Bitcoin Forum
June 14, 2021, 02:49:28 AM *
News: Latest Bitcoin Core release: 0.21.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 [All]
  Print  
Author Topic: Zerocoin proofs reduced by 98%, will be released as an alternative coin.  (Read 7913 times)
drawingthesun
Legendary
*
Offline Offline

Activity: 1162
Merit: 1003


View Profile
November 17, 2013, 12:37:48 PM
 #1

http://www.reddit.com/r/Bitcoin/comments/1qtevg/zerocoin_reduces_proof_size_by_98_plans_to/

Of course the Bitcoin developers can easily take the improvements and add them into Bitcoin, making the alt-coin redundant.

However the time between release and testing to implementation into Bitcoin is important. If we wait too long Zerocoin might become a thing on its own and a worthy competitor (Especially if the Bitcoin developers refuse to add zerocoin because of the US government)

Remember that yes, we scoff at the alt-coins because they bring nothing new to the table, however an early developer of Bitcoin once said that if an alternative coin overtakes Bitcoin for no reason, it will destroy all confidence in crypto-currencies, but remember that this alt-coin would be the first ever to bring something truly beneficial and novel to the table.

We want this functionality, but in case Zerocoin does become a competitor getting in early might be a wise move to hedge against the prospect that the Bitcoin developers deciding that anonymous crypto-currency is bad.
"The nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1623638968
Hero Member
*
Offline Offline

Posts: 1623638968

View Profile Personal Message (Offline)

Ignore
1623638968
Reply with quote  #2

1623638968
Report to moderator
oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
November 17, 2013, 01:05:02 PM
 #2

If I understand it correctly, we can immediately take advantage of what they offer.

Create some cryptocoin exchanges on Tor, which trades both Bitcoins and zerocoins, people can then start laundering their money through the zerocoin blockchain.

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1003


Bringing Legendary Har® to you since 1952


View Profile
November 17, 2013, 01:13:25 PM
 #3

Zerocoin is pretty complicated comparing to the Bitcoin alternatives: CoinJoin, CoinSwap and CoinControl which offer practically the same functionality.

I don't think we need ZeroCoin anymore.

archangel689
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
November 17, 2013, 04:20:15 PM
 #4

Subverting the states power too much would result in the deployment of their nearly unlimited resources to combat the "problem." This makes me question whether or not these less complex solutions are adequate--or if any of the proposed solutions are.
o
Member
**
Offline Offline

Activity: 76
Merit: 10


View Profile
November 17, 2013, 05:37:39 PM
 #5

Zerocoin is pretty complicated comparing to the Bitcoin alternatives: CoinJoin, CoinSwap and CoinControl which offer practically the same functionality.

I don't think we need ZeroCoin anymore.

The difference is that those are optional in Bitcoin. In order for them to work, it requires a critical mass which is not yet exist.
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile
November 17, 2013, 06:25:59 PM
 #6

I think so, Matthew Green mentioned that he was planning to implement Zerocoin into its own cryptocurrency. This seems like a reasonable idea me, it lets us test Zerocoin, and if it works well, we can merge it into Bitcoin (without the risk of damaging Bitcoin if something goes wrong).
That's a great idea from a purely technical perspective.

Realize that when money is at stake other factors will come into play.

Zerocoin is a highly desired feature. As soon as they release this coin, it's going to attract investment and it's exchange rate will rise quickly. People are going to put a considerable amount of money into Zerocoin.

When Bitcoin implements these features, it will threaten the value of their investment. Do you think they are going let that happen calmly? They will do everything they can to obstruct the change. They'll come over here and spread FUD, start arguments, and in general make life difficult for any developer seeking to push the change.

This happens already - If you go back to the beginning of this year and read through flamewars regarding scalability and the blocksize and pay attention to the people most fervently opposed to large transaction rates, with the most ridiculous and economically absurd arguments, and then check their posting history you'll find that in almost all cases they were heavily involved with altcoins.
archangel689
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
November 17, 2013, 09:21:13 PM
 #7

When Bitcoin implements these features, it will threaten the value of their investment. Do you think they are going let that happen calmly? They will do everything they can to obstruct the change.

Including lobbying for the state to stop it, as if there isn't already enough incentive.

crazy_rabbit
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
November 18, 2013, 03:55:55 AM
 #8

http://www.reddit.com/r/Bitcoin/comments/1qtevg/zerocoin_reduces_proof_size_by_98_plans_to/

Of course the Bitcoin developers can easily take the improvements and add them into Bitcoin, making the alt-coin redundant.

