Topic: [ANN] Zcoin (XZC) - Implementing ZKP privacy without trusted setup - page 204. (Read 663229 times)

Had my hash divided between a few pools when suprnova was doing better, now it seems some of the miners with a majority of hash power decided to move. I am moving everything back to suprnova to prevent one pool from dominating. Unfortunately some of those top miners have the equivalent of $50,000+ worth of hashing power, so if we can get even one of the top miners back over to suprnova things would balance out.

You are a very very very lucky guy.
Is that possible to be so lucky ?

Say me what block on Suprnova and poolmininghub and the luck numbers.
Lasts block and luck on SuprNova :
 30,280 (april 17) -> luck 73.28
 30,390 -> luck 202,50
 30,405 -> luck 17 (good luck but not enough to make a normal average with the others blocks)
 30,671 -> luck 504.85
 30,712 -> luck 64,76
In the lasts 4 days the unluck of SuprNova was 172,48 : you earned about 2 times less than espected and on MiningPoolHub (average luck on the lasts 7 days with 555 blocks found : 96,64%).

Yes, you are very lucky to earn the same amount with SuprNova than MiningPoolHub in the last 4 days : the only possibility is to began mining just a little time before block 30,405 and stop mining just after :-).

I took note of how much i was mining on suprnova days before, then i switched to miningpoolhub and i was getting the same maybe a bit more so...

Indeed i get 4-5 times more shares in suprnova compared to miningpoolhub

Really ?
In the last days ?
Can you explain how it is possible ?

Because I also switched beetween SuprNova and MiningPoolHub in the last 2 days and I earned 5 times more with poolmininghub than with suprnova !

And the explaination is here :
SuprNova : block 30671 -> (un)luck 504.85, more than 2 days to mine  (less than half a block in 24 hours).
PoolMiningHub : in 24 h, more than 70 blocks found, luck 98 %., earned 5 time more than SuprNova.

Theorically, in a very long period (in a infinite period), earning should be equal, but in reality, since 15 days, SuprNova is completely out : a very too big (un)luck : look at the stats on the site).

MTP has already been released on testnet as promised in early April so it's running on Zcoin testnet and people are free to test it on the zcoin mtp branch.

We don't have an official time for releasing on mainnet as we want to make sure it is relatively bug free and achieves the purpose we want but all we can say is 'soon'. It's hard to give definite date for bug fixing and dev but will update as we go along.

When is the MTP  released ? I'm waiting for that news as I know it will be released in early April but until now I can not see anything about this action.
I'm still waiting for this news soon and this fact will not make us down. I need a certain time for official MTP lauching. Thanks.

Yup Suprnova's pool is pretty stable and I believe they also now have an Asia Pacific node for our Chinese and Asian friends.

Zcoin moving beyond trusted setup in Zerocoin

What is a Trusted Setup?

Zero knowledge setups offer amazing anonymity with anonymity sets exceeding thousands compared to previous anonymity schemes that typically only offer a dozen or so. One of the primary criticisms of Zerocoin and other zero knowledge coins like Zcash is that it requires a ‘trusted setup‘ phase. A trusted setup means you need to trust someone to generate some initial parameters and then destroy those parameters.

A way to visualize it would be akin to making a lock and then trusting that person to destroy the only key to it. It is however not easy to prove that the key was destroyed, for e.g. in our example scenario, was a duplicate made somewhere? Or a photo taken of the key before it was destroyed? The same type of problems exist when trying to prove that the initial parameters were permanently destroyed and not known by anyone.

The consequences of having the initial parameters leaked is that someone can generate coins out of thin air by doing forged Zerocoin spend transactions. In Zcoin, this is mitigated somewhat by having an auditable supply.

How is Trusted Setup implemented in Zcoin?

