Pages:
Author

Topic: Thoughts on Zcash? - page 64. (Read 123393 times)

sr. member
Activity: 420
Merit: 262
February 05, 2016, 04:23:09 AM
#84
I don't intend this to be condescending, but you just can't formulate logic based on incorrect assumptions of the technology. For instance, your incorrect assumption there is no viewkey in Zcash invalidates an entire paragraph of your retort, if you wold have separated your diatribe into paragraphs that is. Perhaps you should spend more time researching (or understanding) something you claim to be an expert on.

Uh so young, so bruised ego, so elbows, so acrimony, so disrespectful, so petty, so unproductive, so anti-teamwork, so failure.

I do not recall reading anything about a viewkey in the 56 page long version of the white paper. I just wasted my time scanning it again and didn't find any mention. Please enlighten us as to what page of the white paper you are referring to.

Furthermore, it is disgusting how willing you are to lick the tyrannical boots of governments everywhere.

If you had 3/4 of my IQ, you might comprehend that certain things are impossible because they violate the finite speed-of-light and besides anonymity is not the solution to tyrannical government.

If you had even a clue as to what AnonyMint (myself) wrote since 2006, you would know I am fighting tyranny until my last breath.

Dude you've pushed (your uncontrollable irrationality and emotional outbursts) it too far and now are wasting my scarce time.

WARNING: Do this one time, and you will go on in my Ignore list, which means you will not be able to communicate with me (which will end up being a very big mistake on your part).

Stop this nonsense. I am not everyone's punching bag. I have important work to do.

You[government] cannot enforce patents or trademarks against a decentralized network.

Woefully incorrect and ignorant statement. Make you sure you follow the link to the page/thread which explains in detail.

Don't give me again your oft-repeated, immature and irresponsible excuse that you don't have time to read. That is your problem. (If you don't have time to read, then the responsible action is STFU until you do)

Not only governments, but Corporations will also eventually be greatly effected by decentralized and anonymity technologies.

Corporations will be replaced by direct business between individuals. In this way yes social network and block chain technologies can promote decentralization. But Bitshares/Daniel Larimer's invention of the DAC is idiotic. Robert Coase developed the Theory of the Firm that explains that corporations exist because they have a top-down moat around transaction costs. A corporation by definition and economic raison d'être is hierarchical.

Dude complete your college education and learn before attacking those who know more than you do. Along the way, you will realize how proudly stupid you were and become humbled (like those of us alphamales at the top) by all that you and we do not know. Once you've realize that you don't know everything and that if you think you've discovered the greatest thing since sliced bread, then you will have developed the maturity to be skeptical because experience of life will have taught you how risky it is to think you understand something and later discover you didn't understand some key detail.

Ego is for little people

[...]

Ego is for little people. I wish I could finish by saying something anodyne about how we’re all little when you come down to it, but I’d be fibbing. Yeah, we’re all little compared to a supernova, but that’s beside the point. And yeah, the most capable people in the world are routinely humbled by what they don’t know and can’t do, but that is beside the point too. If you look at how humans relate to other humans – and in particular, how they manage self-image and “ego” and evaluate their status with respect to others…it really is different near the top end of the human capability range. Better. Calmer. Sorry, but it’ s true.
legendary
Activity: 1484
Merit: 1026
In Cryptocoins I Trust
February 04, 2016, 06:17:46 PM
#83
sr. member
Activity: 420
Merit: 262
February 04, 2016, 06:16:04 AM
#82
My sincerely intended, scathing criticism over at the Zcash forum of Zcash's current funding model, distribution scheme, and myopia in terms of market targets strategy.
sr. member
Activity: 420
Merit: 262
February 04, 2016, 05:36:41 AM
#81
sr. member
Activity: 420
Merit: 262
February 04, 2016, 12:33:14 AM
#80
TPTB's premise is that IP addresses and other metadata are being spied on. You can't transact in basecoins, even just to move from one mixer to another, without encountering that exposure.

My point is (especially for corporations) all their proprietary data privacy is done in zerocoins and then balances combined into basecoins to cash out of the mixer, which doesn't reveal anything but the agggregate value of the private data that is in the zerocoins. That is a distinct and epic advantage over Cryptonote/RingCT.

Now you're on to this corporate blockchain thing which is probably okay if you are looking for a short term payoff (but you better hurry, as that iron is hot right now).

However, it is largely irrelevant to the question of decentralized cryptocurrency and certainly to Zcash, the cryptocurrency that is being launched (though maybe not the company launching it, as they could potentially get some business building blockchain applications for businesses, as Blockstream an others seem to be doing).

