Zerocash paper released

[drawingthesun]

https://bitcointalk.org/index.php?topic=583449.1340

"So we can see as it is currently structured, CryptoNote doesn't really support anonymity much.

Sorry to blow holes in your enthusiasm. Reality sucks if you haven't taken the time to do some serious work before launching."

Thanks Brilliant.

His main point seems to be IP address tracking and blockchain pruning.

I think that both Zerocash/coin and Monero have the pruning issue, however how can they not? It's apart of the design and perhaps some super genius can one day work it out.

The negatives are not too bad. Monero is meant to be splitting payments into different amounts already.

Zerocash is still trusted and therefore unacceptable and AnonyMint also said that CoinJoin/DarkCoin is so far removed from the capabilities of Zero and Monero that it's not even in the same ball park.

So we are left with two current contenders, Monero and Zero.

Zero is somewhat trusted, so that is out.

All that is left is Monero.

Monero is broken if the NSA can crack the cryptography, the same cryptography that protects every bitcoin address.

[fluffypony]

https://bitcointalk.org/index.php?topic=583449.1340

"So we can see as it is currently structured, CryptoNote doesn't really support anonymity much.

Sorry to blow holes in your enthusiasm. Reality sucks if you haven't taken the time to do some serious work before launching."

LOL. That text contains gems such as:

coupled with constant use of elliptical curve cryptography which is known to be broken under quantum computing, as well is suspect to broken by the NSA[1] or could be broken since it is number theoretic public key cryptography.

I am struggling not to laugh while typing this, but it's too hysterical. If quantum computing exists in any usable form (it doesn't) or if elliptic curve crypto is broken by the NSA (unlikely) we are in WAY bigger trouble than "oh noez, can't spend magical Internet moneyz". Seriously. It's the equivalent of saying "it is suspected that the NSA can screendump every monitor in real time and capture mouse and keyboard movements, so the best thing to do is move to your own hardware you've built from scratch and your own operating system you've written from scratch." It's such an extreme case that it either doesn't exist, or if it does we've got bigger problems.

And the use of one-time ring signatures mucks up the pruning of the block chain of spent addresses. There is a tweak to improve this over the current CryptoNote (one of the tweaks I alluded to upthread).

Which makes SPV and thin clients difficult, but certainly does not affect anonymity on any level.

Bottom line is most of your anonymity will come from obfuscating your IP address with something more reliable than Tor and I2P, not from the block chain mixing of CryptoNote or Zerocash/coin, i.e. if your IP is correlated to your identity, then the one-time ring signature doesn't obscure your identity when you spend.

Monero and other CryptoNote coins can already use Tor.

The case where the one-time ring signature is really useful is a transaction with multiple inputs wherein the spender is merging his coins, thus enabling tracing of those coins to the same entity (the current spender). And it is very unfortunate the one-time ring signature is optional in this case, because it is the identity of the upchain spenders who suffer from this action by the current spender, thus the motivation is not there.

Those upchain spenders are the ones that either need to flush their inputs using a high mixin count, or they need to insist those sending funds to them do. This is not a technical issue, and is the equivalent of "I use WhateverAnonymousCoin but someone forgot to send coins anonymously to me".

So we can see as it is currently structured, CryptoNote doesn't really support anonymity much.

Agree to disagree.

Sorry to blow holes in your enthusiasm. Reality sucks if you haven't taken the time to do some serious work before launching.

Just to be clear: Monero supports all this joyful anonymity from today, not from "V2 guize!!!1111". Any problems, holes, and bugs will be ironed out over time. Any coin implementing ring signatures later will have the added disadvantage of still running in to issues later on. For me, personally, I'll stick to the software that will reach ring signature maturity faster.

Note that the use of a separate payee address for each transaction is a very useful strategy. This is a positive aspect of CryptoNote that adds anonymity, but again it is not so effective without reliable IP obfuscation, as the payee will reveal himself on spending.

Hence: Tor.

[TTM]

No matter what is better, Monero or Zerocash, just don't think they will be something very big like 'the next Bitcoin'.

The real demands for privacy and anonymity is actually small. For many people, Bitcoin's privacy is enough.

[drawingthesun]

No matter what is better, Monero or Zerocash, just don't think they will be something very big like 'the next Bitcoin'.

The actual demands for privacy and anonymity is actually small. For many people, Bitcoin's privacy is enough.

I talked to the son of a billionaire about using Bitcoin personally and for the business he is in (Oil).

He is smart and young and did his own research and in the end had to advise his fathers company against it and also decided it's not good for personal use. I asked him to explain. He said that he can't see any real business accepting the system because it's far too transparent.

Imagine we are in a Bitcoin centric world. You can easily get bitcoin into a company or to a friend (buying or gifting) and then you can watch their wallets. Bitcoin gives real time information into things like what investments you're buying, when and where you bought your local coffee and so much more.

The transparency provided by Bitcoin is creepy and invasive. I remember explaining this reality to my Dad when I was getting him into Bitcoin just a few weeks ago, he was amazed it had grown this much with such a massive hole.

