Official Anoncoin chat thread (including history) - page 200.

Gnosis-

member

Activity: 101

Merit: 10

Quote from: lunokhod2 on May 19, 2014, 12:06:33 PM

Quote from: lunokhod2 on May 19, 2014, 03:31:26 AM

For info, here are the links to the zerocash project and paper. Have't yet had time to read them yet

http://zerocash-project.org/

http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf

Hi gnos1s,

After skimming the Zerocash paper, I wonder if you could clear up a few points for us:

First, in your opinion, will it be possible to use zk-SNARKs to reduce the size of the zerocoin proof? The authors are not too clear on this point.

Second, will it be possible to choose the initial setup parameters for zerocash without relying on trusted third parties, such as with RSA-UFOs?

Finally, it is my understanding that the total amount encoded into zerocash can not be calculated, as the amount is hidden in the zerocash coin commitment. Would it be possible to create new coins (or perhaps double spend) without getting caught if the initial setup parameters were known? Or would this just let the person steal existing zerocash coins?

In my opinion, we need to do a very good job at explaining to the community the strengths and weaknesses of Zerocoin and Zerocash. If zerocash is released (which seems very likely), there is likely to be a mad dash to ditch zerocoin/anoncoin for zerocash. Many people are already referring to zerocash as "v2", with the implication that v2 is better than, and makes obsolete, v1....

Answered on reddit: https://pay.reddit.com/r/Anoncoin/comments/25z2fw/differences_between_zerocoin_and_zerocash/chnxw39

K1773R

legendary

Activity: 1792

Merit: 1008

/dev/null

Quote from: Chooseusername on May 23, 2014, 11:16:00 AM

Do stealth addresses will be implemented in Anoncoin?

No. there is no need for it and offers less anonymity than zerocoin

Chooseusername

member

Activity: 94

Merit: 10

Do stealth addresses will be implemented in Anoncoin?

K1773R

legendary

Activity: 1792

Merit: 1008

/dev/null

Quote from: tomothy on May 22, 2014, 09:16:06 PM

Is it easy to setup another blockchain explorer for anoncoin? I'm having issues finding a working one. Could I maybe throw a couple coins some way to help with hosting? I'm still hashing it out with Cryptsy and it would be nice to track TXids a bit easier to my wallet. I love them, don't get me wrong, and they usually fix stuff eventually... just... yeahhhhhh. Is 6/1 looking likely?

use this http://api.altexplorer.net/chains

K1773R

legendary

Activity: 1792

Merit: 1008

/dev/null

Quote from: niteglider on May 22, 2014, 05:36:47 PM

Just a 'heads up': the hashfaster ANC pool is not doing automatic payouts and there is no provision for manual payouts.

I put in a ticket to support on May 19, three days ago and the situation still has not been resolved, although they did ask
whether I was still having trouble on the 20th.

use p2pool to avoid such problems Wink

tomothy

sr. member

Activity: 258

Merit: 250

Is it easy to setup another blockchain explorer for anoncoin? I'm having issues finding a working one. Could I maybe throw a couple coins some way to help with hosting? I'm still hashing it out with Cryptsy and it would be nice to track TXids a bit easier to my wallet. I love them, don't get me wrong, and they usually fix stuff eventually... just... yeahhhhhh. Is 6/1 looking likely?

gostrol

newbie

Activity: 57

Merit: 0

Quote from: drAGon925 on May 22, 2014, 03:06:02 PM

Quote from: Spekulatius on May 22, 2014, 02:57:44 PM

Quote from: lunokhod2 on May 22, 2014, 11:29:55 AM

For info, here is a response I got from gnosis on redit about a couple of questions I had.