However the time between release and testing to implementation into Bitcoin is important. If we wait too long Zerocoin might become a thing on its own and a worthy competitor (Especially if the Bitcoin developers refuse to add zerocoin because of the US government)

Remember that yes, we scoff at the alt-coins because they bring nothing new to the table, however an early developer of Bitcoin once said that if an alternative coin overtakes Bitcoin for no reason, it will destroy all confidence in crypto-currencies, but remember that this alt-coin would be the first ever to bring something truly beneficial and novel to the table.

We want this functionality, but in case Zerocoin does become a competitor getting in early might be a wise move to hedge against the prospect that the Bitcoin developers deciding that anonymous crypto-currency is bad.

Why not just implement Zerocoin now in Testnet to see if people actually care enough to use it?

more or less retired.
moderate
Member
**
Offline Offline

Activity: 98
Merit: 10

nearly dead


View Profile
November 18, 2013, 04:24:20 AM
 #9

Zerocoin is pretty complicated comparing to the Bitcoin alternatives: CoinJoin, CoinSwap and CoinControl which offer practically the same functionality.

I don't think we need ZeroCoin anymore.

Zerocoin being released as an alt-coin is surprisingly needed, but it is okay if you don't notice that.

Why is it needed, you ask ? Well, because except for Litecoin, 99.999999% of all the other alt-coins are just crappy-coins from people that can manage to search-copy-replace text. Litecoin is only valuable to bitcoin because the main developer there can manage to contribute back.

Why, again, is it needed, you ask ? Well, start following some of the key developers for bitcoin and you will quickly realize that their line of thought are no longer aligned with the original proposal, or even with the idea of open source software.
amincd
Hero Member
*****
Offline Offline

Activity: 772
Merit: 500


View Profile
November 18, 2013, 04:48:55 AM
 #10

Quote
Why, again, is it needed, you ask ? Well, start following some of the key developers for bitcoin and you will quickly realize that their line of thought are no longer aligned with the original proposal, or even with the idea of open source software.

This is FUD. I've seen nothing at all to show that, and I have followed their statements and positions closely. They've shown themselves to be as committed to an open source, decentralized currency that protects user privacy as anyone.

Anyway, this is a good proposal for how Zerocoin can be launched to work symbiotically with Bitcoin:

https://bitcointalk.org/index.php?topic=248865.0
moderate
Member
**
Offline Offline

Activity: 98
Merit: 10

nearly dead


View Profile
November 18, 2013, 04:56:16 AM
 #11

Quote
Why, again, is it needed, you ask ? Well, start following some of the key developers for bitcoin and you will quickly realize that their line of thought are no longer aligned with the original proposal, or even with the idea of open source software.

This is FUD. I've seen nothing at all to show that, and I have followed their statements and positions closely. They've shown themselves to be as committed to an open source, decentralized currency that protects user privacy as anyone.


The fact you haven't seen anything doesn't make it FUD, it just disqualifies your claim that you have followed their positions closely.

See Mike Hearn (no need to point out where, should be obvious enough for you that follows everything so closely), see the interests of the Bitcoin Foundation, see others talking about certifications.
amincd
Hero Member
*****
Offline Offline

Activity: 772
Merit: 500


View Profile
November 18, 2013, 05:17:00 AM
 #12

About the Mike Hearn comment controversy:

http://www.reddit.com/r/Bitcoin/comments/1qtevg/zerocoin_reduces_proof_size_by_98_plans_to/cdgb3ov

Hearn explaining himself:

https://bitcointalk.org/index.php?topic=334112.msg3614537#msg3614537

Certifications:

https://bitcointalk.org/index.php?topic=300809.0

You need to actually read what people have written instead of accepting the claims being made at face value.

moderate
Member
**
Offline Offline

Activity: 98
Merit: 10

nearly dead


View Profile
November 18, 2013, 05:26:43 AM
 #13

About the Mike Hearn comment controversy:

http://www.reddit.com/r/Bitcoin/comments/1qtevg/zerocoin_reduces_proof_size_by_98_plans_to/cdgb3ov

Hearn explaining himself:

https://bitcointalk.org/index.php?topic=334112.msg3614537#msg3614537

Certifications:

https://bitcointalk.org/index.php?topic=300809.0

You need to actually read what people have written instead of accepting the claims being made at face value.



