Bitcoin Forum
March 30, 2024, 03:22:24 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 [7] 8 9 »  All
  Print  
Author Topic: Zerocoin: Anonymous Distributed E-Cash from Bitcoin  (Read 37693 times)
hathmill
Full Member
***
Offline Offline

Activity: 186
Merit: 100



View Profile
August 05, 2013, 02:23:32 PM
 #121

I think a totally new alt coin should be created for zerocoin because that is lowest risk and barrier is lowest.
1711768944
Hero Member
*
Offline Offline

Posts: 1711768944

View Profile Personal Message (Offline)

Ignore
1711768944
Reply with quote  #2

1711768944
Report to moderator
1711768944
Hero Member
*
Offline Offline

Posts: 1711768944

View Profile Personal Message (Offline)

Ignore
1711768944
Reply with quote  #2

1711768944
Report to moderator
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711768944
Hero Member
*
Offline Offline

Posts: 1711768944

View Profile Personal Message (Offline)

Ignore
1711768944
Reply with quote  #2

1711768944
Report to moderator
drawingthesun
Legendary
*
Offline Offline

Activity: 1176
Merit: 1015


View Profile
August 05, 2013, 02:52:16 PM
 #122

I think a totally new alt coin should be created for zerocoin because that is lowest risk and barrier is lowest.

Except there is risk, if this alt coin takes off and zerocoin is seen as an attractive alternative it could supersede Bitcoin.

I understand that the Bitcoin developers could add zerocoin, but it would need to be tested and all the miners and nodes would have to agree, all this whilst the new alt starts to erode Bitcoin market share[1]. The worst case scenario is many Bitcoin whales see the writing on the wall (Bitcoins developers arguing, not reacting fast enough) and exchange significant parts of their holdings over to the new coin. If this happens we might witness a runaway effect that moves most commerce over to the new coin and anyone left with Bitcoin being a loud whining bagholder.

I think testnet Bitcoins should be used as a testbed, to limit the possibility of a competitor quickly rising.

Many of you will laugh me off as paranoid, I approach these issues as a "think of the worst case" situation and prepare for it.

[1] If you think this is stupid please consider how Litecoin has an estimated 5-10% of Bitcoin hashpower whilst offering nothing in terms of real advantages, A real competitor will also attract vast amounts of people who were not original early adopters and they will fight forever tooth and nail to make their investment worth more. This is going to be a can of worms. I can see a monster being born to destroy the creator.
runeks (OP)
Legendary
*
Offline Offline

Activity: 980
Merit: 1008



View Profile WWW
August 05, 2013, 03:31:58 PM
 #123

I think a totally new alt coin should be created for zerocoin because that is lowest risk and barrier is lowest.
Many of you will laugh me off as paranoid, I approach these issues as a "think of the worst case" situation and prepare for it.
I think we will waste a lot of time and resources by assuming the worst case and preparing for that. It does not seem like a rational strategy to me.

The rational strategy would be to weigh risks and benefits, and adopt the solution that best balances these two aspects.

In the case of Zerocoin we have both a lot of added risk (the protocol hasn't actually been deployed yet), and it increases the hardware requirements (CPU power, storage space, bandwidth) of running a full node.

Given that the benefit is, at best (ie. in case there are no vulnerabilities), full anonymization of all transactions, and given that this can already be achieved selectively by individuals who require this feature, I think Zerocoin should be implemented as a separate cryptocurrency, and tested out completely separate from the Bitcoin protocol.

I think a lot of people quickly forget just how unsafe Bitcoin was regarded as just two or three years ago. This would start all over again with a modification of the core protocol, and if you worry about a declining price of bitcoins, I believe modifying the existing core Bitcoin protocol would do much more harm than a separate Zerocoin taking off. At the bare minimum it will take as long as Bitcoin has existed for people to trust that protocol, and probably longer because introduces more complexity into the core protocol.

In other words, I don't think we are in a hurry. Zerocoin, as a separate cryptocurrency, will take a long time to gain confidence from users.

If you are afraid it will supercede Bitcoin then buy some "Zerocoins" for your bitcoins. It's as simple as that. Cryptocurrency-to-cryptocurrency exchanges are extremely efficient, and you could hedge your position as you see fit, instead of forcing every Bitcoin user to adapt to your worst case scenario.