///

I have read the Zerocash paper and while it has some very cool ideas, it has one serious weakness: the requirement for a trusted setup. This makes it not much better than a coin laundry like Bitfog: the owner of a coin laundry can steal everyone's coins if they so choose, and the same possibility exists with all the anonymized money in circulation in Zerocash. The only strategy to reduce a user's risk is to reduce the time their money is anonymized, but that reduces anonymity.
Anyway, to answer your questions:

1. Will it be possible to use zero-knowledge-SNARKs to reduce the size of the zerocoin proof? The authors of the paper are not too clear on this point.
Probably not.

2. Will it be possible to choose the initial setup parameters for zerocash without relying on trusted third parties, such as with RSA-UFOs as has been proposed for Anoncoin's version of zerocoin?
Probably not for years. This would be a major breakthrough if cryptographers could find a way to do this.

3. It is my understanding that the total amount encoded into zerocash can not be calculated, as the amount is hidden in the zerocash coin commitment. Would it be possible to create new coins (or perhaps double spend) without getting caught if the initial setup parameters were known? Or would this just let the person steal existing zerocash coins?
Yes, the former. If the entity who setup the initial parameters was dishonest and did not delete the data they were supposed to delete, they could create new money without being detected. The currency would experience massive inflation.

///

If its really possible to setup the original Zerocoin protocol without trust, but not Zerocash, then I think that Anoncoin will have much more to offer than other competing coins...

I dont get it: are all your questions regarding Zerocash? Its seems question number 1 at least is ambiguous. Will it be possible for Anoncoin to reduce the Zerocoin proof? If not, arent we doomed to blockchain bloat Anoncoin out of existence?
Whats the difficulty for Zerocash to adopt Anoncoin's solution for the initial setup problem in case it works? COuld they just copy our approach for Zerocash?

May I also ask where you chatted with gnos1s?

http://www.reddit.com/r/Anoncoin/comments/25z2fw/differences_between_zerocoin_and_zerocash/

Question 1 was indeed about zerocoin-in-Anoncoin, in Zerocash they already use zk-SNARKS to reduced proofs size

Blockchain bloat will not occur as much as feared because we dont need to store the proof in the blockchain but in some external database that will be pruned at regular interval, only hashes will be kept in the blockchain:

Quote

I am taking some ideas from the BitTorrent protocol to handle the large size and CPU requirements of Zerocoin. Spend proofs will be broken up into pieces and verified and transmitted separately. A "spend root" contains the hashes of these pieces and other info that is needed to verify a piece. The blockchain only contains serial numbers and hashes of spend roots, which means everything else related to a Zerocoin spend can be thrown away eventually.

Quote

The plan is to use a signed checkpoint message at regular intervals. When a client receives a valid one, all Zerocoin spend proofs at lower block heights are thrown away, and the client gives the message to all clients it interacts with, until the message is superseded by one with a larger block height.

http://www.reddit.com/r/ZeroCoin/comments/23pfwg/will_zerocoin_be_open_source/

Quote

For a ZC spend proof, the only things in the block chain (in the transaction input) are the denomination (in the amount field of the input), the spend root hash, and the serial number. The spend root is a ~1KB datum that contains hashes of several spend pieces as well as some other values.

https://github.com/Anoncoin/anoncoin/blob/zerocoin/doc/zerocoin.md

http://www.reddit.com/r/ZeroCoin/comments/20afhy/tldr_for_zerocoin_zerocash_by_jaaphenk_hoepman/

Zerocash cannot adopt RSA-UFOs because it does not use the same technology than zerocoin (zk-SNARKS in zerocash and not in zerocoin), the key in zerocash will be over 1Gb.

Hence here we have two differents technologies, one is trustless and token based (Zerocoin-in-Anoncoin) and the other is fully divisible and with greater privacy (everything is hidden including amount) but rely on trust for an initial setup (Zerocash). Also ANC will have i2p fully implemented in the client to hide IP, which provide another layer of anonymity.

If you want to chat with Gnosis and Meeh, you can join #anoncoin at freenode or through i2p (install i2p routeur https://geti2p.net/en/download and connect through it to IRC 127.0.0.1:6668, join #anoncoin)

niteglider

full member

Activity: 126

Merit: 100

Lean into the curves.