That certifications link missed by a long shot the certifications I'm referring to, I'm talking about people (core developers) mixing open source with certifications based on features (HINT: it is even more recent than mike's thing).

I see you like Mike as all your links are from him, so here is another one: http://www.reddit.com/r/Bitcoin/comments/1qmbtu/mike_hearn_chair_of_the_bitcoin_foundations_law/cdeicu0. You have to weight in the company funding Mike's development, you can't ignore that and you also can't completely blame Mike for his actions, or attempts, after knowing that.
amincd
Hero Member
*****
Offline Offline

Activity: 772
Merit: 500


View Profile
November 18, 2013, 05:43:35 AM
 #14

If you'd back up your claims about certifications with a link I could actually check it. I'm not going to just take your word for it.

As for Hearn's comment, there's nothing there that hasn't been addressed.

Peter Todd
Legendary
*
expert
Offline Offline

Activity: 1106
Merit: 1052


View Profile
November 18, 2013, 06:50:30 AM
 #15

That certifications link missed by a long shot the certifications I'm referring to, I'm talking about people (core developers) mixing open source with certifications based on features (HINT: it is even more recent than mike's thing).

Ha, the Dark Wallet Certification thing? You are so incredibly wrong:

Quote
We propose that the outcome of this meeting be, at minimum, the establishment of a v1 "Dark Wallet Certification", a set of best-practice guidelines for wallets focused on decentralization and anonymity.

Emphasis mine. It's going to end up as some fancy wiki page or manual or something with a bunch of strongly worded and not so strongly worded recommendations. I'm not going to be surprised if there's multiple competing versions. Some respected developers might go and publicly state that they believe "Electrum v1.2.foo" complies with all the recommendations and isn't trying to steal your coins and sell your data to the NSA.

You know, if a bunch of anarchists can't meet up in some commune in Italy and collectively agree on that, I dunno what it takes to be decentralized these days...

I see you like Mike as all your links are from him, so here is another one: http://www.reddit.com/r/Bitcoin/comments/1qmbtu/mike_hearn_chair_of_the_bitcoin_foundations_law/cdeicu0. You have to weight in the company funding Mike's development, you can't ignore that and you also can't completely blame Mike for his actions, or attempts, after knowing that.

For the sake of argument, lets assume Mike is a android built by the NSA to infiltrate us all.

Do you think you're going to to a better job of stopping said Bitcoin-development subverting android by a: complaining, or b: getting shit done.

I'll give you a hint: someone else already did the job of complaining much better than you're doing. Lets count that: four tightly written paragraphs, one verbatim quote, cross-posted on two forums, and results? Over three main threads we've got 32k hits and 811 replies on this forum alone, including responses by people worth listening to like Adam Back and Gregory Maxwell, an article on CoinDesk, CoinJoin bounty is up +8 BTC and the Dark Wallet campaign is nearly fully funded - that's some effective complaining. Not so effective computer security, but yeah... I'm pissed off about that.

You on the other hand, you're just annoying people like myself who are actually flying halfway across the world in two weeks to go make CoinJoin happen and make Mike's misguided ideas about blacklists irrelevant. So I dunno, unless you want to surprise me by showing me that you're good at getting shit done, go away. Delete your trolling posts while you're at it.

And you know, if you want to get better at it, you can start by saying things that actually make sense.

moderate
Member
**
Offline Offline

Activity: 98
Merit: 10

nearly dead


View Profile
November 18, 2013, 01:05:54 PM
 #16

That certifications link missed by a long shot the certifications I'm referring to, I'm talking about people (core developers) mixing open source with certifications based on features (HINT: it is even more recent than mike's thing).

Ha, the Dark Wallet Certification thing? You are so incredibly wrong:

Quote
We propose that the outcome of this meeting be, at minimum, the establishment of a v1 "Dark Wallet Certification", a set of best-practice guidelines for wallets focused on decentralization and anonymity.

Emphasis mine. It's going to end up as some fancy wiki page or manual or something with a bunch of strongly worded and not so strongly worded recommendations. I'm not going to be surprised if there's multiple competing versions. Some respected developers might go and publicly state that they believe "Electrum v1.2.foo" complies with all the recommendations and isn't trying to steal your coins and sell your data to the NSA.

You know, if a bunch of anarchists can't meet up in some commune in Italy and collectively agree on that, I dunno what it takes to be decentralized these days...

