Topic: [ANN] Zcoin (XZC) - Implementing ZKP privacy without trusted setup - page 172. (Read 663229 times)

Are you both using older wallet versions? Starting a new wallet with the current version (0.8.7.8) took a day for me to synchronize fully (that's without the znode.io download), and has been starting instantly ever since.

@ho3in If nothing else works (if you've already downloaded the newest wallet), try starting with the -reindex flag – if you're using Windows you can do that by making a shortcut to zcoin-qt.exe and then adding " -reindex" to the target path. (Just make sure to remove it again once you've successfully reindexed.)




The Marc Bevand? Pretty cool :)
Also, seems like a good idea to go for an open approach and introduce that "scrutiny bounty".

It's not your fault, the wallet is broken. You can use znode.io to try to fix it, but it never worked for me (win10).

hello, i have waiting for few week yet but zcoin wallet dont downloaded full yet !
now synchronizing is 9 week ! what i doing now ?

A quick dev update:

Aizensou's Bitcoin Core upgrade to 0.13 is progressing smoothly. Still on track to complete by end of the month. Fingers crossed. Took a bit longer than originally foreseen due to one of the functions used by the Zerocoin code being deprecated in 0.13.

Adapted Bitcoin paper wallet generator for Zcoin. To be released soon.

MTP debate and analysis still ongoing. Poramin to release one more minor patch. Looking into extension of miner bounty competition deadline. For the moment still aiming to go on mainnet at Block 47500.

Reference GPU miner development taking longer than expected. This is because of the proof size being put in the header being large that's causing some issues with adapting existing miner code. djm34 believes he knows how to work around this now.

Tim Ruffing has completed a bunch of fixes to libzerocoin. Will integrate and publish them during core upgrade period. Tim Ruffing beginning benchmark work on Sigma to explore performance times as compared to Zerocoin.

Riordant has commenced work into coding for Ethereum mixer. Previous efforts were into examining/calculating the gas costs for the various functions and optimizations that can be done to reduce gas costs.

@ PP -
Are you really serious? Do you think this is your personal thread to explain your frustrations? You post at least twice as much as the most regulars here. I have bee reading this thread for weeks a result of serious investment interest in zcoin. I dont wish to hear your redundant drivel on each and every page and sure i am not the only one.

Isnt this thread about zcoin? I am interested in the content so i show up to read each day. As far as i am c9ncerned   , your continuous blabber is polluting this discussion and preventing any actual intellectual dialouge. You sound like a spoiled rich kid with an attitude problem.  PLZ: STFU .

So we can read about something here relevant to the topic.

When did I mention a competitor coin on this thread? Never, you did. If FUD = not blindly giving the benefit of the doubt to a dev team when you've been let down and deceived by them at least half a dozen times over six months - yes, what I write is FUD. If you really want to know why I'm telling so many of you what you don't want to hear, then here's why: I feel personally deceived by Zcoin devs, manipulated into investment decisions based on false information they trickle to the market, I lost a bit but not much but frankly I feel personally slighted by it.

My first post on Zcoin was this in early April  https://www.reddit.com/r/CryptoCurrency/comments/6379u9/zcoin_bug_a_deliberate_inside_job/  about the Zcoin hack, long before I posted about ZenCash or any other coin. In that I mentioned I thought the hack was an inside job. I still do, but I was willing to overlook it and invest in Zcoin because I thought there's enough common interests between Zcoin devs and investors. But so much shi(p) was pulled between then and now I'm close to all out of overlooking big promises made, and smelly and dead roses delivered.

Very unfair you relate my commenting on Zcoin to anything other than my personal opinion. Look, I want you guys to win, I want Zcoin to pump - I have a small holding, I trimmed it plenty though. I don't want you guys not to make money. But it's not up to me, it's up to devs, and they've short-termed and pulled too many rabbits out of too many hats. That's my view. There's potential value in Zcoin, it could pump, but for me at least there's a massive trust issue, and better altcoins that to me have a better upside/downside balance. And by the way I'm not talking about any coin I've ever posted about, just a couple I've got in my mind.

Please don't be unfair to me.

I'lll give it to poodles, he's got a nice writing style, unusual in the parts.

But, warning to readers, he's a either a shill for zencash, or at least unofficially part of that team. At minimum, he's a Zen cheerleader. I also don't dislike Zen, but pretty hillarious he is attempting to FUD Zcash price considering XZC has massively outperformed ZEN since the launch.

The market will ultimately decide which of the two coins is worth more. As of today, it is Zcoin. And poodles has incentive to FUD, unfortunately for him, he's losing his edge.

https://www.coinigy.com/s/i/596832263302f/

We also spoke to Marc Bevands who had a lengthy exchange with Alexy and Dmitry. There's a lot of academic and good discussions happening in the background.

Note we are not saying that MTP is not going to be improved upon/developed upon. We do definitely forsee upcoming changes. One of the things we are looking at is also the compression of the proof which is quite large.

However at this point in time, we are still going ahead with rolling MTP on the mainnet unless a significant change is required due to new developments. We may push back the competition deadline a little and introduce a separate bounty fund to encourage scrutiny on MTP.

Well I'm not a Khovratovich or Dinur or Nadler, but if Khovratovich has been in contact with the two and he says the current fix removes the attack vector, then it's reasonable to believe that.

Pretty vague.

