of a cryptographic commitment to a new coin, which specifies the coin's value, owner address, and (unique) serial number. While addresses are not explicitly tied to users' real identities, several recent works have shown that the block chain can be mined to learn information about users' spending habits. Verifying Zerocash transactions, for a mint transaction, the commitment contained therein is constructed so that that anyone can verify that the committed coin has the claimed value. Because the block chain is public, the history of all transactions can be viewed by anyone, via the Bitcoin software or by visiting any block-chain monitoring service.
A mint transaction allows a user to convert a specified number of non-anonymous bitcoins (from some Bitcoin address) into the same number of zerocoins belonging to a specified Zerocash address. This last feature can be used to transfer zerocoins back into (non-anonymous) bitcoins or to pay transaction fees. SHA-256 hash function, and hides both the coin's value and owner address. Zerocash transactions, zerocash's functionality is realized using just two new types of transactions: mint transactions and pour transactions.
Zerocash extends Bitcoin's protocol by adding new types of transactions that provide a separate privacy-preserving currency, in which transactions reveal neither the payment's origin, destination, or amount. For a pour transaction, anyone can verify that the zero-knowledge proof contained therein is valid (and that a few other simple invariants hold). Roughly, a pour transaction, for (up to) two input coins and (up to) two output coins, involves proving, in zero knowledge, that: the user owns the two input coins; each one of the input coins appears in some previous mint transaction or as the output. Optionally, the pour transaction can also output some (non-anoymous) bitcoins. Specifically, Zerocash uses zk-snarks constructed. Unfortunately, merely publishing this information as an "ownership proof" is not private; instead, to achieve privacy, we rely on a second type of transaction, which allows a user to prove, in zero knowledge, that he knows such information. Individual Zerocash nodes maintain a, merkle tree over all of the coin commitments seen thus far.