If this separate Zerocoin becomes more popular than Bitcoin, I'd be very happy! It would mean that it has greater value than Bitcoin to the people using it. Bitcoin is already amazing, improving it can only be positive. If you worry you will lose out financially on this, then, again, buy some "Zerocoins" for your Bitcoins.
drawingthesun
Legendary
*
Offline Offline

Activity: 1176
Merit: 1015


View Profile
August 05, 2013, 03:36:11 PM
 #124

I think a totally new alt coin should be created for zerocoin because that is lowest risk and barrier is lowest.
Many of you will laugh me off as paranoid, I approach these issues as a "think of the worst case" situation and prepare for it.
I think we will waste a lot of time and resources by assuming the worst case and preparing for that. It does not seem like a rational strategy to me.

The rational strategy would be to weigh risks and benefits, and adopt the solution that best balances these two aspects.

In the case of Zerocoin we have both a lot of added risk (the protocol hasn't actually been deployed yet), and it increases the hardware requirements (CPU power, storage space, bandwidth) of running a full node.

Given that the benefit is, at best (ie. in case there are no vulnerabilities), full anonymization of all transactions, and given that this can already be achieved selectively by individuals who require this feature, I think Zerocoin should be implemented as a separate cryptocurrency, and tested out completely separate from the Bitcoin protocol.

I think a lot of people quickly forget just how unsafe Bitcoin was regarded as just two or three years ago. This would start all over again with a modification of the core protocol, and if you worry about a declining price of bitcoins, I believe modifying the existing core Bitcoin protocol would do much more harm than a separate Zerocoin taking off. At the bare minimum it will take as long as Bitcoin has existed for people to trust that protocol, and probably longer because introduces more complexity into the core protocol.

In other words, I don't think we are in a hurry. Zerocoin, as a separate cryptocurrency, will take a long time to gain confidence from users.

If you are afraid it will supercede Bitcoin then buy some "Zerocoins" for your bitcoins. It's as simple as that. Cryptocurrency-to-cryptocurrency exchanges are extremely efficient, and you could hedge your position as you see fit, instead of forcing every Bitcoin user to adapt to your worst case scenario.

If this separate Zerocoin becomes more popular than Bitcoin, I'd be very happy! It would mean that it has greater value than Bitcoin to the people using it. Bitcoin is already amazing, improving it can only be positive. If you worry you will lose out financially on this, then, again, buy some "Zerocoins" for your Bitcoins.

Thanks for your response, very well reasoned and after reading what you have to say I do agree.

I didn't think about the possible downsides to Bitcoin if it was forced onto all the users and then if it was found to be insecure the loss of confidence would indeed be devastating.

Cheers runeks.
hathmill
Full Member
***
Offline Offline

Activity: 186
Merit: 100



View Profile
August 05, 2013, 04:22:15 PM
 #125

I think a totally new alt coin should be created for zerocoin because that is lowest risk and barrier is lowest.
Many of you will laugh me off as paranoid, I approach these issues as a "think of the worst case" situation and prepare for it.
I think we will waste a lot of time and resources by assuming the worst case and preparing for that. It does not seem like a rational strategy to me.

The rational strategy would be to weigh risks and benefits, and adopt the solution that best balances these two aspects.

In the case of Zerocoin we have both a lot of added risk (the protocol hasn't actually been deployed yet), and it increases the hardware requirements (CPU power, storage space, bandwidth) of running a full node.

Given that the benefit is, at best (ie. in case there are no vulnerabilities), full anonymization of all transactions, and given that this can already be achieved selectively by individuals who require this feature, I think Zerocoin should be implemented as a separate cryptocurrency, and tested out completely separate from the Bitcoin protocol.

I think a lot of people quickly forget just how unsafe Bitcoin was regarded as just two or three years ago. This would start all over again with a modification of the core protocol, and if you worry about a declining price of bitcoins, I believe modifying the existing core Bitcoin protocol would do much more harm than a separate Zerocoin taking off. At the bare minimum it will take as long as Bitcoin has existed for people to trust that protocol, and probably longer because introduces more complexity into the core protocol.

In other words, I don't think we are in a hurry. Zerocoin, as a separate cryptocurrency, will take a long time to gain confidence from users.

If you are afraid it will supercede Bitcoin then buy some "Zerocoins" for your bitcoins. It's as simple as that. Cryptocurrency-to-cryptocurrency exchanges are extremely efficient, and you could hedge your position as you see fit, instead of forcing every Bitcoin user to adapt to your worst case scenario.

If this separate Zerocoin becomes more popular than Bitcoin, I'd be very happy! It would mean that it has greater value than Bitcoin to the people using it. Bitcoin is already amazing, improving it can only be positive. If you worry you will lose out financially on this, then, again, buy some "Zerocoins" for your Bitcoins.

Thanks for your response, very well reasoned and after reading what you have to say I do agree.

I didn't think about the possible downsides to Bitcoin if it was forced onto all the users and then if it was found to be insecure the loss of confidence would indeed be devastating.