Zerocoin as implemented in Zcoin and in the original paper currently uses RSA accumulators which require the generation of two large prime numbers. We utilized the RSA-2048 parameters generated in 1991 from the RSA factoring challenge which was an academic challenge to learn about the difficulty of factoring large number and the parameters we used had a USD200,000 prize if someone managed to factor it. To this day, no one has claimed the prize or announced a successful factorization of RSA-2048 with the last publicly successful factorization at RSA-768.

Using the RSA factoring challenge parameters meant that you did not need to trust the Zcoin developers and only trust that the parameters from the RSA factoring challenge remained secure. For further reading on the RSA factoring challenge, you can read more here. However, we recognize that having a trusted setup is not ideal and it was always in our roadmap to implement a trustless setup. There has been previous attempts to remove the trusted setup in Zerocoin and the most well known one was the proposed use of RSA UFOs which thus far have been impractical to implement.

How Zcoin is removing the trusted setup

We are therefore very happy to announce that we believe we have found the answer in solving the trustless setup problem through the use of the Sigma protocol  in Zerocoin as detailed by Jens Groth and Markulf Kohlweiss from University College London and Microsoft Research.

In a nutshell, the Sigma (Σ) protocol does the following:

• No more trusted setup
• RSA accumulators are replaced with elliptic curve groups
• Reduction of Zerocoin proof sizes from 25 kb to around ~1kb allowing more Zerocoin transactions per block and making Zcoin much more scalable.
• Higher security using 256-bit elliptic curves roughly equivalent to 3072 bit RSA (currently we are using 2048 bit RSA)

We have also found the Sigma (Σ) protocol implemented in existing open source repositories greatly reducing the amount of work required to implement it in Zcoin. The Zcoin team will need to further examine its verification speed and computation time using the Sigma (Σ) protocol. We plan to implement the Sigma (Σ) protocol after MTP completion and Znodes. We are of the opinion that once Zcoin implements the Sigma (Σ) protocol, we would have a very compelling solution, offering the power and large anonymity sets of zero knowledge proofs with low proof size without having to trust anyone with the generation of initial parameters which is required in other zero knowledge setups such as in Zcash.

Update on MTP Development

We know many of you are eager to hear about how we are coming along with MTP since we released it on Zcoin’s testnet. MTP continues to be tested and the dev team has made good progress on it with no major hurdles encountered.

We are also testing various parameters to achieve a good balance between GPU and CPU performance while remaining ASIC resistant. We continue to work towards releasing MTP on mainnet as soon as possible along with GPU miners. It is promising to see so many top devs interested in the work we do and have received a lot of constructive feedback on it. We welcome anyone who wishes to work with us in improving MTP!

Once we have finalized the parameters, we will hold a competition  to develop MTP miners with attractive bounties to incentivize efficient open sourced miners to the public.

https://zcoin.io/zcoin-moving-beyond-trusted-setup-in-zerocoin/

Well I switched to suprnova again with my 1.4Mhs/s, i mined for 24h in miningpoolhub and i get the same coins so... i wont help this centralization as i get the same coins

Zcoin speed is a little slow
 3300 tps is so far the record made by bitshares, but thats absolutely hightech with 3 seconds blocks

In my words, there is no reproach made to SuprNova/OCMiner :-).
The problem is the concentration of the mining at more than 50% on the same pool : poolmininghub.

Thanks for your trust, you're right, the income is the same after time.

I've dropped the fee to 0% on suprnova in the hope that some folks might spread over some hash.

Wow, so mining at a big pool gets you hundreds of times the income of a small pool? Interesting.

Any decent pool should give the same average income over time, but when the hashrate gets too small, you're seeing these unfortunate variance effects. Everyone complains when the round progress (luck) gets up to hundreds of percent, but nobody talks about the fast rounds that balance it out. I'm keeping my modest 2 Mh/s on Suprnova as I trust the math, and Suprnova has proved reliable so far.

