moni3z (OP)
|
|
May 19, 2014, 05:05:19 AM Last edit: May 19, 2014, 06:20:07 PM by moni3z |
|
http://zerocash-project.org/Presented today at IEEE Security & Privacy conference. tl;dr Essentially you can encrypt transactions using zero knowledge proofs so the system can verify they are valid without knowing any details about them. It's an add on to existing cryptocurrencies to create a cash like function to thwart metadata/tracking. Also "We plan to release an altcoin that uses the Zerocash protocol." so you can mine this new coin to try the cash feature, or devs can drop it in an existing altcoin to get anonymous cash feature. No idea if Bitcoin devs will include it but I imagine most altcoins will from now on once they release their client. Trusted crypto engineers developed it, like Matthew Green http://zerocash-project.org/about_us He has more info on his site http://blog.cryptographyengineering.com/ Edit: remember Zerocash != Zerocoin
|
|
|
|
stealth923
Legendary
Offline
Activity: 1036
Merit: 1000
|
|
May 19, 2014, 05:45:23 AM Last edit: May 19, 2014, 06:56:30 AM by stealth923 |
|
http://zerocash-project.org/q_and_a"Zerocash requires a trusted entity to conduct a one-time setup of the parameters of the system. During the setup procedure, secret random bits are drawn and used to compute the public parameters; the random bits are then destroyed, and the parameters are broadcast. " http://zerocash-project.org/media/pdf/zerocash-oakland2014.pdf"This work was supported by: ; the U.S. Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL) under contract FA8750- 11-2-0211;" If you held the key to something which could be worth alot of money or sell later on - would you destroy it.....Would you trust that process or if the key is sold to the highest bidder/NSA, unmasking the entire block chain only for them... Not to mention massive single point of failure! - Crack the "random bits" used during setup...the entire currency becomes worthless... No Thanks....
|
|
|
|
shekelsteingoyberg2
Member
Offline
Activity: 71
Merit: 10
|
|
May 19, 2014, 06:23:33 AM |
|
https://forum.cryptonote.org/viewtopic.php?f=2&t=18"Another important note is about trusted setup in Zerocoin. In easy words the whole system is based on some secret values nobody should know (for example, this secret allows to make a double spend). How to acquire these values? ZC devs says: we can generate them and then "forget" OR we can implement the special algorithm to do in a distributed way at the system start (everybody know only his own part of the secret). The second option, of course, is preferable, but the problem of trust still remains: there is no way for new users to be sure they are not fooled by the early adopters, who has generated the secret values. As you guess, our system has no such trapdoors: every parameter is public, as in original Bitcoin. We consider this as a major advantage over ZC." Essentially this means Israel/USA may control Zerocash completely. I'm tempted to say screw Zerocash. Why should we entrust Zerocash?
|
|
|
|
moni3z (OP)
|
|
May 19, 2014, 06:40:35 AM Last edit: May 19, 2014, 06:54:00 AM by moni3z |
|
http://zerocash-project.org/q_and_a"Zerocash requires a trusted entity to conduct a one-time setup of the parameters of the system. During the setup procedure, secret random bits are drawn and used to compute the public parameters; the random bits are then destroyed, and the parameters are broadcast. " http://zerocash-project.org/media/pdf/zerocash-oakland2014.pdf"This work was supported by: ; the U.S. Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL) under contract FA8750- 11-2-0211;" If you held the key to something which could be worth alot of money or sell later on - would you destroy it.....Would you trust that process or if the key is sold to the highest bidder/NSA, unmasking the entire block chain only for them... Not to mention massive single point of failure! - Crack the private key...the entire currency becomes worthless... No Thanks.... There is no private key. There is a one-time setup where random bits are pulled, and you have to trust that entity isn't storing them just like you have to trust your CPU manufacturer hasn't left in backdoors to remotely flip your CPU to Ring 0, that Gavin won't sell the alert key to the highest bidder to spam the system, that whatever altcoin you're using isn't built with backdoored curves, that all miners won't conspire for an attack on the system ect ect. This uses zero knowledge proofs which allows the system to do valid transactions without knowing the details of who transferred to who. You integrate it with an existing cryptocurrency, Litecoin or anybody else could add Zerocash as a feature.