Just a 'heads up': the hashfaster ANC pool is not doing automatic payouts and there is no provision for manual payouts.

I put in a ticket to support on May 19, three days ago and the situation still has not been resolved, although they did ask
whether I was still having trouble on the 20th.

drAGon925

hero member

Activity: 527

Merit: 500

Quote from: Spekulatius on May 22, 2014, 02:57:44 PM

Quote from: lunokhod2 on May 22, 2014, 11:29:55 AM

For info, here is a response I got from gnosis on redit about a couple of questions I had.

///

I have read the Zerocash paper and while it has some very cool ideas, it has one serious weakness: the requirement for a trusted setup. This makes it not much better than a coin laundry like Bitfog: the owner of a coin laundry can steal everyone's coins if they so choose, and the same possibility exists with all the anonymized money in circulation in Zerocash. The only strategy to reduce a user's risk is to reduce the time their money is anonymized, but that reduces anonymity.
Anyway, to answer your questions:

1. Will it be possible to use zero-knowledge-SNARKs to reduce the size of the zerocoin proof? The authors of the paper are not too clear on this point.
Probably not.

2. Will it be possible to choose the initial setup parameters for zerocash without relying on trusted third parties, such as with RSA-UFOs as has been proposed for Anoncoin's version of zerocoin?
Probably not for years. This would be a major breakthrough if cryptographers could find a way to do this.

3. It is my understanding that the total amount encoded into zerocash can not be calculated, as the amount is hidden in the zerocash coin commitment. Would it be possible to create new coins (or perhaps double spend) without getting caught if the initial setup parameters were known? Or would this just let the person steal existing zerocash coins?
Yes, the former. If the entity who setup the initial parameters was dishonest and did not delete the data they were supposed to delete, they could create new money without being detected. The currency would experience massive inflation.

///

If its really possible to setup the original Zerocoin protocol without trust, but not Zerocash, then I think that Anoncoin will have much more to offer than other competing coins...

I dont get it: are all your questions regarding Zerocash? Its seems question number 1 at least is ambiguous. Will it be possible for Anoncoin to reduce the Zerocoin proof? If not, arent we doomed to blockchain bloat Anoncoin out of existence?
Whats the difficulty for Zerocash to adopt Anoncoin's solution for the initial setup problem in case it works? COuld they just copy our approach for Zerocash?

May I also ask where you chatted with gnos1s?

http://www.reddit.com/r/Anoncoin/comments/25z2fw/differences_between_zerocoin_and_zerocash/

Spekulatius

legendary

Activity: 1022

Merit: 1000

Quote from: lunokhod2 on May 22, 2014, 11:29:55 AM

For info, here is a response I got from gnosis on redit about a couple of questions I had.

///

I have read the Zerocash paper and while it has some very cool ideas, it has one serious weakness: the requirement for a trusted setup. This makes it not much better than a coin laundry like Bitfog: the owner of a coin laundry can steal everyone's coins if they so choose, and the same possibility exists with all the anonymized money in circulation in Zerocash. The only strategy to reduce a user's risk is to reduce the time their money is anonymized, but that reduces anonymity.
Anyway, to answer your questions:

1. Will it be possible to use zero-knowledge-SNARKs to reduce the size of the zerocoin proof? The authors of the paper are not too clear on this point.
Probably not.

2. Will it be possible to choose the initial setup parameters for zerocash without relying on trusted third parties, such as with RSA-UFOs as has been proposed for Anoncoin's version of zerocoin?
Probably not for years. This would be a major breakthrough if cryptographers could find a way to do this.

3. It is my understanding that the total amount encoded into zerocash can not be calculated, as the amount is hidden in the zerocash coin commitment. Would it be possible to create new coins (or perhaps double spend) without getting caught if the initial setup parameters were known? Or would this just let the person steal existing zerocash coins?
Yes, the former. If the entity who setup the initial parameters was dishonest and did not delete the data they were supposed to delete, they could create new money without being detected. The currency would experience massive inflation.