Cheers runeks.

Thank you for a well balanced discussion. I would like too emphasize the part inn my argument concerning barrier. It could potentially take a long time t convince bitcoin community to accept zerocoinn development, hence the effort involved in creating a new alt zerocoin would be lower (no one at all to convince, no concent needed and so forth and so on). If zerocoin is a success and worthwhile integrating in bitcoin the discussion about doing so could then be had and at that time with more certainty about risk and benefit. My take on zerocoin is that IF third party trust could be somehow removed then that would be a major improvement. If not, research and more knowledge is good anyways.
tjohej
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


Magic Staff


View Profile
September 02, 2013, 01:32:16 PM
 #126

Launch a Zerocoin testnet. A Zerocoin testnet would say "Here's how it works in practice" with 0 price.

...
or do you maybe trade Bitcoin testnet coins already? Grin

...that's why I assume that Zerocoin testnet coins would never be traded but just show if it is stable or how much processing power it requires.(is it hackable? Maybe it is hackable? Great introducing new security to Bitcoin, NO THANK YOU! ...and then making us a point of ridicule among the worldwide community)

If we assume that enabling Zerocoin as an extension to Bitcoin causes a 200% slowdown. So that instead of taking 300 seconds to validate 80000 blocks, it now takes 900 seconds to validate them, on some specific hardware setup, then it would again be a "no, thanks".

The reason there is not even a testnet of Zerocoin as something to compare to I would say that Zerocoin is today 2013 in September 0% likely to get implemented in Bitcoin(not even close to the Bitcoin testnet), even my speculation says it is 0% likely.

There may still be hope for the 1st decentralized cryptocurrency which is Bitcoin. How to approach different subjects is key to progress.
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4158
Merit: 8343



View Profile WWW
September 03, 2013, 02:02:06 AM
 #127

or do you maybe trade Bitcoin testnet coins already? Grin
People have, and we've had to reset the testnet multiple times and make some minor changes to undermine the security of it.

But even if you do this, someone will just copy the code into FooNinjaRealUltimateCoin... so you can't get what you want there.

This has resulted in several occasions of altcoins cropping up 'competing' with Bitcoin by copying code from the Bitcoin core team which was just not mature enough yet to deploy in Bitcoin... greenfields are much easier and faster to deploy into. It's like the Microsoft "Embrace, Extend, Extinguish" business model but supercharged since you can just extend by copying code written by your competition!

But hey, if something based on Bitcoin that has ZC is preferred over Bitcoin by the public— then perhaps thats what should happen.  The costs of ZC, especially without network-pseudo-interactive cut-and-choose to make the proofs smaller, make this seem unlikely to me.  Certainly introducing non-consensus features via an alternative coin is improved in terms of obtaining consent then just merging it in an existing coin.
tjohej
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


Magic Staff


View Profile
September 10, 2013, 02:00:58 PM
 #128

https://anoncoin.net/ mentions as of August 30, 2013 that they will begin implementing Zerocoin.
...if it works.

I guess it will make it first into some Anoncoin testnet, maybe a testnet specifically for zero-knowledge proofs.(learnt about this from the Zerocoin subreddit)

There may still be hope for the 1st decentralized cryptocurrency which is Bitcoin. How to approach different subjects is key to progress.
Balthazar
Legendary
*
Offline Offline

Activity: 3108
Merit: 1358



View Profile
September 10, 2013, 04:24:45 PM
 #129

https://github.com/CryptoManiac/novacoin/wiki/Zerocoin-transactions

In progress too.
drawingthesun
Legendary
*
Offline Offline

Activity: 1176
Merit: 1015


View Profile
September 10, 2013, 04:25:54 PM
 #130

I thought coinjoin was a better way to do this? As a natural mixer I really like the idea of coinjoin.
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4158
Merit: 8343



View Profile WWW
September 10, 2013, 04:36:10 PM
 #131

uh wtf is with that novacoin page?  Did the author of that look at how script works at all?

There shouldn't be additional script pushes for this. This should use the existing push opcodes and add new CHECKSIG operators. :-/
Balthazar
Legendary
*
Offline Offline

Activity: 3108
Merit: 1358



View Profile
September 10, 2013, 04:47:17 PM
Last edit: September 10, 2013, 05:00:34 PM by Balthazar
 #132

Did the author of that look at how script works at all?
Yep. Smiley

There shouldn't be additional script pushes for this. This should use the existing push opcodes and add new CHECKSIG operators. :-/
There is no plan to start anything like this in the main net, of course. That's ugly hack for the testnet, and it will be replaced with an appropriate implementation later.
HostFat
Staff
Legendary
*
Offline Offline

Activity: 4200
Merit: 1202


I support freedom of choice


View Profile WWW
November 16, 2013, 08:55:37 PM
 #133

https://twitter.com/matthew_d_green/status/401797786347114496
Quote
We designed a new version of Zerocoin that reduces proof sizes by 98% and allows for direct anonymous payments that hide payment amount.