|
|
|
|
stealth923
Legendary
Offline
Activity: 1036
Merit: 1000
|
|
May 19, 2014, 06:55:54 AM |
|
http://zerocash-project.org/q_and_a"Zerocash requires a trusted entity to conduct a one-time setup of the parameters of the system. During the setup procedure, secret random bits are drawn and used to compute the public parameters; the random bits are then destroyed, and the parameters are broadcast. " http://zerocash-project.org/media/pdf/zerocash-oakland2014.pdf"This work was supported by: ; the U.S. Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL) under contract FA8750- 11-2-0211;" If you held the key to something which could be worth alot of money or sell later on - would you destroy it.....Would you trust that process or if the key is sold to the highest bidder/NSA, unmasking the entire block chain only for them... Not to mention massive single point of failure! - Crack the private key...the entire currency becomes worthless... No Thanks.... There is no private key. There is a one-time setup where random bits are pulled, and you have to trust that entity isn't storing them just like you have to trust your CPU manufacturer hasn't left in backdoors to remotely flip your CPU to Ring 0, that Gavin won't sell the alert key to the highest bidder to spam the system, that whatever altcoin you're using isn't built with backdoored curves, that all miners won't conspire for an attack on the system ect ect. This uses zero knowledge proofs which allows the system to do valid transactions without knowing the details of who transferred to who. You integrate it with an existing cryptocurrency, Litecoin or anybody else could add Zerocash as a feature. Apologies - I meant if someone cracks the "random bits" that are used as part of the initial setup...then its worthless.....updated my original post.
|
|
|
|
moni3z (OP)
|
|
May 19, 2014, 07:00:51 AM |
|
http://zerocash-project.org/q_and_a"Zerocash requires a trusted entity to conduct a one-time setup of the parameters of the system. During the setup procedure, secret random bits are drawn and used to compute the public parameters; the random bits are then destroyed, and the parameters are broadcast. " http://zerocash-project.org/media/pdf/zerocash-oakland2014.pdf"This work was supported by: ; the U.S. Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL) under contract FA8750- 11-2-0211;" If you held the key to something which could be worth alot of money or sell later on - would you destroy it.....Would you trust that process or if the key is sold to the highest bidder/NSA, unmasking the entire block chain only for them... Not to mention massive single point of failure! - Crack the private key...the entire currency becomes worthless... No Thanks.... There is no private key. There is a one-time setup where random bits are pulled, and you have to trust that entity isn't storing them just like you have to trust your CPU manufacturer hasn't left in backdoors to remotely flip your CPU to Ring 0, that Gavin won't sell the alert key to the highest bidder to spam the system, that whatever altcoin you're using isn't built with backdoored curves, that all miners won't conspire for an attack on the system ect ect. This uses zero knowledge proofs which allows the system to do valid transactions without knowing the details of who transferred to who. You integrate it with an existing cryptocurrency, Litecoin or anybody else could add Zerocash as a feature. Apologies - I meant if someone cracks the "random bits" that are used as part of the initial setup...then its worthless.....updated my original post. The coin is still worth whatever it's value, all Zerocash does is add a feature where you can now trade coins like cash with no trace on the blockchain. So if Zerocash fails then people can read the blockchain like normal and see transactions going to various addresses, which they can already see now. It's unlikely the developers of say, Litecoin would copy /dev/urandom during setup so you can likely trust them. Or trust yourself, if you decided to release your own altcoin and add this feature in.
