Home » Articles » Shadowcash Hits Zero-Knowledge Jackpot with Casino-style Anonymity
Click Here To Hide Tor

Shadowcash Hits Zero-Knowledge Jackpot with Casino-style Anonymity

A few months ago we cataloged a preview of Shadow’s recently released zero knowledge update as well as alternative privacy technologies. However, before we go into the nuts and bolts of what makes Shadow’s new financial privacy update so impressive, let’s take a trip to the casino and see how the process emulates a very common and legal method of changing money.


Imagine walking through the doors of your local casino. You’re met with the melodic ambient noise of jackpots and cheers orchestrating a collection of wins and losses. The notes of this orchestra literally lose their link with one another.

For example, a $100 bill can be exchanged into chips of equal value, which is as good as cash anywhere in the casino: tips, tables, vendors, gift stores—anywhere, except the machines. Likewise, bills inserted into a slot machine can be cashed out into printable tickets, worth the fiat amount printed on them. At any time, you may redeem those chips or slot tickets at a casino cashier and you will be presented with a new set of bills; ones not linked to the bills that were initially converted into chips or tickets. As a result you leave the casino with a fresh set of bills and hopefully more than you started out with!

The latest update from the team at Shadowcash takes this age-old process and renders it into a harmonious cryptographic orchestra with the maestro, ShadowSend, conducting a unique symphony of dual-key stealth addresses, anonymous tokens, ring signatures and non-interactive zero knowledge proofs (NIZKPs). The resulting melody is untraceable and unlinkable transactions that are trustless—Meaning they require no centralized servers, 3rd parties or master nodes to facilitate anonymity. Shadow’s technical whitepaper goes over the process in detail and is available here.


However, to better visualize the process, we’ll stick with the casino analogy and assign values relevant to the protocol:

A node (player) gives the network (casino) their SDC (cash), which the network accepts and issues the node Shadow tokens (chips) in denominations of 1, 3, 4 and 5 equal in value to the SDC received. For example, 1.7 SDC would be split into smaller tokenized Shadow values of 1.0, 0.3 and 0.4. To provide unlinkability, these anonymous outputs (Shadow) can only be sent to and from a node’s stealth address. To provide untraceability, the network validates the transaction with a ring signature, which signs the transaction on behalf of multiple players in the network, instead of the individual.

Now, this is where the ShadowSend flow differs from the casino model and furthermore what makes it such an improvement over coin mixing services like Coinjoin, DarkSend or Helix.

Instead of issuing bills or coins from a mixture pool, the Shadow network achieves zero knowledge anonymity by destroying the original coin (SDC) and issuing Shadow tokens of equal value—minus the network fee. Vice versa, when redeeming Shadow for SDC, the network mints new SDC equal in value to the Shadow tokens—minus the network fee. This fee is then sent to the nodes for securing the network; nodes earn approximately 2% per annum on their coins.

The result is that there is no connection between the destroyed and newly minted SDC or the Shadow used during the process. Meanwhile, the tokenized denominations of Shadow remain in the system for available anonymous outputs.

So just like a casino chip redemption, the casino takes ownership of the chips (Shadow) in question and issues the respective amount back to the player in cash (SDC). The chips are then put back into the system increasing the overall amount of chips available for other players.

The network prevents ‘double spending’ by requiring proof of ownership via a ‘traceable ring signature’ for redeeming anonymous outputs (Shadow). Proving ownership of a traceable ring signature requires a user to prove ownership of the Shadow or ‘Proof-of-Shadow’ to the network. Thus, if a user owns the stealth address the Shadow resides on; then they may redeem Shadow for SDC. If a user doesn’t own the stealth address the Shadow resides on; there is nothing to redeem. Since Shadow can only be assigned to stealth addresses by destroying SDC, it makes the Shadow unforgeable.

Going back to the casino analogy—when a player redeems chips or slot tickets at a cashier; all the casino needs to verify is if the chips or tickets are valid. Possession of a ticket or chip is enough for the casino to validate the ownership; without possession the casino has nothing to validate and thus nothing to redeem.

A full slideshow presentation can be found here:


The concept blends strengths from the Zerocoin and Zerocash protocols by enabling the Shadow network to destroy and mint new coins (SDC), as well as create anonymous outputs (Shadow), through the use of zero knowledge proofs; without the Zero project’s weakness of requiring a trusted setup. Another plus is that Shadowcash doesn’t require an equal input or output like the Zero protocols; making it much more efficient and flexible. It also retains the integrity of Satoshi’s core principals of trustless transactions, double-spend prevention, decentralization with distributed consensus.