Bitcoin is less private than using paypal, VISA, MasterCard or your bank. Because in those situations a trusted third party knows your business but the world at large doesn't.

My friend said his company can never use it, the competitive advantage it would give to other companies would be too much, they would be able to tell how much cash flow they had, where they send their money, what contractors they were using.

I personally have always been a little bit into the "we must have privacy! Bitcoin isn't enough!" line, but since talking with real world people it became obvious how bad it really is.

I doubt you are right.

How many bitcoin millionaires think twice before sending $10 for a pizza from their wallet, so much of this can be traced and it'll get worse in the future. Companies are popping up to put as many company and individual names to addresses as possible.

This technology is needed.

[Conurtrol]

No matter what is better, Monero or Zerocash, just don't think they will be something very big like 'the next Bitcoin'.

The actual demands for privacy and anonymity is actually small. For many people, Bitcoin's privacy is enough.

I talked to the son of a billionaire about using Bitcoin personally and for the business he is in (Oil).

He is smart and young and did his own research and in the end had to advise his fathers company against it and also decided it's not good for personal use. I asked him to explain. He said that he can't see any real business accepting the system because it's far too transparent.

Imagine we are in a Bitcoin centric world. You can easily get bitcoin into a company or to a friend (buying or gifting) and then you can watch their wallets. Bitcoin gives real time information into things like what investments you're buying, when and where you bought your local coffee and so much more.

The transparency provided by Bitcoin is creepy and invasive. I remember explaining this reality to my Dad when I was getting him into Bitcoin just a few weeks ago, he was amazed it had grown this much with such a massive hole.

Bitcoin is less private than using paypal, VISA, MasterCard or your bank. Because in those situations a trusted third party knows your business but the world at large doesn't.

My friend said his company can never use it, the competitive advantage it would give to other companies would be too much, they would be able to tell how much cash flow they had, where they send their money, what contractors they were using.

I personally have always been a little bit into the "we must have privacy! Bitcoin isn't enough!" line, but since talking with real world people it became obvious how bad it really is.

I doubt you are right.

How many bitcoin millionaires think twice before sending $10 for a pizza from their wallet, so much of this can be traced and it'll get worse in the future. Companies are popping up to put as many company and individual names to addresses as possible.

This technology is needed.

I posted this in the Nxt.org forum privacy discussion and user Eadeqa replies that a person could use a third party like bitpay or coinbase to maintain anonymity. -https://nxtforum.org/general-discussion/%28poll-by-post%29-does-nxt-need-anonymity/msg24596/?topicseen#msg24596

[drawingthesun]

I posted this in the Nxt.org forum privacy discussion and user Eadeqa replies that a person could use a third party like bitpay or coinbase to maintain anonymity. -https://nxtforum.org/general-discussion/%28poll-by-post%29-does-nxt-need-anonymity/msg24596/?topicseen#msg24596

The way I see it is, Monero is just a prototype, eventually, give it a year or two this tech is going to mature and the norm. I would like to see Crypto move towards a more cash like system, no trace back. I would not prefer to see it go to a more bank like system.

Anyway, it'll happen and Crypto's will have to be developed to adapt. (including both Bitcoin and Monero, because better things will come)

Will these coins sit on the sidelines and say "use coinbase" or instead embrace this tech?

This is why sidechains could be perfect for bitcoin, allowing this additional ability.

[Conurtrol]

I posted this in the Nxt.org forum privacy discussion and user Eadeqa replies that a person could use a third party like bitpay or coinbase to maintain anonymity. -https://nxtforum.org/general-discussion/%28poll-by-post%29-does-nxt-need-anonymity/msg24596/?topicseen#msg24596

The way I see it is, Monero is just a prototype, eventually, give it a year or two this tech is going to mature and the norm. I would like to see Crypto move towards a more cash like system, no trace back. I would not prefer to see it go to a more bank like system.

Anyway, it'll happen and Crypto's will have to be developed to adapt. (including both Bitcoin and Monero, because better things will come)

Will these coins sit on the sidelines and say "use coinbase" or instead embrace this tech?

This is why sidechains could be perfect for bitcoin, allowing this additional ability.

Thank you for the response.

[shekelsteingoyberg2]

Zerocash has a GCHQ/Israel/NSA backdoor.
Anoncoin devs consist of one fat neckbeard trying to do all the work (or claiming too, the commits I've seen consist of "changed namespace name")
Darkcoin is rumored to have a 5% pre-mine http://www.devtome.com/doku.php?id=a_massive_investigation_of_instamines_and_fastmines_for_the_top_alt_coins#darkcoin
Bytecoin has bad software that is undocumented with no GUI wallet, and the devs aren't transparent enough to say "we're working on it goys!"
Bitmonero is a shitty clonecoin made by a brazilian/paki/indian who claimed to be Ukrainian, just a source copy of Bytecoin with no real dev team or plans to actually make the software more usable.
Bytecoin also has an 80% premine.
Bitmonero probably won't have a GUI wallet until the Bytecoin devs make them one.

