ZCASH Technicals vs Bitcoin Anonymity

[spartacusrex]

Lot of chit-chat about ZCASH. It is certainly a very exciting project, but all projects have pros and cons.

Here are some technicals to digest.

1) ZCASH has a special txn, that allows you to send coins just like Bitcoin, but the sender, receiver and amount are all hidden using a Zero Knowledge Proof.  

2) ZCASH has a technology that has to be 'initialised' by first creating a public/private key pair. You keep the public key, but delete the private key .. You must TRUST that 'they' (the devs) have done this. (I think keeping them would be toooo dangerous, so I don't think they are lying about this.. ) To be fair they have done https://z.cash/blog/the-design-of-the-ceremony.html to mitigate as best they can. Basically many people are involved, in many geographical locations, and no-one knows the 'whole' truth.

'With the MPC protocol, as long as at least one of the participants successfully deletes their private key shard, then the toxic waste is impossible for anyone to reconstruct. The only way the toxic waste can be reconstructed is if every participant in the protocol were dishonest or compromised.'

If ANYONE ever has those 'special' numbers they can create money on the network, they can't steal yours, but it is IMPOSSIBLE to tell..

3) ZCASH's accumulator (the thing that allows the Zero Knowledge proofs) cannot currently be pruned. You must keep track of ALL the spent hidden outputs. They may find a solution, but none has arisen yet.

4) Currently the ZCASH devs take a 20% cut of all the coins that are mined. (I mention this, because, well, hmm..)

------------

Currently Bitcoin is 'only' pseudonymous, but..

1) Bitcoin has 'Confidential Txns' (CT) working on a side-chain, this hides the amounts that are sent, but not the sender and receiver. It may someday be integrated into the main net. No trusted setup is required.

2) CT + Coin Join (and maybe OWAS - a new technique that may allow a whole block to be coin-joined trustlessly), gives a smaller anonymity set. You would know that one of these addresses has sent 'some amount' to one of these other addresses. If you are using OWAS, the number of addresses used in the coinjoin could be the number of txns in a block. Otherwise normal Coin Join / Coin Shuffle rules apply.

3) Bitcoin is fully pruneable. And so are the CT txns.

..

So.. all in all.. pretty exciting really. If nothing else it lights a fire under Bitcoin's ass. ;p

[1715319475]

1715319475

[1715319475]

1715319475

[1715319475]

1715319475

[thejaytiesto]

Lot of chit-chat about ZCASH. It is certainly a very exciting project, but all projects have pros and Bitcoin, but the sender, receiver and amount are all hidden using a Zero Knowledge Proof.  

2) ZCASH has a technology that has to be 'initialised' by first creating a public/private key pair. You keep the public key, but delete the private key .. You must TRUST that 'they' (the devs) have done this. (I think keeping them would be toooo dangerous, so I don't think they are lying about this.. ) To be fair they have done https://z.cash/blog/the-design-of-the-ceremony.html to mitigate as best they can. Basically many people are involved, in many geographical locations, and no-one knows the 'whole' truth.

Wait, wasn't ZCoin (Zerocoin) the coin that needed a ceremony to "guarantee" that the devs delete that key?

I am so confused between Zcoin and Zcash... in any case, I discounted the coin that needed you to trust the devs into deleting those files as totally useless and idiotic. I mean how dumb it can be that you need to trust some guys to delete a masterkey that allows them to be gods within the coin ecosystem? its just so dumb. How can people be paying 3+ BTC per coin right now for this thing? I must be pure speculation. I think the coin fundamentals are dead only judging by the fact that you need to trust them into deleting those super master keys

[spartacusrex]

They ALL need to be in on it, or they can't cheat.

I think the likely-hood of that is 'almost' zero.

I'm more concerned that a bug is found in the protocol, and that coins can be created, without anybody knowing..

[AtheistAKASaneBrain]

I also keep getting confused with both zcash and zcoin. I didn't buy any because I don't understand the technical fundamentals and i don't see how they are going to be relevant when we already have Monero, not to mention Bitcoin will become more private soon...

I should have bought tho, those pumps are tasty.

[solid12345]

I'm more concerned that a bug is found in the protocol, and that coins can be created, without anybody knowing..

This.  The dev rewards on both Zcoin and Zcash are already so high that I don't think the devs would abuse the inflation rate and risk the whole system collapsing when they can be wealthy alone off the coins minted. What I worry more is another DAO-type hacker who finds an exploit in Zcash and abuses it silently. That is one positive strength about zcoin is it has a public blockchain so people would notice.

[cryptimus prime]

i don't see how they are going to be relevant when we already have Monero

In January 2017 the implementation of Ring CT into Monero will enable basically the same strength of anonymization like that with Zcash.  
Without a need for a trusted setup.

Ring CT is already built into the current XMR version, it will just be switched on.