I see you like Mike as all your links are from him, so here is another one: http://www.reddit.com/r/Bitcoin/comments/1qmbtu/mike_hearn_chair_of_the_bitcoin_foundations_law/cdeicu0. You have to weight in the company funding Mike's development, you can't ignore that and you also can't completely blame Mike for his actions, or attempts, after knowing that.

For the sake of argument, lets assume Mike is a android built by the NSA to infiltrate us all.


I stopped here, but I tried very hard to not stop earlier. Your guidelines thing is exactly what I mentioned in a thread where another developer is wishing for certifications, several of them.

I have no idea why you put NSA there, I'm talking about Google.
tacotime
Legendary
*
Offline Offline

Activity: 1484
Merit: 1005



View Profile
November 18, 2013, 01:46:03 PM
 #17

As others have said, it looks like CoinJoin etc which already function through the blockchain work and are available to use now rather than later.

It just looks like the end user at this point doesn't have a lot of interest in it.

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
behindtext
Full Member
***
Offline Offline

Activity: 121
Merit: 101


View Profile WWW
November 19, 2013, 04:22:34 AM
 #18

As others have said, it looks like CoinJoin etc which already function through the blockchain work and are available to use now rather than later.

It just looks like the end user at this point doesn't have a lot of interest in it.

suffice it to say that i'm rather familiar with the fact that users rarely seek out security.

if mixing and privacy protection is a bolt-on service for BTC, you are right to call out that few people will opt in. having a coin that is private by default would be a big win imo.

corebob
Full Member
***
Offline Offline

Activity: 238
Merit: 100


View Profile
November 19, 2013, 05:04:41 AM
 #19


however an early developer of Bitcoin once said that if an alternative coin overtakes Bitcoin for no reason, it will destroy all confidence in crypto-currencies


I would not buy that argument just yet. If bitcoin dies, sure, but there is no reason why several alternative coins can't be in flux at the same time.
anti-scam
Sr. Member
****
Offline Offline

Activity: 476
Merit: 251


COINECT


View Profile
November 22, 2013, 03:36:26 AM
 #20

Could a Bitcoin developer clarify whether these changes make Zerocoin appropriate for inclusion in Bitcoin or not? As far as I understand it the privacy provided by things like CoinJoin and CoinSwap aren't really comparable.

.
                ▄▄▓▓▄▄   ▄▓▓▓▄
            ▄▄▓▓▀    ▀▓▓▓▀   ▀▓▓▓▄
         ▄▓▓▀▀        ▐▓         ▀▓▓▓
         ▓▓   ░▓▓▒    ▐▓     ▓▓░   ▐▓
         ▓▓    ░▀▓▓   ▐▓   ░▓▀▀    ▐▓
      ▄▓▓▓▓▓▓▓░  ▓▓   ▐▓   ░▓   ▒▓▓▓▓▓▓▄
    ▓▓▀     ▀▀   ▓▓   ▐▓   ░▓▄   ▀▀    ▀▓▓░
    ▓▓        ▓▓▓░    ▐▓     ▀▓▓▄        ▓░
    ▓▓▄▄▄    ▐▓░   ▄▓▄▓▓▒▄▓▄   ▓▓░   ▄▄▄▄▓░
    ▓▓▀▀▀    ▐▓░   ▀▀▀▓▓▒▀▀    ▓▓░   ▀▀▀▒▓░
    ▓▓        ▀▓▓▓▄   ▐▓    ▄▓▓▓▀       ░▓░
    ▀▓▓▄▄  ▄▓▄   ▓▓   ▐▓   ▐▓▒   ▓▄   ▄▓▓▓░
        ▀▓▓▓▀▀   ▓▓   ▐▓   ▐▓░   ▀▀▓▓▓▀░
         ▓▓    ▄▓▓▓   ▐▓    ▓▓▄░   ▐▓░░
         ▀▓▄   ▀▓     ▐▓     ▀▀   ▄▓▓░
           ▀▓▓▓▄      ▓▓░      ▄▓▓▀░
               ▀▓▓▓▓▓▓▀░▓▓▓▄▓▓▓░
.
COINECT
██
██
██
██
██
██
██
AI-based decentralized
arbitrage trading system
██
██
██
██
██
██
██
.