At the same time it removes the misplaced conception of mixing ‘clean’ and ‘dirty’ coins by simply removing the link between the ‘dirty’ coinbase by minting new ‘clean’ coin. As a result, it also removes the need to trust any mixing services, as the protocol, ShadowSend, is native to the Shadow network. The new Shadowcash protocol has been live for about a month and with widespread adoption it could spell the end for Bitcoin mixing services as we know it.


One possible weakness could be timing and redemption analysis. Although, there would be no way to directly link transactions, if a user redeems Shadow for SDC shortly after being sent SDC for Shadow in the same amount, then a blockchain analyst could assume the transactions are linked, but wouldn’t be able to prove it. This would be time consuming, as the investigator would also have to search every transaction in order to do this. If the redeemer used multiple Shadow-to-SDC stealth addresses for redemption, then the analyst’s efforts would prove futile. Another way to solve this would be to redeem amounts in separate values, at separate times and to separate SDC stealth addresses, instead of redeeming the original amount sent. This is still a massive privacy improvement over Bitcoin’s linkability and traceability.

Outside of that, the system is still new and hasn’t received any high-level peer review. However, it is based on proven technology: Satoshi’s Bitcoin codebase, dual-key stealth addresses, traceable ring signatures and non-interactive zero knowledge proofs. Developers from other projects have praised the system’s design, but as of the time of this writing there hasn’t been comments made by any fancy pants cryptographers.

Future Updates:

Shadow is also working on a decentralized marketplace, codenamed ‘sBay’, built on top of their encrypted messaging system, ShadowChat, with Shadowcash as the primary currency. Not much is known at this point regarding the marketplace specs, but according to the roadmap, it’s due out soon for open beta. Also, according to the Shadow website, “the marketplace will provide cash liquidity in localbitcoins fashion, will enable users to buy and sell items anonymously and will provide end-to-end decentralized stability.”

A decentralized localbitcoins concept could help preserve the idea of trustless decentralization by removing the clearing house mechanism associated with fiat transfers.


Despite not being widely publicized, the creator of Darkcoin, Evan Duffield, one the leading altcoin projects and marketcap leader for privacy coins, attempted to acquire Shadow, which speaks volumes for the project’s future.

Shadow’s unique combination of proven technology will undoubtedly change the definition of financial privacy, but only after the system has made it’s way through the gauntlet of security experts. The code is open source, so anyone qualified is able to review the whitepaper and audit the code. German systems security expert and cryptographer Isidor Zeuner has taken up the task to analyze the system for a thorough peer review. The results of his findings will be posted on www.shadowtalk.org in the near future.

In a time where government crackdowns of hidden services are increasing and trust in market operators is decreasing—trustless anonymity couldn’t come at a better time. Vendors should be demanding market operators implement state-of-the-art open source technologies that use standard cryptographic primitives to provide transactional peace of mind. Market operators should focus on implementing greater security measures by providing users access to the best financial privacy toolset available and right now that toolset is Shadow.

For additional information visit www.shadow.cash

Forums: www.shadowtalk.org

Source Code: https://github.com/SDCDev/shadowcoin/

Freenode IRC: #shadowcash


Bittrex: https://bittrex.com/Market/Index?MarketName=BTC-SDC

Poloniex: https://poloniex.com/exchange#btc_sdc

Cryptsy: https://www.cryptsy.com/markets/view/306




  1. “Outside of that, the system is still new and hasn’t received any high-level peer review. However, it is based on proven technology: Satoshi’s Bitcoin codebase, dual-key stealth addresses, traceable ring signatures and non-interactive zero knowledge proofs. Developers from other projects have praised the system’s design, but as of the time of this writing there hasn’t been comments made by any fancy pants cryptographers.”

    The community has raised 5 BTC for an outside review by Isidor Zeuner: http://shadowtalk.org/topic/321/shadowcash-whitepaper-review-and-code-audit

    As far as I know the review is in progress.

  2. Nice to see Shadow getting some mainstream attention, I think it is superior to Dark in every way which IMO is more marketing than substance.

  3. I expect shadowcash to be the default anonymous cryptocurrency by the end of 2015. Nothing else comes close.

    • You seem to be misinformed: Monero has had Ring Signatures for ages. It is proven technology (Shamir’s Shared Secret) which works without the Zero Knowledge smokescreen.
      Judging by its market cap, XMR will be the default anonymous cryptocurrency within a few years.

