Topic: Thoughts on Zcash? - page 54. (Read 123391 times)

Not so much the developers.  They have to trust the small group of people that will participate in the trusted setup.


I agree with you that zcash has a potentially extremely powerful idea, which is TOTAL anonymity.  That's better than Monero, which has a limited anonymity set, which is growing over time.  With the ideas in zcash, this anonymity set can be total.
However, this is NOT how it is set up in zcash.  And in order to have this total anonymity, you have to introduce compromises with other aspects, like a trusted setup.

So, the way zcash is set up, I wouldn't prefer it, anonymity wise, over monero.  But it ideas in it that are potentially much better than Monero.

So if I understand correctly, Zcash requires users to trust its developers to a certain degree.
However, developers have not given users a big reason not to trust them but because with Monero, users don't have to trust anyone, that makes Monero better.


Zcash has some advantages that Monero does not have...

That's also how I understood it.  This is why you can trust a trusted setup, if you are part of the setup !
For that, you have to have:
1) a medical certificate testifying that you are not schizophrenic and that you can trust yourself
2) being sure that you are part of the setup
3) be sure that you didn't give out your secret part

In other words, you have to have a way to verify that the published setup has actually used your contribution.  I don't know if this can be tested independently, but there is one thing that does work: if you have the public contributions of every contributor, then you can run the "compilation" yourself, and verify that it generates indeed, the published public setup.

It is indeed true that it is sufficient that ONE contributor has not given his part of the golden key (his random number/secret key) to the others to be sure that the golden key has not been generated.  So if YOU are part of it, and you can trust yourself that you didn't give your key, then you know that the trusted setup can be trusted. 

The subtle thing is probably that you are to be sure that that little piece of data has not left your computer.  So you have in some way to be totally master of the software that did the generation.  Best is to have the source code, and verify that it doesn't do any sending, but just a calculation on a console, and do this on an airgapped computer which is physically destroyed (or kept switched off in a safe, the day you want to be part of the conspiration that will have the golden key) once you copied the public results on a piece of paper.


If you are part of the trusted setup, you can trust it.

And if thousands of people are part of it, in the end, that comes down to "the market".  In crypto, you have to trust the market.  If ALL bitcoin holders except you decide that bitcoin has no value any more, then it doesn't matter that the protocol is well implemented.  It is worth zero.  So at a certain point, using a cryptoCURRENCY, you have to trust a market.  If the trusted setup is set up with so many people that they are a serious part of the market, and if you could have been potentially part of it, then I think you can trust it enough.
But best is to be part of it.

Hello bbc.reporter. I believe you had asked me this a few days ago and I've been conducting research. I don't mean to step on dinofelis...I'm just hoping I can provide somewhat of a decent answer.

It has been difficult to get a straight answer to this and other questions about Zcash. The writers of these articles can testify to this:

http://weuse.cash/2016/06/09/btc-xmr-zcash/

https://blog.okturtles.com/2016/03/the-zcash-catch/  (updated 27 August, see comments)

Here's what I think the answer is: a "golden key" will not exist IF those who initialize the trusted setup don't have compromised systems AND at least one of the initializers is honest in their execution of the setup.

Even if that answer is correct, it's still not a good system. Why take a chance? People are probably sick of me saying this, but it's true: we shouldn't have to trust people in crypto, just math. For example, with Monero, one only needs to examine the source code to see if there are any "surprises." Granted, Zcash is also open-source, but then we go back to the issue: the trusted setup. You have to trust that it was set up honestly and correctly. That is asking too much and it is a needless self-imposed barrier since an anonymous coin already exists which doesn't require a trusted setup: Monero.

If you read the two articles above, you'll see that the Zcash team has changed their explanations of the trusted setup a few times and have provided contradictory answers to questions where straightforward answers are necessary for trust. They have been evasive in providing answers as well...and these are the people we are supposed to trust?