///

If its really possible to setup the original Zerocoin protocol without trust, but not Zerocash, then I think that Anoncoin will have much more to offer than other competing coins...

I dont get it: are all your questions regarding Zerocash? Its seems question number 1 at least is ambiguous. Will it be possible for Anoncoin to reduce the Zerocoin proof? If not, arent we doomed to blockchain bloat Anoncoin out of existence?
Whats the difficulty for Zerocash to adopt Anoncoin's solution for the initial setup problem in case it works? COuld they just copy our approach for Zerocash?

May I also ask where you chatted with gnos1s?

lunokhod2

sr. member

Activity: 249

Merit: 250

For info, here is a response I got from gnosis on redit about a couple of questions I had.

///

I have read the Zerocash paper and while it has some very cool ideas, it has one serious weakness: the requirement for a trusted setup. This makes it not much better than a coin laundry like Bitfog: the owner of a coin laundry can steal everyone's coins if they so choose, and the same possibility exists with all the anonymized money in circulation in Zerocash. The only strategy to reduce a user's risk is to reduce the time their money is anonymized, but that reduces anonymity.
Anyway, to answer your questions:

1. Will it be possible to use zero-knowledge-SNARKs to reduce the size of the zerocoin proof? The authors of the paper are not too clear on this point.
Probably not.

2. Will it be possible to choose the initial setup parameters for zerocash without relying on trusted third parties, such as with RSA-UFOs as has been proposed for Anoncoin's version of zerocoin?
Probably not for years. This would be a major breakthrough if cryptographers could find a way to do this.

3. It is my understanding that the total amount encoded into zerocash can not be calculated, as the amount is hidden in the zerocash coin commitment. Would it be possible to create new coins (or perhaps double spend) without getting caught if the initial setup parameters were known? Or would this just let the person steal existing zerocash coins?
Yes, the former. If the entity who setup the initial parameters was dishonest and did not delete the data they were supposed to delete, they could create new money without being detected. The currency would experience massive inflation.

///

If its really possible to setup the original Zerocoin protocol without trust, but not Zerocash, then I think that Anoncoin will have much more to offer than other competing coins...

WDL

newbie

Activity: 54

Merit: 0

Quote from: lunokhod2 on May 21, 2014, 01:26:25 PM

Quote from: giveBTCpls on May 21, 2014, 11:41:53 AM

Are all anon coins dead with Monero now? Bytecoin being a scam even if the tech is good, Zerocoin being a joke by having to trust a 3rd party to destroy the key which would lead to infinite spending without anyone ever knowing, or Darkcoin with the false promises of ring signatures (When this already works with Monero) + instamine.

CryptoNote technology (including BitMonero, BCN, etc.) is an interesting approach for increasing privacy, but Zerocoin provides better (i.e., proven to be perfect) anonymity.

In CryptoNote, the user decides how many people will participate in the ring signature: the more that are used, the more difficult it is to track transaction histories in the blockchain. However, even if this form of anonymity is good enough for most people today, blockchain analysis techniques are likely to become very sophisticated in the coming years. If you value your privacy, or if you have something to hide, the only truly anonymous solutions at this point are Zerocoin and Zerocash.

Ring signatures, CoinJoin ("darksend"), and stealth addresses are not perfect. If you use them, you do so at your own risk. I admit that these are the best solutions that are implemented in code today, but the anonymous altcoin scene will change dramatically before the year is over.

Also, Zerocoin (the original paper) does not need to trust a third party: As Gnosis has described elsewhere, this can be accomplished using RSA-UFOs. It is not clear to me if the same thing applies to Zerocash: Gnosis says no, but I would like to hear his opinion now that the paper is published.