      Oh, and to the people of deepdotweb: PLEASE switch to Bitmessage, TorChat or Ricochet-IM for your contact info. Even respected cryptographers still only list email adresses and regarding traffic analysis that is a nono, a gazillion-byte-PGP key doesn’t help against that, Mr Sneider and Mr Green.

      • Sam-U-L Jackson

        Definitely stay away from Monero or any Cryptonote currency derived from Bytecoin. The NSA connection cannot be dis-proven and that alone is enough in my mind to stay away from it. Good luck promoting your government coin.


        • OK, let me carefully and friendly rephrase my original post. No need to get harsh, thank you.

          Zerocoin and derivatives (ZCs) are based on a new zero-knowledge proof, so there might still be caveats as with any new cryptography. Now suppose ZCs would be great in itself, then why still use Ring Signatures? I understand someone would be extra carefull, so there still might be a niche for these stacked algo coins like Quarckcoin etc…
          ZCs are basically sidechains, just read the 2 technical papers.

          CryptoNote and derivatives (CNs) use the above mentioned Ring Signatures that existed and are academically peer reviewed since 2001, as per your posted link.

          Both possibilities are still a guess, I simply argue that the Ring Signatures are for the moment a much better guess. :)
          For more details you can see Andrew Poelstra ‘s overview of anonymisation techniques here:
          His viewpoint is Bitcoin-based, but you should get the general ideas.

          Finally regarding the NSA accusations: the most fundamental potential problems with CNs would be the possibility of the Key Images being reverted from the hash by a secret series of numbers. This was tried before and can be found, as explained here:
          And the creators of CN working for them to push broken Ring Signatures into a cryptocurrency. A quick search reveals that the CN developers are anonymous and the first CN based currency has evidence of instamine/premine by using a deliberately crippled mining algorithm in the code. For some other CNs, the developers are known, forking attacks have been thwarted, dynamic restoration points/features have been added to the blockchain, external experts are hired to vet the code etc … so basically these are outside the control of the original CN creators, whomever they may be.
          Meanwhile the Ring Sig Crypto is still researched and getting stronger by the day. As will ZCs, I’ll grant you that, so whatever tickles your pickle.

          I’ll rest now, and I tried to be as factual as possible and focus on the technical issues at hand, so if I would have offended you, please accept my apologies.

  4. Nice article SDC has a bright future if you would like to try SDC out i have a giveaway going on here https://ocupy.net/hubs/ion/62-100-shadowcash-giveaway?start=6#108

  5. Sweet article. I’ve been keeping a close eye on this project for the last few months and sold my DRKs with no regrets to buy SDC. The technology on display on this coin is the the future of commerce. A thing this article didn’t mention which is very important:

    1) The really intuitive and beautiful HTML5 wallet UI which is vital for wide scale adoption. Compared to the standard Bitcoin Qt and even more so ZeroCash based wallets the ShadowCash wallet is a piece of art visually. It looks and runs like a profession retail piece of software.

    ShadowSend v2 (Zero Knowledge Anon) + Encrypted chat + Decentralised Marketplace + LocalShadowCash + HTML5 wallet = Epic commerce and privacy win.

    I read that i2p integration and something special is coming soon also but that’s for another discussion.

    2015 will be Shadows year.

  6. If I remember correctly either zerocoin and/or zerocash had the encryption key problem where it was impossible to prove that the original key which the whole thing is based on had been destroyed.

    If it’s the same with shadowcash than the whole thing is a non starter as guess what? It requires trust.

    If not then this coin might have a bright future.

  7. Does the below also apply to shadow? If so it’s DOA, if not then it’s got a good chance.

    Copied from zerocash FAQ (last point in the FAQ)

    Can one put a backdoor in Zerocash?

    Zerocash requires a trusted entity to conduct a one-time setup of the parameters of the system. During the setup procedure, secret random bits are drawn and used to compute the public parameters; the random bits are then destroyed, and the parameters are broadcast. If done correctly, then no secrets or backdoors remain.

    If this setup procedure were to be corrupted, the system would continue to provide anonymity guarantees, but it would be possible to “forge” coins. As long as this setup procedure is conducted honestly, it is not possible to corrupt the public parameters of the system.

  8. yawn

  9. If SDC were really anonymous, its market cap would be greater than DarkCoin (the latter of which has not yet achieved true anonymity). The graphics reek of a run of the mill scam coin. Has anyone vetted the crytography in this coin? Something is not quite right……

    • anonymouse

      It seems you didn’t even bother reading the article.. one reason for the low market cap is lack of awareness. Most crypto media publications like coindesk and cointelegraph have boycotted any coverage of Shadow. Even though the project has nailed down numerous firsts for cryptocurrency they just seem like they don’t care to cover it. It’s nice to see the project get some fair coverage for once.