I wish I could give you a simpler answer but I can't find much to add to what has already been well-documented in the two articles above. The fact that the Zcash team keeps giving dodgy answers to the okturtles author only makes me even more wary of them. In my opinion, there's already more than enough information available to show that it's a bad proposition, and an unneeded one at that.

Can you explain the trusted set up more? I understand the general idea but how will they put this in effect? Will someone hold a golden key or something?

Isee this on some cryptp site few days ago!

Thank you for summarizing it so good.
The main issue is in my opinion (too) that anonymous transactions are optional. This means that the ones using anonymous transactions will "stand out", losing all the point of "anonymous transactions".

OK, I got some more view on ZCASH.  The way it is implemented doesn't make anonymous transactions standard or compulsory.  You have essentially bitcoin, and the possibility, if you want to, to convert them in "notes" and do anonymous transactions.  That's not good.

I think that ZCASH contains some very good cryptographic ideas, but that the way these are put in music in ZCASH is not so great.  I have 3 problems with ZCASH as it is announced.

1) the post-premine of 10% to the company.  That can be arranged by a fork.
2) the way the trusted setup is done.  I can accept a trusted setup where I'm part of myself or where I could have been part of, but not with some celebrities doing things.  There are ways to solve this, with thousands of participants.
3) the big no go for me: anonymity should be compulsory.

I think that ZCASH's crypto can one day be useful, but not the way it is put into music in ZCASH. 

I seriously doubt Snowden would endorse a coin that requires a Trusted Setup and has major involvement from the banking industry and government ties.

...unless you can post a credible source that says otherwise.

like this project if Snowden say its good..we need safe life !

Will anybody be ready to sale some zcash right after its will mining start?
anybody know good place to rent rigs,legit company and no scam shit?

There is something I didn't really understand with ZCASH.   In zerocash, you have to actively "mint" zerocoins by "locking up" bitcoins.  That means that you have to engage actively in the anonymity "request", and that "normal" bitcoin transactions are "in the clear".  This is a big "no go" for me, because most people will not bother, which means that the anonymity set for "the suspects" is rather limited, and that "anybody who uses it is suspect".
Zerocash was designed to be "on top of bitcoin".  However, in ZCASH, this is finally not clear to me.  I first thought that it was the same: that you had to actively engage in "exchanging clear coins for anon coins", and then do the zerocash thing.
But now it is less clear to me: is zcash, contrary to what I had read and understood from zerocash, SYSTEMATICALLY anonymous, no matter how you use it ?
I have been reading the technical paper on zerocash, but there, the anonymous transactions are explained, but it is not clear to me if this is what ZCASH will use systematically.
In ZCASH language, is the ONLY kind of ownership, ownership of notes ?

I thought I explained the problem fairly simply here: https://decentralize.today/chris-angel-zcash-and-the-golden-key-e9289e917dea#.x9c5n42fl

Edit: xmr have a trustless setup and doesn't suffer from this problem and dash is not really in the race

I tried to do that here, with my own limited understanding of it:
https://bitcointalksearch.org/topic/m.16086081

Can someone explain zcash's trusted set up in layman's terms and without going very technical? I would really like to understand it and be able to compare it to XMR and Dash for myself. It is sometimes very hard to know the truth without the knowledge needed to discern each cryptocoin. Sometimes I find myself listening to FUD without thinking and understanding.

Is there going to be GPU mining for zcash?

As long as they are up front about it...
20% is actually a great deal for years of work by elite Devs + a slew of experienced venture capital Pros.

I'll take a proper organization over a garage coin like Monero any day...
A few dark markets are a drop in the bucket... and will not change anything in this space.

In fact...
The idea that all of these public figures with reputations will run a straight-up fraud seems hysterical.

And 80% CPU mining, probably requiring a fast connection + 8 GB memory to cut out botnets...
This is what Bitcoin was meant to be before it was hijacked by a Chinese cartel.

from where you have this information?

Very disappointing. I've waited years to get in early on zcash and now I find out the usual whales get to premine 10% while the rest of us are left to fight over mining scraps.

What is the distribution curve?