Yeah exactly what I am thinking. They should realize who will butter their bread and it won't be us unless they understand the speculator market which they seem to not understand based on the 11% "premine". Frankly, if they were very astute, they'd do both and move their investor's investment to the corporation and copy/partner with Blockstream, and then launch a fair mined or ICO Zcash to our speculator markets.

As for longer-term user-level privacy markets (after the 2017 - 2032 totalitarianism that will fuck up everything first), that is much too far out for me to work on (I will be age ~70 by then). I've instead chosen to work in the area of combining crypto currency with social networking and go for large scale user adoption which my historic forte.

I wouldn't be a good asset for Zcash, because although I could bring some more pragmatic marketing and business acumen to those math/hacker nerds, and I think I may have better block chain tech than Blockstream (at least for the moment afaik and in some facets), Blockstream has the inertia/reputation with the corporates. So Zcash should go that direction (and Maxwell, Poelstra, Shen-noether have been very condescending to me). Maybe one day in future I can afford to hire a cryptographer who understands zk-snarks fully.  I am getting too old to go back to school to study more math courses (I was getting back into it in my mid-40s when my daughter started to show acumen for math, but then suddenly I got so ill  and my ex yanked my kids from me any way). I have to make my major career move and try to make my big impact on society now with the skills I have. And my greatest forte is in combining programming, marketing, and user interface design.

When you see the names and concepts I have and am implementing, I am confident there will be many here who realize they made an entirely inaccurate appraisal of my capabilities.

As for you giving me career and financial advice, I'll not comment beyond this non-comment comment.

Apologies (for public statement) I just don't understand and thus it comes across to me as stubbornness or myopia. I guess you are doing it for the love of having your own project, not for any other rational reason. If you want to tell me in private, I can make a promise not to use it against you. If not, fine.

I mean I know (according to you) your opportunity cost. Perhaps one of the differences is afaik you've worked in finance (presumably closed away from the end users) so this is breath of fresh air for you to work with a wider community. Whereas my entire career I was B2C focused and thus always got stroked by the end users.

But you see I want 10 million end users, not just a 100 - 1000 speculators. And I want them to talk about the features they want and love, not about exchanges, shorting, etc..

Different interests perhaps...

Anyway, if you[readers, not TPTB necessarily] want to build other applications based on the technology behind Zcash (the OP asked this), you can ignore Zcash (which is otherwise a rather uninteresting Bitcoin fork) and focus on libsnark.

Yep. Wink

Edit: but there is no way your Aeon nor Monero can achieve the user adoption level I will achieve. Not even within orders-of-magnitude. So as for applying zk-snarks to the user markets, the one with more marketshare will be in the driver's seat. Open source is not typically a product. Those who market products (e.g. Android which is Linux) are in the driver's seat.

Edit#2 (after some hours of sleep): one retort to my prior edit is that there will be products built on top of Monero/Aeon (and perhaps Cryptonote/RingCT coins in general including BBR) such as perhaps (if someone markets a end user product employing) the OpenBaazar fork which drive popular adoption. The fundamental chicken-and-the-egg dilemma of currency is that until the masses have the currency, they can't spend the currency. And if you just airdrop them currency, then they just dump it to speculators if there is no ecosystem that incentivizes them to use the currency as a recycling unit-of-exchange. This is one reason I encouraged the OpenBaazar fork to be currency agnostic even while adding XMR support. Because it is unpredictable which crypto currency will attain a widespread ecosystem. Even Bitcoin is not used by females and general demographics and is rather a young white male Libertarian technonerd demographic. To attain these economies-of-scale and ecosystem across all demographics requires an ecosystem that interests all those demographics. Given what I know about those who are creating altcoins, afaics none of them have the experience and focus to achieve a widespread demographics ecosystem.
legendary
Activity: 2968
Merit: 1198
February 04, 2016, 12:13:45 AM
#79
TPTB's premise is that IP addresses and other metadata are being spied on. You can't transact in basecoins, even just to move from one mixer to another, without encountering that exposure.

My point is (especially for corporations) all their proprietary data privacy is done in zerocoins and then balances combined into basecoins to cash out of the mixer, which doesn't reveal anything but the agggregate value of the private data that is in the zerocoins. That is a distinct and epic advantage over Cryptonote/RingCT.

Now you're on to this corporate blockchain thing which is probably okay if you are looking for a short term payoff (but you better hurry, as that iron is hot right now).