      Your opinion about the graphics representing a scam is misplaced. The graphics are professionally done and are on part with most successful tech startups. A few of the holders from SDC are responsible for exposing numerous scams and pump and dump projects like when Smurf exposed all the pump groups behind Blocknet and those pump groups threatened to “kill” sdc. Well SDC is still here and the tech is stronger than ever.

      Anyways, I’m sure this article will open the door for larger publications to cover the project since the crypto media has a bias against anonymous projects like Shadow.

      • jimjones4u

        Yo mousey, mousey, anonymousey – ” lack of awareness ” is a bogus excuse. Shadow Man’s coin has been advertised on this site quite a few times. This article will only ” open more doors ” because it is less of a blatant shilling advertisement for SDC than previous articles.

        Coindesk has given plenty of alt-cryptocoins exposure. They have had quite a few articles on darkcoin and dark send among others. They have had many articles on anonymity ( or lack there of ) regarding bitcoin and altcoins. Their articles are the most unbiased Ive seen. Conversely, articles like this one are paid ads because this site has less of a support structure.

        The market cap of SDC remains low because it is unproven. Nothing has changed since I read an article months ago about it. The 1 exception is the supposed merger proposal by darkcoin. That sounds more like a PR stunt.

        SDC needs to stop promising a perfect anonymized alternate universe and prove its self.

        • boringpost

          ZZZZzzz.. lol coindesk and cointelegraph covered i/o coin.. lol. their writers demand btc for coverage or only cover things they have a vested interest in. Both those publications are a disgrace to journalistic integrity and hence why shadow had not been mentioned there because nobody is willing to pay them for coverage. A great example is cointelegraph’s paid listing program. Want an article? Pay 2.5btc lmao. GTFO with your misinformed bullshit claims.

          The bottom line here is shadow has proven itself. You cannot trace any coins or show any proof all without mixing. Show me one other major article that even mentions this innovation and I’ll believe you that “awareness” isn’t the issue. I really am not sure which articles you’re speakin of that are shill posts because there a about a grand total of 4-5 or so press mentions for Shadow regardless that they have banged numerous firsts for a cryptocurrency. PoS iOs, droid, thin mode, dual key stealth, real anon, html gui framework, p2p encrytped messaging yet nobody in the crypto media covers it. If you can’t see there is a bias towards the project then a, you work for those publications or b, your blind as a bat.

          The only shill post here is you peddling your bullshit claims of shill. Everything contained in your shitpost is garbage. “prove itself, shill, pr stunt” etc lol. from what i can see its just trash talk from another dipshit on the internet. Go ask Darkcoins Evan if it was a pr stunt or a legit proposal to acquire the project and the team behind it. Either way i could give two fucks on this sunday about your opinion.

          • jimjones4u

            ” the system is still new and hasn’t received any high-level peer review. ”

            Gee that really sounds proven to me. They say that it uses ” proven technology “. That basically means nothing.

            ” One possible weakness could be timing and redemption analysis. ” Note the it says “possible” and “could be”. In other words it is unproven.

            You have no argument -at all- that it has proven itself.

            I think it would be wonderful if a Shadowcoin / Shadow universe existed where we could all revel in the joy of pure anonymity, pure exemption from the long arm of LE and no reprecussions whatsoever. Sign me up if it works.
            Quit whining about media bias bla bla bla. Its so unfair, waa, waaah, waaah. You are breaking my heart. Get your precious shadowcoin tested by some expert cryptographers and let the good times roll. Instead of crying like a baby and pulling the bias card go do something about it.

          • jimjones4u

            ” Go ask Darkcoins Evan if it was a pr stunt or a legit proposal to acquire the project and the team behind it. Either way i could give two fucks on this sunday about your opinion.”
            Are you really that naive ? I have no doubt that Evan made a proposal just as Shadowcoin made abundantly clear. Ask Evan ? Ummm – Mr Evan sir did you really intend to merge with shadowcoin or was that just a publicity stunt ? I have no doubt Evan would give me an honest answer. Thanks for the advice. I will go ask him right now and get to the bottom of this matter. Why didnt I think of that ?

    • Michael

      Darkcoin hasn’t even been peer reviewed, you know in life sometimes the better product doesn’t always win in the end or takes time to overtake the competition? Dark has had months of publicity that SDC is only now starting to get.

      Besides the point is moot, Eric wouldn’t have offered to buy out SDC’s tech if he didn’t think it was special. Notice he never made the offer to other anon coins.

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *