Zerovert - First Truly & Only Anonymous Coin with Zerocoin | Mandatory Upgrade !

[BanditryAndLoot]

The accumulator requires an RSA modulus of unknown factorization, so we used the RSA modulus of unknown factorization from the world renowned RSA factoring challenge.

We implement zerocoin, not zerocash. And yes, we said generating transaction is less than a second, with verification time less than a minute

There's only a handful of even modestly secure primes p and q from that list, from 1536-bits to 2048-bits, with which to use to get N = pq. Key lengths of 2048 bits are unlikely to be secure within the next 5-15 years. As far as I can tell, whoever factors these first gets to spend all your zerocoins ever. It's also totally and trivially quantum insecure due to Shor's algorithm.

That you admit proof verification is measured in single to double digit seconds means that both DDoS of a node is trivial and block verification time is insane; you just need to spam invalid proofs from a number of unique IPs to computationally knock a node off the network, and generating a block with more than a few transactions will be an impossibility to propagate throughout the network before another competing block is published, resulting in massive amounts of orphans and a totally insecure blockchain. You could store the verifications over time in a cache, but it's incredibly easy for an attacker to simply not publish these and then publish a block with say, 200 valid zerocoin transactions and totally screw up the network.

That you're not even storing the niZKPs on chain is another huge problem affecting network consensus based on history.

Hm, do you have good reading links so I can understand this? No work until monday, so there's some time

With their plan of becoming a sidechain to vertcoin, could it be possible to retain some form of security post 5-15 years, assuming the transfer is possible?

With the increased verification time, would ddosing something like a centralized pool become trivial, or is that something separate?

What historical information can be garnished from storing the niZKPs on the chain?

[snappa4ever]

Seems interesting watching for further info.

[silencesilence]

Code:

rpcuser=username
rpcpassword=password
rpcallowip=127.0.0.1
rpcport=31397
daemon=1
server=1

Is this true ...  rpcport=31397 ....

[ocminer]

Here is a Pool for you guys:

https://hashmonster.net/zero

[BanditryAndLoot]

Is this true ...  rpcport=31397 ....

It's what I picked. You may pick whatever you like for the port.

The developer will likely settle on a unique port at some point, but for solo mining it's just a local port, so as long as you're not running anything else on that port you're fine.

Also, there's a pool up now

[adloule]

how many zerocoin in circulation ? thanks

[samspaces]

Nice README.md you have there in the Github. 

[suchnekky]

Here is a Pool for you guys:

https://hashmonster.net/zero

hey if i want to rent a rig for this, what do i use? ports and that where to point miner?>

[ocminer]

Here is a Pool for you guys:

https://hashmonster.net/zero

hey if i want to rent a rig for this, what do i use? ports and that for MRR info

Scrypt-N (or N-Scrpt) and everything else is found - as usual - at the Getting Started page:

./cgminer --scrypt-n -o stratum+tcp://hashmonster.net:1334 -u Weblogin.WorkerName -p WorkerPassword

[4theLOVEofCrypto]

This might help:

http://www.reddit.com/r/vertcoin/comments/2lc1ty/possible_new_project_by_vertcoin_lead_developer/

[tacotime]

Hm, do you have good reading links so I can understand this? No work until monday, so there's some time

There's a basic description of how an RSA accumulator works here:
https://eprint.iacr.org/2009/625.pdf

See 2.2, and ignore the initial stuff relating to the hash tables.

With their plan of becoming a sidechain to vertcoin, could it be possible to retain some form of security post 5-15 years, assuming the transfer is possible?

Um, if the method used to spend the old coins is totally insecure, probably not unless they're additionally wrapped in some way eg a normal ECDSA signature that is otherwise unused.

With the increased verification time, would ddosing something like a centralized pool become trivial, or is that something separate?

DDoSing a centralized pool is already trivial. But DDoSing all the nodes on the network is much harder, and the longer verification time makes that trivial.

What historical information can be garnished from storing the niZKPs on the chain?

That a transaction in the past was actually valid or not.

[volyova]

You should at least let exchanges have open source so we can trade the coin, otherwise it has no value if we cannot publicly trade it. Please think this over.

They don't have to show all of the code in fact they only need enough so that they can verify transactions and see how its done and if it is indeed legit! You guys are right though, exchanges will not accept a binary on it's own and zerovert will have to show at least some of the code. This is assuming of course that the exchange is not completely crazy. Most do have this manifesto at least!

I'm really excited about this proposal but its extremely fast and its premine is to me, a complete and utter fail/turnoff! Personally i do not support premine coins and will not be supporting this coin with one and neither should anyone else and ill elaborate some. It is more trust and a great opportunity later for people to open a can of worms with regards to dev integrity and trust in the public eye! I believe devs need to be paid but i also believe if we just give them the funds in this way we have no guarantee of anything. History has proven it and its insane to expect it to be any different here. Devs earn trust, they earn it by proving their tech is invaluable and thus VC will fund them to continue their work, if in fact it is good enough. If it isn't then there is no funding and we end up with a far better quality in this space then we would by giving devs control of money without any accountability legaly and before they prove anything even works properly! I could go on about 100 more things with regards to why premine is bad but i wont. I will just put it out there to try and push for no premine.

If this is real and because they came out of nowhere, if they gain a 3rd party audit and they remove the premine. I will have no issues supporting Their work and neither should anyone else. But they just came out of nowhere with no trust at all, on two newbie accounts and already i see some simpletons begging to buy/waste their money on yet another set to fail start! They don't deserve a premine, especially when They have not even proven the tech works under heavy testing or at all (apple "thoroughly" tested iCloud too in closed testing!) If they can share with us their testing techniques and what, if any network simulators they used or wrote that would help.

Right now they are on two newbie accounts with a 2.5% premine, hyping the biggest innovation in anon cryptocurrency tech to date. They have not proven anything except quoting some solutions to the issues which stand out as obvious paths to take but also have plenty of complications to implement. People are possibly going to run at this like no tomorrow and i just want to reiterate that by people supporting premine, yet again we are asking for trouble..Premine is not needed, satoshi and all the devs within bitcoin never used one, litecoin ect ect ect, If its good, the devs will be funded! Push for no premine and push for a 3rd party audit before risking any substantial amount of money on this people, as they have not proven they can implement anything! This is what i firmly believe is hurting this industry. If we continue to allow potential theft by trusting devs so easily we will get no where fast!


Any % of premine is an alarming proposal and i hope they remove it because it basically closes the doors unnecessarily to opportunities/suppoprt for the project right from the get go!

Go away then.

[SalimNagamato]

too much premine

[jwinterm]

The accumulator requires an RSA modulus of unknown factorization, so we used the RSA modulus of unknown factorization from the world renowned RSA factoring challenge.

Is there any way to verify this since the source is not available? Just have to take your word for it and keep an eye on the blockchain for double spends?

[zerovert]

The accumulator requires an RSA modulus of unknown factorization, so we used the RSA modulus of unknown factorization from the world renowned RSA factoring challenge.

Is there any way to verify this since the source is not available? Just have to take your word for it and keep an eye on the blockchain for double spends?

Yes, that's the case for now. I assure you that the N value is in fact from the RSA modulus. Also Poramin is a well known cryptocurrency developer, who also made Vertcoin - the first coin that really made a good effort towards ASIC resistance (and one of top 5 most valuable cryptocurrencies this february)

[xxxgoodgirls]

Interesting. Watching!

[spacelab]

As the leader of the new Proof of Developer service... Do you plan on posting a video conference [via vimeo or youtube] outlining your goals and giving a face to the project?

[zerovert]

Hm, do you have good reading links so I can understand this? No work until monday, so there's some time

There's a basic description of how an RSA accumulator works here:
https://eprint.iacr.org/2009/625.pdf

See 2.2, and ignore the initial stuff relating to the hash tables.

With their plan of becoming a sidechain to vertcoin, could it be possible to retain some form of security post 5-15 years, assuming the transfer is possible?

Um, if the method used to spend the old coins is totally insecure, probably not unless they're additionally wrapped in some way eg a normal ECDSA signature that is otherwise unused.

With the increased verification time, would ddosing something like a centralized pool become trivial, or is that something separate?

DDoSing a centralized pool is already trivial. But DDoSing all the nodes on the network is much harder, and the longer verification time makes that trivial.

What historical information can be garnished from storing the niZKPs on the chain?

That a transaction in the past was actually valid or not.

With their plan of becoming a sidechain to vertcoin, could it be possible to retain some form of security post 5-15 years, assuming the transfer is possible?
Um, if the method used to spend the old coins is totally insecure, probably not unless they're additionally wrapped in some way eg a normal ECDSA signature that is otherwise unused.

Which aspect of the security are you referring to? elliptic curve upgrades are always possible and easy to integrate. Also, RSA 2048 is extremely secure. As a reference, RSA 2048 is 2^32 more secure than RSA 1024. The highest known factorization is RSA 768. RSA 1024 is approximately 1000 times stronger than RSA 768. Meaning that our RSA modulus of 2048 is 5 trillion times stronger than current publicly known RSA factorization abilities.

[ocminer]

Could you please add the Pool to the OP ? I already wrote you a PM but got no answer..

[LongAndShort]

Hm, do you have good reading links so I can understand this? No work until monday, so there's some time

There's a basic description of how an RSA accumulator works here:
https://eprint.iacr.org/2009/625.pdf

See 2.2, and ignore the initial stuff relating to the hash tables.

With their plan of becoming a sidechain to vertcoin, could it be possible to retain some form of security post 5-15 years, assuming the transfer is possible?

Um, if the method used to spend the old coins is totally insecure, probably not unless they're additionally wrapped in some way eg a normal ECDSA signature that is otherwise unused.

With the increased verification time, would ddosing something like a centralized pool become trivial, or is that something separate?

DDoSing a centralized pool is already trivial. But DDoSing all the nodes on the network is much harder, and the longer verification time makes that trivial.

What historical information can be garnished from storing the niZKPs on the chain?

That a transaction in the past was actually valid or not.

With their plan of becoming a sidechain to vertcoin, could it be possible to retain some form of security post 5-15 years, assuming the transfer is possible?
Um, if the method used to spend the old coins is totally insecure, probably not unless they're additionally wrapped in some way eg a normal ECDSA signature that is otherwise unused.

Which aspect of the security are you referring to? elliptic curve upgrades are always possible and easy to integrate. Also, RSA 2048 is extremely secure. As a reference, RSA 2048 is 2^32 more secure than RSA 1024. The highest known factorization is RSA 768. RSA 1024 is approximately 1000 times stronger than RSA 768. Meaning that our RSA modulus of 2048 is 5 trillion times stronger than current publicly known RSA factorization abilities.

So no one has spent any zerocoins yet, why cant i see how many coins are on the blockchain?

So to sum it up, no source, doesn't show the balance, and only transactions I can see are coinbase transactions

I want to see you demonstrate a full zerocoin transaction please and post everything here steps and commands included! Along with explaining my other questions, thankyou.