I was replying to playingpoodles, and I was referring to this mythical 'fundamental' memory-hardness (as I think I've highlighted enough), rather than the term 'memory-hard' itself – I'm not confused about that (as you would've realized if you had read 3 more lines, where I gave that exact definition in layman's terms).
The point I was making is that whether or not something, especially a more complex algo like MTP, is memory-hard in practice can obviously depend on all sorts of details of the algorithm. And once such details have been spotted and fixed, I can't see how it would not be 'fundamentally' memory-hard. Can you?

I think you misunderstood something there.  The existence of the time-memory tradeoff attack in no way frustrates me; as a matter of fact reading the Dinur+Nadler paper was quite an enjoyable experience.


This is incorrect; you are confused about what "memory-hard" means.  The definition is given on page 3 of  Stronger Key Derivation Via Sequential Memory-Hard Functions by Colin Percival:


There are plenty of functions in this class.  The fact that you can "exchange memory usage for CPU time" does not mean a function is not memory-hard.

You misunderstood something then. The goal was never to make a single CPU and a single (similarly priced) GPU exactly equal. In fact, if I recall correctly from the Zcoin Slack, they actually aimed for a 1:3 ratio. The reason for this is that there are ways to achieve vast amounts of CPU hashpower (AWS, botnets, etc.) that don't exist for GPUs, so GPUs should always have an advantage. Just not an orders-of-magnitude advantage.


I think you misunderstood something there, too. mjosephs was frustrated about the existence of the time-memory-tradeoff attack vector in the first place, and about the code change that was implemented in response, and uttered a suspicion that this fix is only a 'band-aid'. That's speculation though. There is no published research that indicates this. Reuben responded very fairly and admitted that, since MTP is still an extremely new development, it's possible that new weaknesses will be found that allow for new TMT attacks, but the Zcoin devs haven't remotely exhausted their options in this regard, so basically there's no need to worry.

Also, perhaps I should point out to you that literally nothing you do in computing is 'fundamentally memory hard'. You can always exchange memory usage for CPU time (because whatever you save in memory, you could also just re-calculate whenever you need it again). That's one of the basics of computer science.
So the question isn't whether an algorithm is 'fundamentally' memory-hard (a concept that doesn't exist), but whether it is memory-hard in practice, i.e. whether there is a practical method to use much less memory while using not much more CPU time. That's why it can be sufficient to remove such a practical method with a minor fix. And that's why, once such a method is fixed, we are back to square one and there is no way of reducing the memory consumption of the MTP algorithm without blowing up computation time by an unreasonable factor – too large to make ASICs feasible.

I get what you are saying and I agree with you that there is a disconnect between expectations and progress.  Most alt coin projects are work in progress including xzc and the recent bull market has increased the expectations on everyone to perform and deliver. 

That said, the MTP is a huge undertaking and probably the most difficult project detailed on the roadmap.  It is probably compounded by the presence of sync issues which is just as important to fix and previously, our development team was perhaps over-stretched.

I think what matters over the past couple of months is honest communication from marketing and on the development side, the zcoin team has expanded the developer team and added a cryptographer to increase our capacity to deliver - you should be able to see our increasing level of activity here.

We have an ongoing miner competition and other initiatives to encourage the participation of the developer community to make sure our implementation is water-tight.

Our marketing activities revolves around getting the importance and significance of our project out to the public and we are very careful that it does not cause over expectation which ultimately leads to disappointment - this is why we have kept everyone in the loop on what's happening.

We thank you and the community for your support and we understand we can do better.  The Zcoin project remains an important project for bitcoin anonymity and decentralisation - and we are fully committed to deliver according to the roadmap.

July 9 is not already released mtp algorithm? Why in discussing the impact on mining

Try more like 11x, dollar for dollar.  R7 370 should be above 300khash/sec.


I think you're referring to me; I definitely didn't expose it -- Itai Dinur and Niv Nadler did that and they deserve 100% of the credit for their excellent paper.

I do have very serious concerns with the band-aid cooked up in response to Dinur+Nadler's paper.

Excitement about "MTP" which has been promised for months, and was promised to make GPU/CPU competitive - see https://zcoin.io/what-is-mtp-merkle-tree-proof-and-why-it-is-important-to-zcoin/ (they're not, GPU is 3x) - might be wearing a bit thin.

A few pages back on this thread you'll see MTP was exposed as fundamentally not memory hard by disgruntled a miner developer who complained of inexplicable code changes, and Zcoin then said, 'oh yeah we changed it because it had a bug and wasn't memory hard'.

Zcoin's history unfortunately is littered with great promises, but then when the Christmas pudding is finally put on the table, it's small, burned, and strange tasting. Devs are good guys trying to make it work, but marketing gimmicks to paper over a lack of working product won't cut it, and I think there's a lack of trust in Zcoin in the investor community.

(Zcoin underperformed the altcoin market before and during the recent crash. Substantially.)

yes, I'm waiting for this MTP algo officially released and I want to see this MTP will be launched at the end of this month or early August.
I think Zcoin will have  outstanding actions to come over the heavy competitors such ZEC or Dash in the future .

MTP is already available in the test network.
At the moment there is a tender for miners and it's too early to talk about the ratio. But there is a miner at djm34 which gives a ratio of 1: 3

When will the MTP algorithm start testing?How big is the equilibrium difference between CPU and GPU?Now the mining industry uses too much power, hoping the algorithm will reduce the power consumption, so that the more stable mining.