Zerocash paper released

[moni3z]

http://zerocash-project.org/
Presented today at IEEE Security & Privacy conference.

tl;dr

Essentially you can encrypt transactions using zero knowledge proofs so the system can verify they are valid without knowing any details about them. It's an add on to existing cryptocurrencies to create a cash like function to thwart metadata/tracking.

Also "We plan to release an altcoin that uses the Zerocash protocol." so you can mine this new coin to try the cash feature, or devs can drop it in an existing altcoin to get anonymous cash feature. No idea if Bitcoin devs will include it but I imagine most altcoins will from now on once they release their client.

Trusted crypto engineers developed it, like Matthew Green http://zerocash-project.org/about_us
He has more info on his site http://blog.cryptographyengineering.com/

Edit: remember Zerocash != Zerocoin

[1714980579]

1714980579

[1714980579]

1714980579

[1714980579]

1714980579

[stealth923]

http://zerocash-project.org/q_and_a
"Zerocash requires a trusted entity to conduct a one-time setup of the parameters of the system. During the setup procedure, secret random bits are drawn and used to compute the public parameters; the random bits are then destroyed, and the parameters are broadcast. "

http://zerocash-project.org/media/pdf/zerocash-oakland2014.pdf
"This work was supported by: ; the U.S. Defense
Advanced Research Projects Agency (DARPA) and the Air
Force Research Laboratory (AFRL) under contract FA8750-
11-2-0211;"

If you held the key to something which could be worth alot of money or sell later on - would you destroy it.....Would you trust that process or if the key is sold to the highest bidder/NSA, unmasking the entire block chain only for them...

Not to mention massive single point of failure! - Crack the "random bits" used during setup...the entire currency becomes worthless...


No Thanks....

[shekelsteingoyberg2]

https://forum.cryptonote.org/viewtopic.php?f=2&t=18

"Another important note is about trusted setup in Zerocoin. In easy words the whole system is based on some secret values nobody should know (for example, this secret allows to make a double spend). How to acquire these values? ZC devs says: we can generate them and then "forget" OR we can implement the special algorithm to do in a distributed way at the system start (everybody know only his own part of the secret). The second option, of course, is preferable, but the problem of trust still remains: there is no way for new users to be sure they are not fooled by the early adopters, who has generated the secret values. As you guess, our system has no such trapdoors: every parameter is public, as in original Bitcoin. We consider this as a major advantage over ZC."

Essentially this means Israel/USA may control Zerocash completely. I'm tempted to say screw Zerocash.

Why should we entrust Zerocash?

[moni3z]

http://zerocash-project.org/q_and_a
"Zerocash requires a trusted entity to conduct a one-time setup of the parameters of the system. During the setup procedure, secret random bits are drawn and used to compute the public parameters; the random bits are then destroyed, and the parameters are broadcast. "

http://zerocash-project.org/media/pdf/zerocash-oakland2014.pdf
"This work was supported by: ; the U.S. Defense
Advanced Research Projects Agency (DARPA) and the Air
Force Research Laboratory (AFRL) under contract FA8750-
11-2-0211;"

If you held the key to something which could be worth alot of money or sell later on - would you destroy it.....Would you trust that process or if the key is sold to the highest bidder/NSA, unmasking the entire block chain only for them...

Not to mention massive single point of failure! - Crack the private key...the entire currency becomes worthless...


No Thanks....

There is no private key. There is a one-time setup where random bits are pulled, and you have to trust that entity isn't storing them just like you have to trust your CPU manufacturer hasn't left in backdoors to remotely flip your CPU to Ring 0, that Gavin won't sell the alert key to the highest bidder to spam the system, that whatever altcoin you're using isn't built with backdoored curves, that all miners won't conspire for an attack on the system ect ect.

This uses zero knowledge proofs which allows the system to do valid transactions without knowing the details of who transferred to who. You integrate it with an existing cryptocurrency, Litecoin or anybody else could add Zerocash as a feature.