 
                              ▄████▄
                        ▄▄█████▀▀███
                    ▄▄████▀▀     ███
              ▄▄▄████▀▀    ▄▄   ▐██
          ▄▄█████▀       ▄█▀    ██▌
     ▄▄████▀▀▀       ▄███▀      ██▌
    ████▀        ▄▄████▀       ▐██
     ██████▄▄  ▄█████▀         ██▌
          ▀████████           ▐██
            ▀████▌            ███
             ▀███  ▄██▄▄     ▐██▀
              ███▄███▀███▄   ███
              ▀███▀▀   ▀▀███▄██▌
                          ▀▀█▀▀
.

▄▀▀▀▀▀▀▀▀▀▀▀▄
█   ▄▄▄▄▄▄   ██▄
█  ▓▓▓▓▓▓▓▌  ████▄
█  ▓▓▓▓▓▓▓▌  ███████▄
█  ▓▓▓▓▓▓▓▌  ▐▓███████▄
█              ▀▀▀▀▀▀▀▀█
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█                      █
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█  ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄  █
█                      █
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█                      █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
██
██
██
██
██
██
██
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 812
Merit: 1000

No Maps for These Territories


View Profile
November 22, 2013, 08:53:40 AM
 #21

Could a Bitcoin developer clarify whether these changes make Zerocoin appropriate for inclusion in Bitcoin or not? As far as I understand it the privacy provided by things like CoinJoin and CoinSwap aren't really comparable.
Until they release details (ie a paper or source code) on what they are actually going to do, that's impossible to do.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
anti-scam
Sr. Member
****
Offline Offline

Activity: 476
Merit: 251


COINECT


View Profile
November 22, 2013, 09:39:15 AM
 #22

Could a Bitcoin developer clarify whether these changes make Zerocoin appropriate for inclusion in Bitcoin or not? As far as I understand it the privacy provided by things like CoinJoin and CoinSwap aren't really comparable.
Until they release details (ie a paper or source code) on what they are actually going to do, that's impossible to do.

My understanding was that the size of the proofs was the primary hurdle to implementation. Is that true?

.
                ▄▄▓▓▄▄   ▄▓▓▓▄
            ▄▄▓▓▀    ▀▓▓▓▀   ▀▓▓▓▄
         ▄▓▓▀▀        ▐▓         ▀▓▓▓
         ▓▓   ░▓▓▒    ▐▓     ▓▓░   ▐▓
         ▓▓    ░▀▓▓   ▐▓   ░▓▀▀    ▐▓
      ▄▓▓▓▓▓▓▓░  ▓▓   ▐▓   ░▓   ▒▓▓▓▓▓▓▄
    ▓▓▀     ▀▀   ▓▓   ▐▓   ░▓▄   ▀▀    ▀▓▓░
    ▓▓        ▓▓▓░    ▐▓     ▀▓▓▄        ▓░
    ▓▓▄▄▄    ▐▓░   ▄▓▄▓▓▒▄▓▄   ▓▓░   ▄▄▄▄▓░
    ▓▓▀▀▀    ▐▓░   ▀▀▀▓▓▒▀▀    ▓▓░   ▀▀▀▒▓░
    ▓▓        ▀▓▓▓▄   ▐▓    ▄▓▓▓▀       ░▓░
    ▀▓▓▄▄  ▄▓▄   ▓▓   ▐▓   ▐▓▒   ▓▄   ▄▓▓▓░
        ▀▓▓▓▀▀   ▓▓   ▐▓   ▐▓░   ▀▀▓▓▓▀░
         ▓▓    ▄▓▓▓   ▐▓    ▓▓▄░   ▐▓░░
         ▀▓▄   ▀▓     ▐▓     ▀▀   ▄▓▓░
           ▀▓▓▓▄      ▓▓░      ▄▓▓▀░
               ▀▓▓▓▓▓▓▀░▓▓▓▄▓▓▓░
.
COINECT
██
██
██
██
██
██
██
AI-based decentralized
arbitrage trading system
██
██
██
██
██
██
██
.

 
                              ▄████▄
                        ▄▄█████▀▀███
                    ▄▄████▀▀     ███
              ▄▄▄████▀▀    ▄▄   ▐██
          ▄▄█████▀       ▄█▀    ██▌
     ▄▄████▀▀▀       ▄███▀      ██▌
    ████▀        ▄▄████▀       ▐██
     ██████▄▄  ▄█████▀         ██▌
          ▀████████           ▐██
            ▀████▌            ███
             ▀███  ▄██▄▄     ▐██▀
              ███▄███▀███▄   ███
              ▀███▀▀   ▀▀███▄██▌
                          ▀▀█▀▀
.

