There will still be market for NSA-proof coins, when/if such can be developed.
Hm, this seems like a good spot to start a summarized bucket list for myself of things that can/can't be in such a coin. I would have to consider such a coin to be ideal, and the list will be comprised of ideal needs. My thoughts on much of this are more toward a global adversary surpassing the capability of the combined efforts of the NSA/any other intelligence agencies, in order to not distract from the list. In such a scenario, global adversary is some variable that has all known or understood (and most likely many unknown) capabilities, yet may not be any particular entity that anyone's familiar with .. an ideal adversary. Such a scenario would be so overwhelming that the combination of all intelligence agencies as well as the rest of the world would be required to cooperate in global unity against this malignant adversary .. yet is not so powerful as to escape all logic so as to have a chance to thwart it, IE: not omnipotent.
-It can't have a publicly observable blockchain (with linkable transactions), but proof of payment must be able to be obtained (from the blockchain), and capable of being shared with a third party by at least both of the parties involved (with consent of at least one of the two). Corporations are hesitant to enter into Bitcoin due to all their transactions being open for competitors (ty rpietila). Proof of payment is required, because despite the next twenty years .. I'd like to assume we'd find stability in any future after that where people consent to being judged by a court of law. Courts can only demand remuneration if proof can be obtained.
-It needs to hide the functionality of the program through an ISP or whatever communication method is used. As the internet is the most widely available and practical, it would probably have to mask its functionality over the internet. This would require both encryption of traffic and the prevention of timing attacks to prevent feasible data-mining. It cannot be a low-latency
Chaum mix-net, due specifically to timing attacks. Perhaps it should be usable over multiple communication methods? Maybe the low-latency should be addressed, as suggested by Anonymint -- Is this addressable? Regardless, an ideal adversary will have the capability to single you out amongst any amount of logically localized people and both capture and then decipher your internet traffic (or store it for such on a later date -- perhaps one where full decryption is possible). From this data, a private 'un-obscured blockchain' could be constructed and put up for sale. This would ultimately prove to be very lucrative and would eliminate the benefit established by an obscured blockchain in the first place (see above paragraph).
-It cannot be susceptible to quantum computing in any way. I believe Anonymint and gmaxwell have mentioned that the usage of Winternitz/Lamport signatures as a valid means of subverting double spends. Using quantum computing, double spends can be executed with ease on existing elliptic curve technologies .. so post-quantum cryptography will need to be in order. This needs to be extended to the encryption of the internet traffic between nodes, and the PoW (if used). The usage of Lamport signatures has been described as "inefficient in size to be implemented anywhere at all (CN Site)", which will need to be explained.
-It would need to be based on well-vetted cryptography, for no other reason than to have a chance at gaining trust. See book titled Post Quantum Cryptography? It needs to have been around long enough to say that there's no way around it; however, this is enigmatic because if such methodologies were already implemented there would be less/more refined/different requirements overall for this ideal coin.
-It would need to be scalable, to the demographic that it serves. Should failed larger demographic support be alleviated by having multiple active forks? Compare to visa/mastercard (whose presence indicates forks will be favored over one world digital currency) in thousands of tx/minute .. or bank accounts that store value for years. This is scale. Can it hold value representative of those that want to store value (perfection is not required, but a reasonable level of storage must be provided over a given comfortable time frame - losses can be offset with other investments) and can it process transactions representative of those that want to transact. Scalability can be confirmed so long as both of the answers to those questions remains yes at the current time in which they are asked.
-It should operate using a PoW method, in order to prevent spam -- should it also be able to broadcast communications (the alternative implication here is that a suitable ideal communications system would logically present itself before an ideal coin -- in which case the question here would be: should the ideal communication system be able to support the ideal coin)? Some form of sybil attack prevention is necessary to prevent the network from being needlessly clogged up for a very little cost. PoW has the most sensible distribution method -- I don't have to cross my fingers and hope a currency merchant comes along for me to buy currencies from, I don't need to sign up for anything .. I just have to download a program and let my computer solve hashes. A pervasive, unhindered and trustless distribution model will and has provably served for deeper penetration into a larger demographic .. and goes a long way toward preventing extreme relative value centralization (relative to the current value stored in the market).
-The PoW method involved must provide some form of equality (egalitarian) of all parties involved. One cpu, one vote. If the world was reduced to only cryptocurrencies now, we would be in a feudal system as there is hardware that is not common and is targeted to be owned by only a few people (GPU -> FPGA -> ASIC -> embedded ASIC(ex: CPU instruction sets) -> ?). This was one of the the same reasons Wal-Mart did not pay its employees with Wal-Mart dollars. The idea is that, if people were completely reliant on CC's, then they would most likely feel a compulsion to vote for protocol changes and would be given the means of doing so by moving their hashpower to different forks to achieve valid and shared consensus .. rather than looking at it from a solely profit-seeking perspective. Mining is being downplayed right now .. I think this is one perspective that has been lost (or perhaps outdated .. ?). AES fails random oracle - citation needed. PoW that is memory hard in latency/bandwidth seems to slow down computationally aggressive algorithms - the excessive complication is really only to serve the purpose of preserving a one cpu/one vote paradigm .. else there's no reason to be memory intensive (complicated) at all. Without that distinction, why not just have processors calculate the sum of one in a loop for any given time period?