NON DO ASSISTENZA PRIVATA - http://hostfatmind.com
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile
November 16, 2013, 08:56:23 PM
 #134

https://twitter.com/matthew_d_green/status/401798811070107648

Quote
We designed a new version of Zerocoin that reduces proof sizes by 98% and allows for direct anonymous payments that hide payment amount.

Is a 98% reduction in proof size enough to overcome any existing valid reasons to not merge ZeroCoin functionality?
haightst
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
November 16, 2013, 10:39:23 PM
 #135


/\NVC= this is great !!  Cool
 *->keep up the good work!

https://www.cryptsy.com/markets/view/13
Hyperbolical
Newbie
*
Offline Offline

Activity: 49
Merit: 0



View Profile
November 17, 2013, 01:04:18 PM
 #136

https://twitter.com/matthew_d_green/status/401798811070107648

Quote
We designed a new version of Zerocoin that reduces proof sizes by 98% and allows for direct anonymous payments that hide payment amount.

Is a 98% reduction in proof size enough to overcome any existing valid reasons to not merge ZeroCoin functionality?

I think so, Matthew Green mentioned that he was planning to implement Zerocoin into its own cryptocurrency. This seems like a reasonable idea me, it lets us test Zerocoin, and if it works well, we can merge it into Bitcoin (without the risk of damaging Bitcoin if something goes wrong).
adam3us
Sr. Member
****
expert
Offline Offline

Activity: 404
Merit: 359


in bitcoin we trust


View Profile WWW
November 17, 2013, 01:18:53 PM
 #137

https://twitter.com/matthew_d_green/status/401798811070107648

Quote
We designed a new version of Zerocoin that reduces proof sizes by 98% and allows for direct anonymous payments that hide payment amount.

Is a 98% reduction in proof size enough to overcome any existing valid reasons to not merge ZeroCoin functionality?

I think so, Matthew Green mentioned that he was planning to implement Zerocoin into its own cryptocurrency. This seems like a reasonable idea me, it lets us test Zerocoin, and if it works well, we can merge it into Bitcoin (without the risk of damaging Bitcoin if something goes wrong).

btw see also "bitcoin staging" aka betaCoin. 

http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg02944.html

Its a way to one-way peg an alt-coin to bitcoin, so there is no native mining, the way you create coins in the alt-coin is my moving bitcoins into it.  And the way to trade them back to bitcoin is to swap them with someone who would otherwise move one.  If a security problem develops in the betaCoin, people stop swapping betaCoin at par for bitcoin, or market freezes until the issue is fixed.  This is the minimum necessary feature to firewall bitcoin from betaCoin security issues while allowing bitcoins to move between betacoin and bitcoin in the normal case.

This is how I would go about doing an alt (otherwise the usual me-too coin is contingent on the hope of getting in early, or early mining and selling to next stage speculators before the pyramid collapses when it becomes obvious it has no chance of competing with bitcoin for acceptance.  As this coins have no acceptance, they have no transactional value, their own value is speculative, which I think must implode at some point.)  Also even in the hypothetical that a given coin did overtake bitcoin it could be a dangerous outcome as then what happens to the value of bitcoins?  Such an untidy unravelling of bitcoin value would hurt the overall concept of digital scarcity.  Say it was litecoin.  Then if litecoin got to like 90% to bitcoins 10% BTC/LTC exchange would fall.  But then people will be looking nervously at the next runner up, and hedging in the main runner ups.  This is a net disservice to digital scarcity.  Digital scarcity is a new virtual asset class, and I think is the future of money and financial networks.  So we dont want to weaken the concept with me-too alts, even relatively well thought out ones because they define a new digital scarcity race.  I think there should only be one credible digital scarcity race or we may have a problem.  Digital scarcity becomes digital tulip, then who wants to invest in the next one.

betaCoin is also a way to do an alt that preserves the 21 million coin cap.  Fees would be paid in betacoins (or bitcoins).  Miners would mine both networks for profit maximization reasons.

