I'm also one of those who can't wait for zerocash.
I expect massive adoption by sites like silk road 2.0 and such. I expect several states declaring it illegal. And of course I expect its value to heavily rise in the middle of war with governments and other negative-hype-raising events.
It'll be grand, my friends.
In the video Dr. Green urged everyone to be cautious about the adoption of the currency -- there's one pitfall if I understand correctly, and that is that since everything is obscured (even the generation of new coins via block subsidy), you can't observe actual inflation in the currency (just try to predict it based on the programming of the source code). That is, if there were a bug and someone were to generate 2 billion coins (as what
happened with Bitcoin), there's no real way to observe that.
Worse than that, if the creator of the master configuration parameters for Zerocash wants he can create unlimited coins and no one will ever know.
This was also true with Zerocoin, except that the counterfeit coins would need to be less than the mints minus spends.
Creating the master key in a ceremony doesn't guarantee the computer isn't backdoored or someone isn't using technology to sniff over the air-gap. And no one will ever know if it was intercepted or not. It is impossible to know the money supply.
Worse yet, 9ms verification is still way too slow to scale to any reasonable number of transactions per block, unless we only allow server farms to be full nodes (well Bitcoin is headed that way any way with one pool controlling more than 50% of the mining hash rate now).
This iteration will never be in a widely adopted serious coin.
They need more years to improve it and for cryptanalysis to vet it. Can you imagine putting this new crypto in a coin then later it is broken and chaos reigns.
Exciting development, but nothing for us to use any time soon.
Actually the original Zerocoin is superior but for a different application.
P.S. Just wait until DarkCoin's CoinJoin is denial-of-service attacked (if necessary I will do it to prove it is vulnerable, will wait until it becomes more popular then bet short on it and DOS-attack it). Tried to tell them that, but they didn't want to listen. Oh well. CoinJoin can't be protected against this because it is a two-step process (not atomic). Go read my debate with gmaxwell in the CoinJoin thread. Blacklisting input addresses is futile.