▄▀▀▀▀▀▀▀▀▀▀▀▄
█   ▄▄▄▄▄▄   ██▄
█  ▓▓▓▓▓▓▓▌  ████▄
█  ▓▓▓▓▓▓▓▌  ███████▄
█  ▓▓▓▓▓▓▓▌  ▐▓███████▄
█              ▀▀▀▀▀▀▀▀█
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█                      █
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█  ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄  █
█                      █
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█                      █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
██
██
██
██
██
██
██
drawingthesun
Legendary
*
Offline Offline

Activity: 1162
Merit: 1003


View Profile
November 22, 2013, 09:44:11 AM
 #23

Could a Bitcoin developer clarify whether these changes make Zerocoin appropriate for inclusion in Bitcoin or not? As far as I understand it the privacy provided by things like CoinJoin and CoinSwap aren't really comparable.
Until they release details (ie a paper or source code) on what they are actually going to do, that's impossible to do.

My understanding was that the size of the proofs was the primary hurdle to implementation. Is that true?

Yes, when the original paper was released the main point to dismiss zerocoin was the size of the transactions and the strain that would cause on the blockchain.
anti-scam
Sr. Member
****
Offline Offline

Activity: 476
Merit: 251


COINECT


View Profile
November 22, 2013, 10:11:11 AM
 #24

Could a Bitcoin developer clarify whether these changes make Zerocoin appropriate for inclusion in Bitcoin or not? As far as I understand it the privacy provided by things like CoinJoin and CoinSwap aren't really comparable.
Until they release details (ie a paper or source code) on what they are actually going to do, that's impossible to do.

My understanding was that the size of the proofs was the primary hurdle to implementation. Is that true?

Yes, when the original paper was released the main point to dismiss zerocoin was the size of the transactions and the strain that would cause on the blockchain.

Then assuming they're not lying the prospects for implementation look good as long as certain political forces don't get involved.

.
                ▄▄▓▓▄▄   ▄▓▓▓▄
            ▄▄▓▓▀    ▀▓▓▓▀   ▀▓▓▓▄
         ▄▓▓▀▀        ▐▓         ▀▓▓▓
         ▓▓   ░▓▓▒    ▐▓     ▓▓░   ▐▓
         ▓▓    ░▀▓▓   ▐▓   ░▓▀▀    ▐▓
      ▄▓▓▓▓▓▓▓░  ▓▓   ▐▓   ░▓   ▒▓▓▓▓▓▓▄
    ▓▓▀     ▀▀   ▓▓   ▐▓   ░▓▄   ▀▀    ▀▓▓░
    ▓▓        ▓▓▓░    ▐▓     ▀▓▓▄        ▓░
    ▓▓▄▄▄    ▐▓░   ▄▓▄▓▓▒▄▓▄   ▓▓░   ▄▄▄▄▓░
    ▓▓▀▀▀    ▐▓░   ▀▀▀▓▓▒▀▀    ▓▓░   ▀▀▀▒▓░
    ▓▓        ▀▓▓▓▄   ▐▓    ▄▓▓▓▀       ░▓░
    ▀▓▓▄▄  ▄▓▄   ▓▓   ▐▓   ▐▓▒   ▓▄   ▄▓▓▓░
        ▀▓▓▓▀▀   ▓▓   ▐▓   ▐▓░   ▀▀▓▓▓▀░
         ▓▓    ▄▓▓▓   ▐▓    ▓▓▄░   ▐▓░░
         ▀▓▄   ▀▓     ▐▓     ▀▀   ▄▓▓░
           ▀▓▓▓▄      ▓▓░      ▄▓▓▀░
               ▀▓▓▓▓▓▓▀░▓▓▓▄▓▓▓░
.
COINECT
██
██
██
██
██
██
██
AI-based decentralized
arbitrage trading system
██
██
██
██
██
██
██
.

 
                              ▄████▄
                        ▄▄█████▀▀███
                    ▄▄████▀▀     ███
              ▄▄▄████▀▀    ▄▄   ▐██
          ▄▄█████▀       ▄█▀    ██▌
     ▄▄████▀▀▀       ▄███▀      ██▌
    ████▀        ▄▄████▀       ▐██
     ██████▄▄  ▄█████▀         ██▌
          ▀████████           ▐██
            ▀████▌            ███
             ▀███  ▄██▄▄     ▐██▀
              ███▄███▀███▄   ███
              ▀███▀▀   ▀▀███▄██▌
                          ▀▀█▀▀
.

