Show Posts
Zerocoin update!
First of all, I wanted to clear up any confusion with respect to Matthew Green and the other Zerocoin project members. The "new" Zerocoin, called "Zerocash", is based on completely different cryptography than the "old" Zerocoin (I will be implementing the old one). The Zerocoin project has essentially abandoned their previous idea in favor of Zerocash, and expect to release both the paper and the coin in late May.
We are very grateful for the excellent work of the Zerocoin people in developing the original Zerocoin, however they have apparently chosen to ignore our communications, for unknown reasons. Fortunately, I have the knowledge needed to implement this without their help.
It is reasonable to ask why we are working on implementing the old Zerocoin when the cryptographers responsible for it are working on their own alt-coin implementing a new idea. There are two reasons: 1) there is no way of knowing for sure that this new Zerocash coin will be released on time, or will work correctly, and there is strong demand for a truly anonymous crypto-currency ASAP; and 2) the new Zerocash may be fatally dependent on a trustworthy party for setting up the initial parameters, as is suggested by my readings about zkSNARKs. It is an incredible stroke of luck that a workaround exists to this problem for the old Zerocoin (so-called "RSA UFOs", which I am working on at present), and it is likely that no workaround exists for Zerocash.
First of all, I wanted to clear up any confusion with respect to Matthew Green and the other Zerocoin project members. The "new" Zerocoin, called "Zerocash", is based on completely different cryptography than the "old" Zerocoin (I will be implementing the old one). The Zerocoin project has essentially abandoned their previous idea in favor of Zerocash, and expect to release both the paper and the coin in late May.
We are very grateful for the excellent work of the Zerocoin people in developing the original Zerocoin, however they have apparently chosen to ignore our communications, for unknown reasons. Fortunately, I have the knowledge needed to implement this without their help.
It is reasonable to ask why we are working on implementing the old Zerocoin when the cryptographers responsible for it are working on their own alt-coin implementing a new idea. There are two reasons: 1) there is no way of knowing for sure that this new Zerocash coin will be released on time, or will work correctly, and there is strong demand for a truly anonymous crypto-currency ASAP; and 2) the new Zerocash may be fatally dependent on a trustworthy party for setting up the initial parameters, as is suggested by my readings about zkSNARKs. It is an incredible stroke of luck that a workaround exists to this problem for the old Zerocoin (so-called "RSA UFOs", which I am working on at present), and it is likely that no workaround exists for Zerocash.
I've heard this is not technically possible to start Zerocoin in a trustless manner and this is why Matthew Green and members abandoned the first Zercoin project.
Are you just trolling or did you not even Google your username -
Quote
When a zerocoin is minted, the coin is added as a member to the set of all zerocoins by way of a one-way cryptographic accumulator. In order to prove later that a given zerocoin belongs to this set, during the initial setup of the accumulator, it is necessary to define a number N that is the product of two prime numbers P and Q. If the prime numbers are large enough, it would be infeasible for any party to factor N to obtain knowledge of P and Q. However, if the party who setup the accumulator were to know these prime factors, then this party would be able to bypass the security of the system and forge zerocoin membership proofs. Anoncoin solves this setup problem by using RSA UFOs (generalized RSA moduli of unknown complete factorization) for the number N, which can be generated in a trustless manner.
https://wiki.anoncoin.net/RSA_UFO
https://wiki.anoncoin.net/RSA_UFO
I wonder how such ppl can look in the mirror in the morning...
If the zerocoin algo, or its security, rely on the infeasibilty of factoring N to get primes P and Q then basically you are giving a shelflife to zerocoin. You are saying at some point in the future all previous transactions will be decrypted.
Considering the nature of math, of primes and so on, the algo is not likely to last long. Considering further the possibility that there may be entities with access to extremely high computing power i.e., supercomputers, it is a blind guess whether the algo will even be trustable the very day it is released.
This is no secret. The implementation of zerocoin into anc is either a deliberate scam or some sort of attempt to discredit it.