Meanwhile, there's always solo mining. A lot of modern coins don't provide obvious methods for solo mining, instead you need to set up a personal pool or a proxy. But solo mining was the way cryptocurrencies started out, as it was the natural way to keep things distributed. (For the first year or so, Bitcoin didn't even have getwork, the only way to mine was with the daemon's built-in CPU miner.) Zcoin is nicer than many others in this regard.

We progress in the discussion : now you admits that the mining is centralized to more than 50% on a single pool.

You minimize the scope of the risk because, unfortunately, as a developer, you can do nothing, otherwise call the miners to leave poolmininghub for going on SuprNova or another pool, what you do and I thank you .

The problem is that the miners on SuprNova have not received anything since 2 days while they would have received the income of 160 blocks at the same time on poolmininghub.
Miners pay for their electricity and their equipment: I doubt that there are many who follow this call to sacrifice themselves.

XZC can be attacked at any time by the team of poolmininghub and, even more serious, a hacker may be tempted to attack poolmininghub to make an attack on XZC.

Our XZCs are absolutely not safe !

I think the good advice to those who own XZC is to sell them until this problem is solved (by the new algo or something else).

I would like other holders (non-speculators) to give their opinion here.

With new coins, some pools temporarily dominating the hashrate is common. Had a brief chat in our #mining channel in Slack to find out what's going on. There was a mass exodus from Suprnova for some reason when they were previously the number one pool.

However now Suprnova is having a 0% fee promotion time so I highly recommend our miners to switch some of their hashrate over to achieve a more fairer distribution. If you have any problems @ocminer is always ready to help.

pool.mn https://pool.mn/xzc/ and maxminers https://xzc.maxminers.net/ also have working pools as far as I know.

Anyway problem should be better once MTP is up.

Hi,

Getting some evidence that XZC mining is centralized ?
Very simple !

For exemple :
At the moment : the network hashrate is 17,19 GHs and miningpoolhub hashrate is 10,8 GHs (62,83 % !). SuNova hashrate is only 0,4 GHs, no blocks found since 46 hours.
XZC is PoW and PoW currencies are attackable with 51% attack : here we are at more than 62 % !
XZC is now attackable.

An other exemple of evidence :
Look at this page : https://zcoin.miningpoolhub.com/index.php?page=statistics&action=blocks.
In the last 24 hours, 79/144 blocks were found by the same pool : 54,86 % !
In the last week, 573/1008 blocks were found by this unique pool : 56,84 % !

XZC is not any more secure.
At any time miningpoolhub can recalculate old blocks in the blockhain and insert fraudulent transactions there. These transactions can steal the coins of any XZC holder.
XZC is now without security, without protection and can be attacked at any time.

@Dev : what can ou do to retrieve XZC security ?
I am a XZC miner and I hold my coins since the begining : I want my XZC in security in the blockchain, not robbed in 1, 2 or more days...

Hi, what is your concern on miner centralization and where are you getting evidence that it is centralized?

Currently both GPUs and CPUs can mine it and no ASICS have been developed so anyone can mine.

There are a couple of big pools Suprnova, Miningpoolhub, Pool.mn and some in China so I think we're quite healthy. We do plan to develop p2pool for it soon but need to get some other stuff fixed first but in this case I think it's just a lot of people who are comfortable with Suprnova rather than an actual problem.


All projects have bugs and we're very early in our development cycle. We are aware of the sync bug and after we get MTP into a more stable state, all our efforts will be placed into making the sync smoother. Our lead dev Poramin believes he has a stop gap solution on this until we upgrade Bitcoin core but we're evaluating whether to do it now or just do it through the bitcoin core upgrade.

Also to help out with syncing, you can also use this site http://znode.io to sync up almost up to date and then sync the remaining.

We thank you for your patience and we trust it will be rewarded.

One tells me what happens with synchronization?
Very bad
Where is the developer about this
I see bad support for this currency

Several months ago the program was hacked through bug #
and now

This project has  mistakes