[stealth923]

http://zerocash-project.org/q_and_a
"Zerocash requires a trusted entity to conduct a one-time setup of the parameters of the system. During the setup procedure, secret random bits are drawn and used to compute the public parameters; the random bits are then destroyed, and the parameters are broadcast. "

http://zerocash-project.org/media/pdf/zerocash-oakland2014.pdf
"This work was supported by: ; the U.S. Defense
Advanced Research Projects Agency (DARPA) and the Air
Force Research Laboratory (AFRL) under contract FA8750-
11-2-0211;"

If you held the key to something which could be worth alot of money or sell later on - would you destroy it.....Would you trust that process or if the key is sold to the highest bidder/NSA, unmasking the entire block chain only for them...

Not to mention massive single point of failure! - Crack the private key...the entire currency becomes worthless...


No Thanks....

There is no private key. There is a one-time setup where random bits are pulled, and you have to trust that entity isn't storing them just like you have to trust your CPU manufacturer hasn't left in backdoors to remotely flip your CPU to Ring 0, that Gavin won't sell the alert key to the highest bidder to spam the system, that whatever altcoin you're using isn't built with backdoored curves, that all miners won't conspire for an attack on the system ect ect.

This uses zero knowledge proofs which allows the system to do valid transactions without knowing the details of who transferred to who. You integrate it with an existing cryptocurrency, Litecoin or anybody else could add Zerocash as a feature.

Apologies - I meant if someone cracks the "random bits" that are used as part of the initial setup...then its worthless.....updated my original post.

[moni3z]

http://zerocash-project.org/q_and_a
"Zerocash requires a trusted entity to conduct a one-time setup of the parameters of the system. During the setup procedure, secret random bits are drawn and used to compute the public parameters; the random bits are then destroyed, and the parameters are broadcast. "

http://zerocash-project.org/media/pdf/zerocash-oakland2014.pdf
"This work was supported by: ; the U.S. Defense
Advanced Research Projects Agency (DARPA) and the Air
Force Research Laboratory (AFRL) under contract FA8750-
11-2-0211;"

If you held the key to something which could be worth alot of money or sell later on - would you destroy it.....Would you trust that process or if the key is sold to the highest bidder/NSA, unmasking the entire block chain only for them...

Not to mention massive single point of failure! - Crack the private key...the entire currency becomes worthless...


No Thanks....

There is no private key. There is a one-time setup where random bits are pulled, and you have to trust that entity isn't storing them just like you have to trust your CPU manufacturer hasn't left in backdoors to remotely flip your CPU to Ring 0, that Gavin won't sell the alert key to the highest bidder to spam the system, that whatever altcoin you're using isn't built with backdoored curves, that all miners won't conspire for an attack on the system ect ect.

This uses zero knowledge proofs which allows the system to do valid transactions without knowing the details of who transferred to who. You integrate it with an existing cryptocurrency, Litecoin or anybody else could add Zerocash as a feature.

Apologies - I meant if someone cracks the "random bits" that are used as part of the initial setup...then its worthless.....updated my original post.

The coin is still worth whatever it's value, all Zerocash does is add a feature where you can now trade coins like cash with no trace on the blockchain. So if Zerocash fails then people can read the blockchain like normal and see transactions going to various addresses, which they can already see now. It's unlikely the developers of say, Litecoin would copy /dev/urandom during setup so you can likely trust them. Or trust yourself, if you decided to release your own altcoin and add this feature in.

[stealth923]

http://zerocash-project.org/q_and_a
"Zerocash requires a trusted entity to conduct a one-time setup of the parameters of the system. During the setup procedure, secret random bits are drawn and used to compute the public parameters; the random bits are then destroyed, and the parameters are broadcast. "

http://zerocash-project.org/media/pdf/zerocash-oakland2014.pdf
"This work was supported by: ; the U.S. Defense
Advanced Research Projects Agency (DARPA) and the Air
Force Research Laboratory (AFRL) under contract FA8750-
11-2-0211;"

If you held the key to something which could be worth alot of money or sell later on - would you destroy it.....Would you trust that process or if the key is sold to the highest bidder/NSA, unmasking the entire block chain only for them...

Not to mention massive single point of failure! - Crack the private key...the entire currency becomes worthless...


No Thanks....

