Topic: [ANN] Zcoin (XZC) - Implementing ZKP privacy without trusted setup - page 328. (Read 663504 times)

Here's a layman's explanation of how Zerocoin works:

https://github.com/zcoinofficial/zcoin/wiki/A-layman's-explanation-on-how-Zerocoin-works

wolf wolf, you aren't even donating to the pool, you slut 

just favours a different crowd; everyone will have a whinge if x mining method isn't within their grasp.

Well a lot of these miners/botnets are dumping these mined coins on the exchanges which also allows distribution With the early stages of any coin, it is always a handful of people who benefit (those who figure out how to get a miner working for the coin and get in early enough).

The whole point of this weird Lyra version was to make it CPU limited until they figured out an ideal algo (which they thought would be MTP). You would think that CPU mined algos would be the best in ensuring a fair distribution but due to AWS and botnets, maybe GPU friendly algos are better. But making it GPU friendly does it make it less asic resistant? Granted, the algo right now is in urgent need of replacement and I know that the devs are currently deliberating their options and were actively soliciting opinions on slack.

Hi Shanem,

I have done a draft writeup for this

Most cryptocurrencies including Bitcoin rely on public ledgers where all transactions are public and the history of a coin can be traced from its inception. Some have tried to make it harder to do this by using coin mixers/tumblers but they involve trusting the mixer/tumbler in that they won't steal your money and that they aren't secretly recording how the coins are being mixed. Zerocoin technology allows the anonymization of coins that doesn't require you to put your trust in a mixer.

The easiest way to visualize Zerocoin tech is a huge jar where everyone who wants to anonymize their coins places their coins in the jar without revealing who they are and then at will, when they show the requisite proof that they did put coins in the jar, they are entitled to redeem any other person's coin in the jar that is of the same value thus the link between the coin that was put in the jar and the new coin she has taken out of the jar is broken. This is alike to having everyone put a quarter in the jar and have it sit there and when they want to spend their coin, they can then dip into the jar and pull out a quarter.

There are other anonymity solutions such as Monero's ring signatures or Dash's private send or Zcash's zerocash implementation. Each has their respective pros and cons.

With Zerocoin, some of its perceived advantages are:
a) Ability to choose whether to do a public or private transaction (which you can't do with Zcash or Monero) (some may see this as a weakness and prefer anonymity by default)
b) Very much less computationally intensive than Zcash to generate transactions so regular computers can still use Zcoin.
c) No need to place any trust in mixers or wait for it to be mixed (such as in Dash)
d) Possibly greater anonymity than Monero since Monero requires it to be 'mixed' with similar denominations transactions in the past so if your denomination is rather unique, it may stand out. However as time passes, this becomes less of a problem.
e) Based on very well reviewed cryptography compared to Zcash which is based on cutting edge tech. With Zcash, the sender, recipient and value are not revealed at all. From an anonymity standpoint this is great however if a bug is discovered and a hacker can secretly mint coins, this is very hard to detect! Total supply of Zcash cannot be determined.
f) Arguably less controversial 'parameter' generation than Zcash. Zcash relies on the initial secret being destroyed and they have figured out a way in which unless all participants collude to not destroy the secret, then the secret is destroyed. Zerocoin uses parameters generated from an a academic challenge (https://github.com/zcoinofficial/zcoin/wiki/Parameters-in-set-up-phase-for-Zerocoin-in-ZCoin)

There are also drawbacks to Zerocoin's implementation of course which is why all these solutions have a role:
a) Locked to fixed denominations 1, 25, 50, 100 for Zerocoin. Meaning you can only put fixed denominations in the jar.
b) When you choose to put a coin in the jar and immediately redeem a new coin, there might be some analysis that can guess that the person putting in and taking out is the same person.
c) Still computationally intensive compared to Monero

What i need to find out is also how does Zerocoin scale compared to Zcash/Monero and that would be an important question to answer.

So no one has issues with this coin being funneled into the mouths of a handful of people? Botnets and AWS, it's the same shit. Whole reason I've been bringing it up over the last couple weeks. Why would developers pick a random version of Lyra, even if there going to eventually switch?

You don't actually need to connect to them
Setup an automatic startup, also maybe some monitoring and automatic recovery scripts on one machine. Test everything works ok. Then clone it indefinitely, as much as your funds allow. Pretty simple actually, if you have access to cheap VPS power...

Curious. What method do you use to connect to such a large number of instances? I'm assuming you're sending identical commands to them all at once through an SSH client, but I also assume you didn't cut and paste 1000 different IP's into the SSH client to make the initial connections.

Following this thread over the past couple weeks has been a great learning experience when it comes to VPS mining techniques. Thanks to those who have shared experiences here. Those were just the threads I needed to pull in Google searches to get better set up for Zcash mining.

I only let some -fast use- coins in the exchanges to be able to sell/buy quick.
Around 10%

The other coins are in my wallet.

I have got a bad feeling lo leave a big amount (if i had) there.
Too may "inside" hackers out there.

Good luck!

Last time, my withdrawal from Bittrex, took about 14 hours to confirm.
I thought the wallet had a problem, so, for now, i leave them all in exchanges.

Zerocoin spends are larger than regular transactions and don't get picked up as fast. Currently I think it's limited to 1 spend per block for pool performance reasons (devs want to upgrade that later I think). So the transaction will get confirmed, even if not right in the next block but a couple ones later.

Ask ocminer for details as he's the operator of the Suprnova pool which currently mines pretty much all blocks.

I hit a block after mining it for many days
tried to 'mint zerocoin', and 'spend zerocoin'
but the tx after 'spend zerocoin' sent to myself 1 zcoin  never get confirmed by the network
ideas please ?

interesting.. didn't realise the first 280 blocks were scrypt-n, old school..
one of the neatest algorithm swaps i've seen; and all in one clean commit!

If it's stupid but it works, it ain't stupid.

Zcash is an LLC registered in the US, which unfortunately very much makes it vulnerable to pressure from FBI and other suits (in fact they could be subpoenad by the NSA just like Lavabit), and it has the toxic waste problem. Zcoin is... I don't know what it is, apparently no registered company at all, and it uses the RSA-2048 number for its crypto setup (as you can see right here), which has been publicly available for 25 years and means there is no possibility of toxic waste in the developers' hands.

Also the Zerocash protocol hides all amounts, which in theory allows an adversary to use an exploit to generate currency while remaining undetected forever, while in Zcoin amounts are public yet transactions are still private, as explained in my other post above.

In essence, Zcoin has its strengths exactly where Zcash has its weaknesses. Not saying Zcash sucks, it certainly is a cool project with an amazing dev team. But to think that Zcoin has no reason to exist when Zcash is out is just foolish.

A cheap trick i must say... 

ec2?

It's the first cryptocurrency to implement zero-knowledge proofs, based on the Zerocoin protocol by Matthew Green, which allows a coin's history to be completely erased.

Making private transaction with Zcoin involves a three-step process:

• 1. "Mint" your Zcoin (XZC) into zerocoin (kind of comparable to a tumbler, except you don't need an external service and it's cryptographically secure with zero knowledge)
• 2. "Spend", which turns the zerocoin back into XZC in a brand new address in your wallet
• 3. Make a regular transaction with that XZC just like you would with Bitcoin etc – it will come from the new address, which can't be traced back to you.

Amounts are shown, but the trick is that minting/spending happens in standardized denominations: 1, 10, 25, 50 or 100. This means deanonymizing you via transaction amounts is impossible because everyone uses these exact denominations in the crucial mint/spend steps.

You don't have one of these?

where from did you get those numbers ?