▄▀▀▀▀▀▀▀▀▀▀▀▄
█   ▄▄▄▄▄▄   ██▄
█  ▓▓▓▓▓▓▓▌  ████▄
█  ▓▓▓▓▓▓▓▌  ███████▄
█  ▓▓▓▓▓▓▓▌  ▐▓███████▄
█              ▀▀▀▀▀▀▀▀█
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█                      █
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█  ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄  █
█                      █
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█                      █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
██
██
██
██
██
██
██
El Dude
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500


View Profile
November 22, 2013, 11:45:33 AM
 #25

bitcoin and litecoin can just add the zerocoin protocol once its a altcoin .

Bitcoin and Litecoin hodler
anti-scam
Sr. Member
****
Offline Offline

Activity: 476
Merit: 251


COINECT


View Profile
November 22, 2013, 12:03:26 PM
 #26

bitcoin and litecoin can just add the zerocoin protocol once its a altcoin .

I don't know much about Litecoin's internal politics but with all of the forces surrounding Bitcoin these days it's not guaranteed that the developers would rush to implement Zerocoin. That's why it's important that the community stays on top of the situation.

.
                ▄▄▓▓▄▄   ▄▓▓▓▄
            ▄▄▓▓▀    ▀▓▓▓▀   ▀▓▓▓▄
         ▄▓▓▀▀        ▐▓         ▀▓▓▓
         ▓▓   ░▓▓▒    ▐▓     ▓▓░   ▐▓
         ▓▓    ░▀▓▓   ▐▓   ░▓▀▀    ▐▓
      ▄▓▓▓▓▓▓▓░  ▓▓   ▐▓   ░▓   ▒▓▓▓▓▓▓▄
    ▓▓▀     ▀▀   ▓▓   ▐▓   ░▓▄   ▀▀    ▀▓▓░
    ▓▓        ▓▓▓░    ▐▓     ▀▓▓▄        ▓░
    ▓▓▄▄▄    ▐▓░   ▄▓▄▓▓▒▄▓▄   ▓▓░   ▄▄▄▄▓░
    ▓▓▀▀▀    ▐▓░   ▀▀▀▓▓▒▀▀    ▓▓░   ▀▀▀▒▓░
    ▓▓        ▀▓▓▓▄   ▐▓    ▄▓▓▓▀       ░▓░
    ▀▓▓▄▄  ▄▓▄   ▓▓   ▐▓   ▐▓▒   ▓▄   ▄▓▓▓░
        ▀▓▓▓▀▀   ▓▓   ▐▓   ▐▓░   ▀▀▓▓▓▀░
         ▓▓    ▄▓▓▓   ▐▓    ▓▓▄░   ▐▓░░
         ▀▓▄   ▀▓     ▐▓     ▀▀   ▄▓▓░
           ▀▓▓▓▄      ▓▓░      ▄▓▓▀░
               ▀▓▓▓▓▓▓▀░▓▓▓▄▓▓▓░
.
COINECT
██
██
██
██
██
██
██
AI-based decentralized
arbitrage trading system
██
██
██
██
██
██
██
.

 
                              ▄████▄
                        ▄▄█████▀▀███
                    ▄▄████▀▀     ███
              ▄▄▄████▀▀    ▄▄   ▐██
          ▄▄█████▀       ▄█▀    ██▌
     ▄▄████▀▀▀       ▄███▀      ██▌
    ████▀        ▄▄████▀       ▐██
     ██████▄▄  ▄█████▀         ██▌
          ▀████████           ▐██
            ▀████▌            ███
             ▀███  ▄██▄▄     ▐██▀
              ███▄███▀███▄   ███
              ▀███▀▀   ▀▀███▄██▌
                          ▀▀█▀▀
.