There is no private key. There is a one-time setup where random bits are pulled, and you have to trust that entity isn't storing them just like you have to trust your CPU manufacturer hasn't left in backdoors to remotely flip your CPU to Ring 0, that Gavin won't sell the alert key to the highest bidder to spam the system, that whatever altcoin you're using isn't built with backdoored curves, that all miners won't conspire for an attack on the system ect ect.

This uses zero knowledge proofs which allows the system to do valid transactions without knowing the details of who transferred to who. You integrate it with an existing cryptocurrency, Litecoin or anybody else could add Zerocash as a feature.

Apologies - I meant if someone cracks the "random bits" that are used as part of the initial setup...then its worthless.....updated my original post.

The coin is still worth whatever it's value, all Zerocash does is add a feature where you can now trade coins like cash with no trace on the blockchain. So if Zerocash fails then people can read the blockchain like normal and see transactions going to various addresses, which they can already see now. It's unlikely the developers of say, Litecoin would copy /dev/urandom during setup so you can likely trust them. Or trust yourself, if you decided to release your own altcoin and add this feature in.

I can see the value proposition of adding on top of the coin but imagine if LiteCoin implemented ZeroCash, its value went up as people used it more....The coin dev secretly kept the setup key or someone cracked it...everyone's hidden transactions were broadcast.

I dont think people would a) want to use the currency anymore b) sell off as fast as possible....worthless...

[shekelsteingoyberg2]

I can see the value proposition of adding on top of the coin but imagine if LiteCoin implemented ZeroCash, its value went up as people used it more....The coin dev secretly kept the setup key or someone cracked it...everyone's hidden transactions were broadcast.

I dont think people would a) want to use the currency anymore b) sell off as fast as possible....worthless...

Exactly, it sounds like an NSA/GCHQ/Israeli backdoor or a disaster waiting to happen.
Darkcoin will be implementing Cryptonote ring signatures in version 2, so Zerocash is practically pointless as long the Darkcoin team keeps working.

[calvinstm]

Does anyone know what happened to the zerocoin project? Where can I purchase it?

Thankx! 

[gmaxwell]

Darkcoin will be implementing Cryptonote ring signatures in version 2, so Zerocash is practically pointless as long the Darkcoin team keeps working.

Why wait for darkcoin v2? I mean if its just copying stuff in bytecoin then you can already use that.

[gmaxwell]

I made a number of technical comments on it on Hacker news, along with some comparisons with some of the alternatives, https://news.ycombinator.com/item?id=7765455

[Vertcoin]

I made a number of technical comments on it on Hacker news, along with some comparisons with some of the alternatives, https://news.ycombinator.com/item?id=7765455

What is your username in Hacker news, so I can read it correctly.

[drawingthesun]

Darkcoin will be implementing Cryptonote ring signatures in version 2, so Zerocash is practically pointless as long the Darkcoin team keeps working.

Why wait for darkcoin v2? I mean if its just copying stuff in bytecoin then you can already use that.

Or use Monero.

[Brilliantrocket]

Darkcoin will be implementing Cryptonote ring signatures in version 2, so Zerocash is practically pointless as long the Darkcoin team keeps working.

Why wait for darkcoin v2? I mean if its just copying stuff in bytecoin then you can already use that.

Because it wasn't 80% premined on the dark web?

[Brilliantrocket]

You'd have to be an idiot to use Zerocash, considering who funded the research.

[gmaxwell]

What is your username in Hacker news, so I can read it correctly.

NullC.

[dewdeded]

Why wait for darkcoin v2? I mean if its just copying stuff in bytecoin then you can already use that.

Gregory, can you please your full opinion or even better an analysis of ZeroCash and the new ZeroCash paper?
Many people would be intrested in reading this, because they trust you very much.

[moni3z]

Why wait for darkcoin v2? I mean if its just copying stuff in bytecoin then you can already use that.

Gregory, can you please your full opinion or even better an analysis of ZeroCash and the new ZeroCash paper?
Many people would be intrested in reading this, because they trust you very much.

He did on HN
https://news.ycombinator.com/threads?id=nullc

[dewdeded]

Thank you.

[Joshuar]

You'd have to be an idiot to use Zerocash, considering who funded the research.

This^^, Zerocash has too many flaws. Rather use Darkcoin.