-It would need to act as both a store of value, and instrument of transaction. See scalable.
-It cannot rely solely on one or a few individual points of technical support outside the protocol itself (but also commanded to operate by the protocol) that can lead to catastrophic systemic failure at any point in its existence, or for any extended length of time in such existence (one-time setup parameters etc ..); it must be able to provably function without these targetable physical anchors to events outside of the core software itself having ever existed. The only anchors it can be tethered by must be ubiquitous relative to the element of physical reality it is deployed in.
-It cannot process excess transactions at any particular localized point (no one point can be favored), be it logical on a network or concentrated in one geographic location. Concentrated points of potential malfunction are the easiest targets for any aggressor, and would undoubtedly be the first vector for an attack. Total distribution of transaction processing is required. A cross comparison here is that we already have logical locations where transactions are processed in 2014. Any bank is an extreme example of a centralized transaction processor; only, it concentrates funds as well as transactions (sound familiar?). During a bank run, the doors will be closed in the event of an attack. Specifically the point is that -- if there were an attack, not only will the localized transaction points be an attack surface for the aggressor .. they will also be an attack surface for the unwitting defender. Surely anything being attacked by two ideal forces will succumb to the assault. Would you feel comfortable with your funds in a different geographical location when they could be in your pocket during said attack?
-Blockchain needs to be pruned? - need sources about this, for science. Also mini-blockchain implementation?
-It would need to operate on as many types of processing hardware available. To the extent where mining with my toaster isn't out of the picture. The vote for consensus needs to be as representative as possible. I need to ask for more for myself than to be considered less than 3/5 of a person, no matter how right or wrong it makes me look. ASIC will need to be universally available upon creation -- the ability to make it ubiquitous will offset any gains it provides toward other hardware. This will most likely need to include low-level integration into pre-existing commodity hardware (far future), and short-term inexpensive deployment of suitable mining hardware (ant miner). On low level integration: Goods that can produce value will be able to offest any type of inflation/deflation based on the fact that they 'produce' value in addition to their intrinsic value. Example: cost of a keyboard that serves as a dual purpose ant miner will have a value that might be able to match future inflation/deflation - more thought needed on subject.
-All software involved will need to reach a level of refinement competitive with that which is offered by banks, paypal, windows, macintosh etc .. to the point where (you guessed it) grandma can do it and grandpa can do more than saying he can do it. To aim to replace that which you claim to replace, you must be able to compete on every level. One of the most important of which, after public release, is that of the end-user experience; however, the extent to which 'friendliness' is required is dictated heavily by the need and demand for the software in the first place.
-It would absolutely require well-funded developer(s). Rockets to Mars aren't fueled by hopes and dreams alone. Platforms like lighthouse/kickstarter need to be in place asap. Possible last resort reasonable premine/controlled emission (though this really does kill the whole idea of everyone paying the market price .. therefore possibly fungibility)? Keep in mind, people have dealt with Satoshi's (though arguably not a premine, just a solid example of a major developer funding) for years now, so it's strange that this is an issue. Perhaps because he's/they're not spending it?
-The wallet needs to exist in multiple forms, not just data on your computer (deterministic, physical etc ..). Keeping it in one form invites constant losses. To have many forms like water.
-It will also require support of a demographic that needs/wants anonymity. Specifically third parties going out of their way to be in line with the currency and the demographics views. Third parties offering private/anonymous solutions to things like marketplaces, exchanges and possibly even many mining pools will simply be out of reach for a core team. It requires participation .. and this is something that can be provided and possibly even coerced by both ideal parties. Perhaps some physiological catalyst could spur a drive for this.
-The mining, if PoW based, cannot be centralized, or at very least the ability to perform a 51% attack needs to be eliminated in total. This again falls back on if the world was reduced to using only CC's to transact, we'd have one global power dictating protocol changes through an inevitable miner takeover (assuming a 51% attack does not occur). Those on the winning team .. tend to stay on the winning team. Not to mention the whole possibility of infinite money issue.
-The value of one unit cannot be allowed to escalate toward infinity nor zero relative to the actual sum of value attributed by/to the demographic using it. It cannot be based solely on transaction fees. Bank income is 40% of its income (citation needed). Either way, the cross comparison here is that the p2p network is now your decentralized world bank .. it most likely would not be able to function on a small sum of value. Coins are lost through lost wallets, forgotten passwords/seeds, sending to wrong address. Fixed % inflation vs. fixed supply. A high debasement furthers adoption by keeping a distributed adoption model, see PoW argument. Debasement cannot outpace purchasing power.
The countdown timer for these requirements is most likely 1.25 years judging from sources provided by Anonymint.
I'll be adding things to this list as I come across them.
Further reading:
Good List of ArticlesIs there any _true_ anonymous cryptocurrencies?
Poll