I appreciate your opinion.Only mathematics can be trusted and that is Zero-Knowledge-Proof.

hostmaster

sr. member

Activity: 266

Merit: 250

We sponsored Anoncoin pool for you!

Anoncoin pool: http://anc.pool666.com/

Mine with most advanced crypto pool in altcoin history!

Live & Accurate Stats
Dedicated servers with SSD
Professional team
The natural choice for mining
PPLNS PAYOUTS
VARDIFF
Cron based payments running every hours
%0 fee

Visit: http://anc.pool666.com

Sponsored by www.Pool666.com

lunokhod2

sr. member

Activity: 249

Merit: 250

Quote from: giveBTCpls on May 21, 2014, 11:41:53 AM

Are all anon coins dead with Monero now? Bytecoin being a scam even if the tech is good, Zerocoin being a joke by having to trust a 3rd party to destroy the key which would lead to infinite spending without anyone ever knowing, or Darkcoin with the false promises of ring signatures (When this already works with Monero) + instamine.

CryptoNote technology (including BitMonero, BCN, etc.) is an interesting approach for increasing privacy, but Zerocoin provides better (i.e., proven to be perfect) anonymity.

In CryptoNote, the user decides how many people will participate in the ring signature: the more that are used, the more difficult it is to track transaction histories in the blockchain. However, even if this form of anonymity is good enough for most people today, blockchain analysis techniques are likely to become very sophisticated in the coming years. If you value your privacy, or if you have something to hide, the only truly anonymous solutions at this point are Zerocoin and Zerocash.

Ring signatures, CoinJoin ("darksend"), and stealth addresses are not perfect. If you use them, you do so at your own risk. I admit that these are the best solutions that are implemented in code today, but the anonymous altcoin scene will change dramatically before the year is over.

Also, Zerocoin (the original paper) does not need to trust a third party: As Gnosis has described elsewhere, this can be accomplished using RSA-UFOs. It is not clear to me if the same thing applies to Zerocash: Gnosis says no, but I would like to hear his opinion now that the paper is published.

Arlic

newbie

Activity: 43

Merit: 0

Quote from: giveBTCpls on May 21, 2014, 11:41:53 AM

Are all anon coins dead with Monero now? Bytecoin being a scam even if the tech is good, Zerocoin being a joke by having to trust a 3rd party to destroy the key which would lead to infinite spending without anyone ever knowing, or Darkcoin with the false promises of ring signatures (When this already works with Monero) + instamine.

Anoncoin implementation of zerocoin works in diffrent way than oryginal one.

giveBTCpls

sr. member

Activity: 322

Merit: 250

Are all anon coins dead with Monero now? Bytecoin being a scam even if the tech is good, Zerocoin being a joke by having to trust a 3rd party to destroy the key which would lead to infinite spending without anyone ever knowing, or Darkcoin with the false promises of ring signatures (When this already works with Monero) + instamine.

K1773R

legendary

Activity: 1792

Merit: 1008

/dev/null

Quote from: platorin on May 21, 2014, 10:52:47 AM

Quote from: dewdeded on May 21, 2014, 10:38:27 AM

So now what? Will Anoncoin implement ZeroCash or ZeroCoin?

I'd like to know that too.

ZeroCoin, we never said we would implement anything else.
ZeroCash is based on trust, ZeroCoin isnt

platorin

sr. member

Activity: 392

Merit: 250

Quote from: dewdeded on May 21, 2014, 10:38:27 AM

So now what? Will Anoncoin implement ZeroCash or ZeroCoin?

I'd like to know that too.

dewdeded

legendary

Activity: 1232

Merit: 1011

Monero Evangelist

So now what? Will Anoncoin implement ZeroCash or ZeroCoin?

Amber Caparas

newbie

Activity: 9

Merit: 0

I would like to know how is going the implementation of Zerocoin Cry

Topic: Official Anoncoin chat thread (including history) - page 200. (Read 530660 times)