| Zerocoin: Anonymous Distributed E-Cash from Bitcoin |
| << < (24/33) > >> |
|
Hal: I really like Adam's very creative idea earlier in this thread to have a pure-zerocoin system: https://bitcointalk.org/index.php?topic=175156.msg2420768#msg2420768 The zerocoin paper proposed a hybrid bitcoin-zerocoin system. Bitcoins would be temporarily exchanged for zerocoins, and then exchanged back. Adam's idea was that zerocoins would be exchanged directly for zerocoins. Zerocoins could be mined directly, too. All this is a simple modification of the zerocoin protocol. In fact, it would be simpler in terms of code size, because you wouldn't have to support bitcoin transactions. No scripting language, no bitcoin validation rules. Just pure zerocoin spend transactions. This would also free us from the forced assumption of bitcoin-zerocoin parity. The heavy resource requirements of zerocoin might naturally break that parity. (Admittedly, zerocoin would first be implemented as an extension to an alt, so the value in terms of bitcoins would float. But the simplification is still a win.) There are various proposals to do P2P exchanges between altcoin chains. I don't know what the status is as far as Bitcoin support in the bitcoin-qt client. You'd have to have a new client to do the P2P protocol. But even if we had to rely on an exchange, it would be an interesting experiment. The last problem for a zerocoin implementation is the generation of an RSA modulus for which no one knows the factorization. This is hard, and deserves more analysis. |
|
phelix: You are welcome to vote for Zerocoin as Bitcoin Project of the Quarter: https://bitcointalk.org/index.php?topic=251087.0 |
|
drawingthesun: Quote from: Hal on July 07, 2013, 11:01:32 PM The last problem for a zerocoin implementation is the generation of an RSA modulus for which no one knows the factorization. This is hard, and deserves more analysis. If someone finds out the factorization, what are the implications? All the anonymous transactions become public? |
|
Peter Todd: Quote from: drawingthesun on July 16, 2013, 07:32:18 PM Quote from: Hal on July 07, 2013, 11:01:32 PM The last problem for a zerocoin implementation is the generation of an RSA modulus for which no one knows the factorization. This is hard, and deserves more analysis. If someone finds out the factorization, what are the implications? All the anonymous transactions become public? No, but they can use the key to create fake zerocoins. (basically they can fake the proof that they added a zerocoin to the accumulator) |
|
tjohej: Quote from: Gavin Andresen on May 30, 2013, 01:15:54 PM But it feels to me like finding an essentially zero-cost way to increase transaction privacy that everybody uses by default is the best answer. Maybe it could be implemented on the Bitcoin testnet at some point? (with the risk of breaking it as well) Though as you said, finding a zero-cost solution will not be Zerocoin and Zerocoin as I see it may demand 10 times the resources of the current running implementation of Bitcoin. What do you others think? Should Zerocoin be implemented in Bitcoin or should it be tried first on a new or existing cryptocurrency? There's a libzerocoin at github. The most recent commit was at 2013-07-12 02:04 titled Quote Merge pull request #4 from jhasse/mingw Rename uint to uint32_t |
| Navigation |
| Message Index |
| Next page |
| Previous page |