Adam

hashcash, committed transactions, homomorphic values, blind kdf; researching decentralization, scalability and fungibility/anonymity
caveden
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004



View Profile
November 17, 2013, 03:28:41 PM
 #138

The betaCoin model is interesting, but I'd just make one import remark though: in this model, there's no financial incentive for people to migrate from bitcoin stable to bitcoin beta, since stable coins will always be more valuable than beta coins. This means that, from a monetary point of view, this beta risks being just a testnet++. Not many people will transfer their coins into it (it is not a reasonable investment strategy), and without much aggregated value, would it really have enough manpower behind it? If Gavin and Garzik are being fully employed to work on Bitcoin right now, it's precisely because bitcoins are valuable to lots of people. If there was a technical way to ensure people can get their beta coins converted back into stable coins at the same rate (i.e., pegging), then things could be different. But I don't see how could that be possible.

Anyways, I came here for another reason. I'm really interested in Zerocoin and I'd like to understand how it works. I can understand the basics of public key cryptography, and blind signature - although the math behind these algorithms are things I simply "trust to be true". Smiley But Zerocoin... damn, is that complicated! I tried reading the paper once it got out, and I couldn't understand a thing.

Is there an easier explanation somewhere, that could help technical people without a background in cryptography research to grasp the concept?

Thanks
adam3us
Sr. Member
****
expert
Offline Offline

Activity: 404
Merit: 359


in bitcoin we trust


View Profile WWW
November 17, 2013, 03:54:10 PM
 #139

[...] this beta risks being just a testnet++. Not many people will transfer their coins into it (it is not a reasonable investment strategy), and without much aggregated value, would it really have enough manpower behind it?

well rather than the get rich quick, get in early motivation for the me-too alts, the idea is that you get into it because you want the features it provides.  eg if zerocoin used the model.

Now thats not as strong an incentive as make-money-fast pyramid speculation on frankly long-term hopeless me-too alts.  But if the idea is that it is going to become the new bitcoin in say 1 year, once the features are well validated.  Then it would help reduce concern of being stuck.

The reverse swap depends on demand.  If people dont care about the new features they wont use it.

I would think something like maaku & jtimon's freimarkets would be a good candidate for doing this way.  Freimarket is not related to frecoin - its a native coloring and smart contract proposal.

Quote
If there was a technical way to ensure people can get their beta coins converted back into stable coins at the same rate (i.e., pegging), then things could be different. But I don't see how could that be possible.

technically it could be done, (bitcoin could accept coin moving in the other direction) however it imports risk into bitcoin main as a security defect in betacoin that allowed theft or forgery of coins, could then be transferred into bitcoin.

Once the beta is over, the remaining coins would be bulk oved in a hard fork and beta wold become main, and a new beta started.  eg on a yearly cycle.  like fedora and redhat enterprise linux or linux kernel stable and latest etc.

Quote
Is there an easier explanation somewhere, that could help technical people without a background in cryptography research to grasp the concept?

see earlier in tis thread:

https://bitcointalk.org/index.php?topic=175156.msg2378622#msg2378622

and another few posts after it where I tried to explain it a bit.

Adam

hashcash, committed transactions, homomorphic values, blind kdf; researching decentralization, scalability and fungibility/anonymity
amincd
Hero Member
*****
Offline Offline

Activity: 772
Merit: 501


View Profile
November 17, 2013, 04:13:55 PM
Last edit: November 17, 2013, 05:09:47 PM by amincd
 #140

I agree with adam3us, a betaCoin implementation of Zerocoin would be excellent. It would help Bitcoin, the preservation of the credibility of digital scarcity - particularly of Bitcoin-based cryptocurrency - and the adoption rate of Zerocoin by making its acquisition as easy as that of bitcoin (which can be purchased at a far greater number of places than an altcoin can ever hope to be in its first couple of years).

A person who wants to try Zerocoin would simply download the client, which stores both bitcoin and zerocoin, send some bitcoin to a bitcoin address linked to that client, enter how many bitcoins they want to convert to zerocoins, and then click a button that says 'convert bitcoin to X zerocoins', with X being a multiple of whatever conversion rate is decided between the two.

See for further discussion on the betaCoin concept:

https://bitcointalk.org/index.php?topic=248865.0

Quote from: caveden
The betaCoin model is interesting, but I'd just make one import remark though: in this model, there's no financial incentive for people to migrate from bitcoin stable to bitcoin beta, since stable coins will always be more valuable than beta coins.

The pricing of betaCoins would behave similarly to that of bonds, which are capped to the sum of the principal at maturation date and all future interest payments. There is still a market for bonds, and opportunity for their appreciation, despite their value being capped relative to the currency of payment, because the present value of their future payments fluctuates according to the perceived risk of the bond defaulting on its future payments, and the borrowing cost of money.
Pages: « 1 2 3 4 5 6 [7] 8 9 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!