and working satisfactorily I think - these questions would be great to fire into that process.

1 Like

Something else just occurred to me that’s worth bearing in mind when you think about trying to track coin ownership…

With bitcoin / blockchain a transaction is any size from dust to millions of dollars. With Safecoin, each currently worth a couple of cents, you would need to gather an awful lot of data to associate even a small amount of value with an owner address.

There’s no easy way to find coins owned by a given address, in fact it sounds almost impossible to me. So you’d first have to find a lot of coins owned by one particular address, and then somehow know who owned that address, and for them to be someone you are interested in rather than a random person.

All that seems to make it very difficult for anyone to target people for ownership by gathering information from nodes. Far easier to target the individuals directly, rather than try to gather information from the network itself.


One last quick question: From the responses I got, I get the feeling that safecoins are not divisible, and that they are real entities (as opposed to simple a balance on a ledger). Is this the case?


They are real entities and not an entry in a ledger, correct.

They can be divided though. This will not be in the initial implementation but can be enabled later. There have been discussions on different ways of doing this - search for “Safecoin divisibility” should find them - particularly within posts by @dyamanaka