I'm not too interested in Zerocash at the moment, the developers would really have to go out of their way to practically livestream them starting the network and "forgetting" the master key.
Darksend will hopefully be finalized soon and on the way to decent ring sig software.

Bytecoin devs could improve too, Bitmonero devs (what devs?) could put forth more effort than changing a few variables and releasing a clone-coin, Anoncoin could implement the same Zerocash as the Israeli researchers and "destroy" the master key...  Darkcoin devs could address the "premine" allegations again.

Still a gamble.

Edit: it is documented, and there is a 3rd party GUI wallet now

[fluffypony]

Bitmonero is a shitty clonecoin made by a brazilian/paki/indian who claimed to be Ukrainian, just a source copy of Bytecoin with no real dev team or plans to actually make the software more usable.
Bitmonero probably won't have a GUI wallet until the Bytecoin devs make them one.

I don't know a single Brazilian, Pakistani, Indian, or Ukranian involved, and who cares even if there is?

I also contend your claim that there is "no real dev team" - are you in #monero-dev on Freenode? There is a very solid, concrete dev team that consists of developers from multiple continents including a handful who choose to remain anonymous.

"Plans to make the software more usable" is also nonsense - thus far we have not only found massive issues in the RPC API and either patched them or provided more correct documentation to those using Monero, but we have made our short-term and long-term plans clear. More specifically, you realise and understand that Bytecoin is so fundamentally flawed that their JSON RPC API documentation (such as it is) claims that the URL to use ends in a trailing slash, but this results in a 404 from the RPC API daemons? I mean, such a fundamental error for a coin that is apparently in existence for two years...

Finally, thus far we have improved the miner to 12x its original efficiency. To thank us for our hard work the Bytecoin devs merged our changes.

In other words, thus far only the Monero dev team have made any strides in improving and advancing the coin, and the others are merely inheriting the work we're doing.

Please glance at the github repos and merges / commits before making yourself look completely daft.

[gmaxwell]

I know how to fix the no pruning problem but it comes with (your choice of) costs. PeterTodd does too— as we'd talked about it before, so it's possible ZeroCash will implement one of those solutions. (Either you make old coins unspendable or expensive (very large) to spend (and then perhaps economically unspendable).. in both cases your anonymity set is somewhat reduced. Then you can have some form of pruning.).

[TTM]

Zerocash has a GCHQ/Israel/NSA backdoor.

It's not true. Zerocash will be open-source project which mean everyone can analyze its source code. No backdoor can be hidden.

Also Zerocash dev team appear to be "anti-NSA" people on their twitter.

[shekelsteingoyberg2]

Zerocash has a GCHQ/Israel/NSA backdoor.

It's not true. Zerocash will be open-source project which mean everyone can analyze its source code. No backdoor can be hidden.

Also Zerocash dev team appear to be "anti-NSA" people on their twitter.

They intend to keep it closed source according to twitter.

[TTM]

Zerocash has a GCHQ/Israel/NSA backdoor.

It's not true. Zerocash will be open-source project which mean everyone can analyze its source code. No backdoor can be hidden.

Also Zerocash dev team appear to be "anti-NSA" people on their twitter.

They intend to keep it closed source according to twitter.

I would suggest you to learn more about a coin before bashing it. This page say different:
http://zerocash-project.org/q_and_a

To facilitate this, Zerocash will be released as open-source software.

Prior to Zerocash, their Zerocoin project is already an open-source project.

[dewdeded]

It's not true. Zerocash will be open-source project which mean everyone can analyze its source code. No backdoor can be hidden.

Yeah, lol. Like in OpenSSL or twenty year old window manager code.

[stealth923]

It's not true. Zerocash will be open-source project which mean everyone can analyze its source code. No backdoor can be hidden.

Yeah, lol. Like in OpenSSL or twenty year old window manager code.

Code and mathematics that the NSA / Dept Defence has most likely had input into.....If they find a back door - they wont announce it.

Add on the secret key that needs to be properly "destroyed" in order for this to work...I dont see this as a viable anonymity solution.

[shekelsteingoyberg2]

or if elliptic curve crypto is broken by the NSA (unlikely)

I believe the NSA had built insecurity into major implementations of elliptic curve crypto software, which may be the cause of their confusion.

[Joshuar]

It's not true. Zerocash will be open-source project which mean everyone can analyze its source code. No backdoor can be hidden.

Yeah, lol. Like in OpenSSL or twenty year old window manager code.

Code and mathematics that the NSA / Dept Defence has most likely had input into.....If they find a back door - they wont announce it.

Add on the secret key that needs to be properly "destroyed" in order for this to work...I dont see this as a viable anonymity solution.

+1, neither do I.

[David Latapie]

Hence: Tor.

Isn't TOR cracked? I think I heard something about it (maybe Dawden, maybe not)?

[dewdeded]

TOR isn't cracked, don't spread bullshit.

[David Latapie]

TOR isn't cracked, don't spread bullshit.

I was just asking. Glad I was wrong. Case closed.