|
|
|
|
stealth923
Legendary
Offline
Activity: 1036
Merit: 1000
|
|
May 19, 2014, 07:14:23 AM |
|
http://zerocash-project.org/q_and_a"Zerocash requires a trusted entity to conduct a one-time setup of the parameters of the system. During the setup procedure, secret random bits are drawn and used to compute the public parameters; the random bits are then destroyed, and the parameters are broadcast. " http://zerocash-project.org/media/pdf/zerocash-oakland2014.pdf"This work was supported by: ; the U.S. Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL) under contract FA8750- 11-2-0211;" If you held the key to something which could be worth alot of money or sell later on - would you destroy it.....Would you trust that process or if the key is sold to the highest bidder/NSA, unmasking the entire block chain only for them... Not to mention massive single point of failure! - Crack the private key...the entire currency becomes worthless... No Thanks.... There is no private key. There is a one-time setup where random bits are pulled, and you have to trust that entity isn't storing them just like you have to trust your CPU manufacturer hasn't left in backdoors to remotely flip your CPU to Ring 0, that Gavin won't sell the alert key to the highest bidder to spam the system, that whatever altcoin you're using isn't built with backdoored curves, that all miners won't conspire for an attack on the system ect ect. This uses zero knowledge proofs which allows the system to do valid transactions without knowing the details of who transferred to who. You integrate it with an existing cryptocurrency, Litecoin or anybody else could add Zerocash as a feature. Apologies - I meant if someone cracks the "random bits" that are used as part of the initial setup...then its worthless.....updated my original post. The coin is still worth whatever it's value, all Zerocash does is add a feature where you can now trade coins like cash with no trace on the blockchain. So if Zerocash fails then people can read the blockchain like normal and see transactions going to various addresses, which they can already see now. It's unlikely the developers of say, Litecoin would copy /dev/urandom during setup so you can likely trust them. Or trust yourself, if you decided to release your own altcoin and add this feature in. I can see the value proposition of adding on top of the coin but imagine if LiteCoin implemented ZeroCash, its value went up as people used it more....The coin dev secretly kept the setup key or someone cracked it...everyone's hidden transactions were broadcast. I dont think people would a) want to use the currency anymore b) sell off as fast as possible....worthless...
|
|
|
|
shekelsteingoyberg2
Member
Offline
Activity: 71
Merit: 10
|
|
May 19, 2014, 07:34:08 AM |
|
I can see the value proposition of adding on top of the coin but imagine if LiteCoin implemented ZeroCash, its value went up as people used it more....The coin dev secretly kept the setup key or someone cracked it...everyone's hidden transactions were broadcast.
I dont think people would a) want to use the currency anymore b) sell off as fast as possible....worthless...
Exactly, it sounds like an NSA/GCHQ/Israeli backdoor or a disaster waiting to happen. Darkcoin will be implementing Cryptonote ring signatures in version 2, so Zerocash is practically pointless as long the Darkcoin team keeps working.
|
|
|
|
calvinstm
|
|
May 19, 2014, 10:07:04 AM |
|
Does anyone know what happened to the zerocoin project? Where can I purchase it? Thankx!
|
|
|
|
gmaxwell
Staff
Legendary
Offline
Activity: 4186
Merit: 8421
|
|
May 19, 2014, 10:08:54 AM |
|
Darkcoin will be implementing Cryptonote ring signatures in version 2, so Zerocash is practically pointless as long the Darkcoin team keeps working.
Why wait for darkcoin v2? I mean if its just copying stuff in bytecoin then you can already use that.
|
|
|
|
|
Vertcoin
|
|
May 19, 2014, 12:39:35 PM |
|
What is your username in Hacker news, so I can read it correctly.
|
VTC Stealth Address : vJmt8sF4iySr2RnJdZJdqk7CbJMQzwPwQwUsQwKF27qPE7qv9gfhjYqD6VapALi6jv8j6VKUvXYEto6 xmtxoq9oUyBXbV9XsYdt6sA Please contact us via contact[at]vertcoin.org only, do not PM.
|
|
|
drawingthesun
Legendary
Offline
Activity: 1176
Merit: 1015
|
|
May 19, 2014, 01:07:43 PM |
|
Darkcoin will be implementing Cryptonote ring signatures in version 2, so Zerocash is practically pointless as long the Darkcoin team keeps working.
