(2026-05) Privacy Coins Under Viewing Key Compromise
2026-05-05
Anonymity guarantees of privacy-oriented cryptocurrencies are garnering negative attention from lawmakers who view them as antinomic to accountability. Having recognized their potential for innovation, however, regulators may not want to outright ban privacy coins but instead seek a middle ground where financial oversight is effective, and still a modicum of privacy is maintained. Mature designs, such as Zcash, Monero, or Firo, facilitate this through so-called viewing keys that can be disclosed to third parties for the purpose of supervision. This paper initiates the study of the issues of security, privacy, and fungibility that privacy coins face in the non-custodial setting with the legal obligation on users to surrender their viewing keys to the authorities. In doing so, it fills the gap in provable anonymity guarantees for Zcash and, at the same time, exposes non-trivial gaps for Monero and Firo. Of independent interest is that the naturally defined notion of spend indistinguishability is shown to imply practical anamorphic spending as introduced by Cinal et al. (ESORICS'25), and a novel perspective is presented, framing UTXO-based privacy coins under viewing key compromise as transparent account-based cryptocurrencies instead.