▄▀▀▀▀▀▀▀▀▀▀▀▄
█   ▄▄▄▄▄▄   ██▄
█  ▓▓▓▓▓▓▓▌  ████▄
█  ▓▓▓▓▓▓▓▌  ███████▄
█  ▓▓▓▓▓▓▓▌  ▐▓███████▄
█              ▀▀▀▀▀▀▀▀█
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█                      █
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█  ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄  █
█                      █
█  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  █
█                      █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
██
██
██
██
██
██
██
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 3444
Merit: 5243



View Profile
November 22, 2013, 02:32:40 PM
 #27

My understanding was that the size of the proofs was the primary hurdle to implementation. Is that true?
There were several other additional limitations:

* Very slow to validate (e.g. on the order of 1-2 tx per second)
* Required a trusted party to initiate the accumulator, and if they violate that trust they could steal coins
* Uses cryptography which is less well studied
* Only handled anonymized coins with one value, reducing the anonymity set size substantially
* Didn't conceal values
* Spent coins list is needed for validation and grows forever (e.g. no pruning of the critical validation state).

Of these only the first two and the last are probably real barriers, the others are more "doesn't work as well as some hypothetical future system might".

There was no way within their prior system to achieve size reductions to the currently mentioned, I'd speculated in some other threads on some technology that could make the proofs smaller and faster, but if they've gone that route there may be some other consequences. It's hard to say much of anything useful without more information being made public.

I would note that the prior ZC implementation has been made available for some time now, and no altcoin has picked it up.
prospector1
Newbie
*
Offline Offline

Activity: 34
Merit: 0


View Profile
November 24, 2013, 01:51:56 PM
 #28

There are people very interested in ZC and who are watching closely. For various reasons they will not be appearing on BTCtalk Smiley
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1005


In Satoshi I Trust


View Profile WWW
November 24, 2013, 02:11:30 PM
 #29

who are the Devs behind this idea?

maaku
Legendary
*
expert
Offline Offline

Activity: 905
Merit: 1003


View Profile
November 25, 2013, 09:20:48 AM
 #30

* Spent coins list is needed for validation and grows forever (e.g. no pruning of the critical validation state).

I've found away around this limitation using a variant of the UTXO proof tree structure. A tree containing all spent tokens is constructible from the spend history visible in the chain history. Anyone holding an unspent token maintains an insertion-proof into this tree, which is included as part of the spend. Validating nodes need only keep the root hash for a given series, which is updated after validating each spend.

But the other two points remain as major obstacles...

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 3444
Merit: 5243



View Profile
November 25, 2013, 09:32:35 AM
 #31

I've found away around this limitation using a variant of the UTXO proof tree structure. A tree containing all spent tokens is constructible from the spend history visible in the chain history. Anyone holding an unspent token maintains an insertion-proof into this tree, which is included as part of the spend. Validating nodes need only keep the root hash for a given series, which is updated after validating each spend.
Sounds a lot like the MMR stuff Peter Todd has been talking about, but I don't think it applies in the anonymous context.

In an anonymous system the unspent coins are blinded in some way or another and you use a proof to show that your spend is spending a coin from the set of unspent coins (without revealing which blind-unspent coin it was), and then that unblinded coin is put into a list to prevent spending it again.

Any way that avoids the storage problem by linking the spend to the particular unspent coin (e.g. removing it) isn't anonymous.

I know how to prevent it from growing forever though, but it trades off the anonymity set and the reliability of storage:. E.g. you have generations of unspent coins, and all unspent coins from a particular generation must be spent before a certain time. Once that time passes your spent list can also be purged.

At least in what Peter Todd's been thinking about there is an additional complication that when adjacent branches in this updating tree of unspent outputs you must update your proof... so it creates an interesting business opportunity for nodes that track the whole state in order to help offline spenders figure out the proof they need.

 

maaku
Legendary
*
expert
Offline Offline

Activity: 905
Merit: 1003


View Profile
November 25, 2013, 06:03:07 PM
 #32

Yes, it's exactly MMR applied to the Chaum token double-spend db. This solves the problem of maintaining that ever-increasing list of unblinded, spent tokens by pushing the problem out of the validators and onto the people holding the coins. Proof size grows with log2 the number of spent tokens, but the proofs can be thrown away once validated (as they can be reconstructed from the block chain history).

It doesn't link the spend to the original coin however, as we're only dealing with revelation of the unblinded tokens. You still need some sort of ZKP that the unblinded token was out of the original set of blinded tokens.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 3444
Merit: 5243



View Profile
November 25, 2013, 11:36:27 PM
 #33

Got it, for some reason I was not seeing that the coin owner knows their (blinded) coin ID from the moment the coin is created, and thus can track the proof for where that coin belongs in the spent tree... or they could not do so and trust that they'll be able to find someone else who has when they need it. Makes sense.
Pages: 1 2 [All]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!