Still no apology or an actual steps to remedy this situation like showing some work being done? And by work I mean code, not a list of things anybody can pull out of their ass. A trusted person from the the larger bitcointalk community would be sufficient to take a look and give a brief summary.
Btw, its quite funny how they point to donations that have not been touched meanwhile big bucks where behind the recent p&d enabling them to take huge profits.
If anybody knows a team of devs working on a zerocoin implementation (not zerocash) let me know, I would very much much like to support them. I am really not interested in sociopaths, scammers or young boys learning to program. It is obvious Gnosis knows shit about programming and even when he finally implements ZC, the code would be shit and it will get hacked in no time.
Come check out SDC - Shadowcash,
https://bitcointalksearch.org/topic/sdc-shadowcash-welcome-to-the-umbra-745352 . Check out the roadmap and look at the projects released thus far. Head into IRC channel on freenode #shadowcash or #shadow on irc.anonops the dev is active and avail usually everyday if you have questions.
This is the only other promising altcoin developing ZK that isn't a scam. With ANC's 2-3 month delay this leaves only SDC with the ability to release ZK in the short term.
Did I forget to mention I am not interested in scams?
https://bitcointalksearch.org/topic/the-full-truth-behind-shadowcashcoin-trolls-and-their-attacks-on-other-coins-818939Also, I was interested in zerocoin, not zerocash which needs a trusted setup of the initial parameters - if I understand things correctly - I would certainly trust zerocash more (even if NSA evesdrop) than some shadowcash people who could generate infinite amount of coins.
So because of that thread you denounce the entire project?
Shadows implementation, will be trustless on the initial setup parameters.
So SDC implementing zerocash does not require trusted parameters?
How come zerocash devs require them? Are you trying to claim you made some mathematical breakthrough?
Interesting but I would need to read a proper explanation, like a paper with the math introduced to believe you.
Please check this post,
https://bitcointalksearch.org/topic/m.8906146The parameter generation, in a non-interactive zero knowledge system is always going to be an issue, unless its created through a consensus..
Interactive would mean you'd need the other party to be online to redeem your input, so we're working on a way of sending your funds into infinity, where they will be redeemed from infinity.
At a base level there's always going to be some sort of mixing involved, whether its destroying/minting, or whether its using some sort of tokens, etc..
"we're working on a way of sending your funds into infinity, where they will be redeemed from infinity."
After thinking about this for a while I am still not sure if I completely understand what you mean. I have read the zk-snarks whitepaper, etc. Can you elaborate on this point a little?
Thanks!
Coins are removed from circulation, effectively placed in escrow when they are placed in an anonymous output.
We need to prove that we redeemed an output, without revealing which output was redeemed and a redeem transaction would look like a coinbase.
The redeem transaction destroys one of the anonymous outputs but it is not possible to know which one was destroyed.
It won't be possible to use the same output twice, as it would require a secret key which becomes known to everyone when the output is redeemed.
The zk-proof proves the secret key is linked to an output in the set, but only the redeemer knows which one.
Thank you very much! Your explanations really help. I think they also make it easier for people to understand why zk-snarks anonymity is vastly superior to the coinjoin based "anonymous" coins on the marker today.
Can I also assume that it would be best if there was a time delay between when the coins are removed from circulation and when the anonymous output is sent from escrow?
Can the sender purchase an anonymous escrow amount greater than the amount he ultimately wants to send the recipient (the remainder of which he can redeem for another transaction later) so that the amount of coins removed from his wallet will not directly match the amount of coins the recipient receives?
The outputs can be broken up into set values, i.e.: 100000, 10000, 1000, 100, 10, 1, 0.1, 0.01, etc..
So if you send someone 13921.301 SDC, the outputs available to them would be 10000, 1000, 1000, 1000, 100, 100, 100......, 10, 10, 1, 0.1, 0.1, 0.1, 0.001.
The redeemer would be able to redeem whichever output he wants, as they will all have different secret keys.
Now that you will be able to do things like this, it doesn't really make sense as what you really want to accomplish is breaking chain history.
Once the history has been broken, you have a fresh coinbase, with no trace where it came from, so it wouldn't make sense to send an anonymous transaction immediately afterwards, as you will incur more fees.
Hopefully that answered most of your question/questions. If you have any others feel free to direct them to ryno (sdcdev) on the shadowcash thread.
Even if you don't pick up any SDC keep an eye on it, it can;t hurt to watch. I think you will be surprised.