Why wait for darkcoin v2? I mean if its just copying stuff in bytecoin then you can already use that. Or use Monero.
|
|
|
|
Brilliantrocket
|
|
May 19, 2014, 02:23:06 PM |
|
Darkcoin will be implementing Cryptonote ring signatures in version 2, so Zerocash is practically pointless as long the Darkcoin team keeps working.
Why wait for darkcoin v2? I mean if its just copying stuff in bytecoin then you can already use that. Because it wasn't 80% premined on the dark web?
|
|
|
|
Brilliantrocket
|
|
May 19, 2014, 02:24:21 PM |
|
You'd have to be an idiot to use Zerocash, considering who funded the research.
|
|
|
|
gmaxwell
Staff
Legendary
Offline
Activity: 4186
Merit: 8421
|
|
May 19, 2014, 05:55:29 PM |
|
What is your username in Hacker news, so I can read it correctly.
NullC.
|
|
|
|
dewdeded
Legendary
Offline
Activity: 1232
Merit: 1011
Monero Evangelist
|
|
May 19, 2014, 05:58:46 PM |
|
Why wait for darkcoin v2? I mean if its just copying stuff in bytecoin then you can already use that.
Gregory, can you please your full opinion or even better an analysis of ZeroCash and the new ZeroCash paper? Many people would be intrested in reading this, because they trust you very much.
|
|
|
|
moni3z (OP)
|
|
May 19, 2014, 06:11:19 PM |
|
Why wait for darkcoin v2? I mean if its just copying stuff in bytecoin then you can already use that.
Gregory, can you please your full opinion or even better an analysis of ZeroCash and the new ZeroCash paper? Many people would be intrested in reading this, because they trust you very much. He did on HN https://news.ycombinator.com/threads?id=nullc
|
|
|
|
dewdeded
Legendary
Offline
Activity: 1232
Merit: 1011
Monero Evangelist
|
|
May 19, 2014, 06:16:45 PM |
|
Thank you.
|
|
|
|
Joshuar
|
|
May 19, 2014, 06:19:24 PM |
|
You'd have to be an idiot to use Zerocash, considering who funded the research.
This^^, Zerocash has too many flaws. Rather use Darkcoin.
|
❱❱ | | ██ █║█ ║║║ ║║║ █║█ ██ | | | | | ▄██▄ ▄██████▄ ▄██████████ ▄██████████▀ ▄▄ ▄██████████▀ ▄████▄ ▄██████████▀ ████████▄ ██████████▀ ▀████████ ▀███████▀ ▄███▄ ▀████▀ ▄█▄ ▄███▄ ▀███▀ ▄███████▄ ▀▀ ▄█████▄ ▄███████▄ ▄██████████ ▄█████████ █████████ ▄██████████▀ ▄██████████▀ ▀█████▀ ▄██████████▀ ▄██████████▀ ▀▀▀ ▄██████████▀ ▄██████████▀ ██████████▀ ▄██████████▀ ▀███████▀ █████████▀ ▀███▀ ▄██▄ ▀█████▀ ▄██████▄ ▀▀▀ █████████ ▀█████▀ ▀▀▀ | | e i d o o ██
| | ▄██▄ ▄██████▄ ▄██████████ ▄██████████▀ ▄▄ ▄██████████▀ ▄████▄ ▄██████████▀ ████████▄ ██████████▀ ▀████████ ▀███████▀ ▄███▄ ▀████▀ ▄█▄ ▄███▄ ▀███▀ ▄███████▄ ▀▀ ▄█████▄ ▄███████▄ ▄██████████ ▄█████████ █████████ ▄██████████▀ ▄██████████▀ ▀█████▀ ▄██████████▀ ▄██████████▀ ▀▀▀ ▄██████████▀ ▄██████████▀ ██████████▀ ▄██████████▀ ▀███████▀ █████████▀ ▀███▀ ▄██▄ ▀█████▀ ▄██████▄ ▀▀▀ █████████ ▀█████▀ ▀▀▀ | | | | | ██ █║█ ║║║ ║║║ █║█ ██ | | ❰❰ | | |
|
|
|
|