However, it is largely irrelevant to the question of decentralized cryptocurrency and certainly to Zcash, the cryptocurrency that is being launched (though maybe not the company launching it, as they could potentially get some business building blockchain applications for businesses, as Blockstream an others seem to be doing).

As for you giving me career and financial advice, I'll not comment beyond this non-comment comment.

Anyway, if you want to build other applications based on the technology behind Zcash (the OP asked this), you can ignore Zcash (which is otherwise a rather uninteresting Bitcoin fork) and focus on libsnark.
sr. member
Activity: 420
Merit: 262
February 03, 2016, 11:59:54 PM
#78
TPTB's premise is that IP addresses and other metadata are being spied on. You can't transact in basecoins, even just to move from one mixer to another, without encountering that exposure.

My point is (especially for corporations) all their proprietary data privacy is done in zerocoins and then balances combined into basecoins to cash out of the mixer, which doesn't reveal anything but the agggregate value of the private data that is in the zerocoins. That is a distinct and epic advantage over Cryptonote/RingCT.

smooth, I don't understand why you are being irrational and wasting your time down a dead-end. Surely there are more valuable and more productive things for you to work on than continue with what will eventually fail and have to be abandoned. It is very perplexing to me. You say you are hedged/diversified, so I don't understand the religious behavior.

Sometimes we need to slay our malformed babies in order to give way for planting our seed again. I took the axe to the desks w.r.t. to my WordUp software when Atari's Tramiel decided to buy Federated Dept Stores and focus on making calculators instead of competing with Apple and Windows! That was a wise move as my LinkedIn career history shows.

I don't agree with him that transacting in zerocash without worrying about your metadata exposure is of any real value, and neither does anyone else, but that's a different issue.

I think I already explained how the issue (especially for corporations) is much more compelling. So far, I have seen no rebuttal to the specifics I explained w.r.t. to corporate use. I am still awaiting Zcash's promised blog post comparing their technology to Cryptonote/RingCT.

Appeal to authority is useless. Open source your reasons.

Also, TPTB operates under the premise that miners will be centralized and engage in 51% policy attacks. If they do that they can refuse to allow you to move your basecoins to the new mixer unless you identify yourself.

What I believe about mining is irrelevant to this issue (although I do believe it is possible to decentralize PoW control while centralizing verification for scaling, thus to get best of both), because I am asserting the big market for privacy is not from hiding from the government (which I pointed out to you many times can charge the cost of 51% attack to society as China apparently has done to Bitcoin! and thus different game theory economics than a miner that needs to be profitable) and a viewkey should be provided to the government so they don't need to block your transactions (which applies to every anonymous coin). So the point is that Zcash will provide provable privacy against everyone except the government (whereas Monero/CN/RingCT/CoinJoin/CoinShuffle/Dash/ShadowCash will not).

Note I have not forgotten my past point that the government can't necessarily keep secrets we are forced to give them, because they have employees which may not always be loyal, e.g. Edward Snowden. Thus again I see block chain privacy as more useful for corporations which can negotiate with the government to provide controlled access and not a viewkey to all transactions. We individuals can't negotiate with the totalitarianism that society will go through over the next decade or two.

I agree with you that the possibility of moving to a reset coin has some potential value. It also has potential risks. The more times your have to perform the setup, the more opportunities there are for it to be compromised. Especially if it becomes routine and people get careless. Zcash has not said anything about planning to do these kinds of resets, as far as I've seen.

Again if the corporations who want to use it all participate in the multi-party setup, they would have to collude to cheat themselves, which doesn't make any sense.

P.S. You might look into the timing side-channel attacks issue as a potential point of comparison to bring Zcash back down to similar level of anonymity reliability as RingCT (but I doubt it):

https://github.com/Electric-Coin-Company/zcash/issues/5
legendary
Activity: 1484
Merit: 1026
In Cryptocoins I Trust
February 03, 2016, 11:58:02 PM
#77
TPTB's premise is that IP addresses and other metadata are being spied on. You can't transact in basecoins, even just to move from one mixer to another, without encountering that exposure.

I don't agree with him that transacting in zerocash without worrying about your metadata exposure is of any real value, and neither does anyone else, but that's a different issue.

Also, TPTB operates under the premise that miners will be centralized and engage in 51% policy attacks. If they do that they can refuse to allow you to move your basecoins to the new mixer unless you identify yourself.

I agree with you that the possibility of moving to a reset coin has some potential value. It also has potential risks. The more times your have to perform the setup, the more opportunities there are for it to be compromised. Especially if it becomes routine and people get careless. Zcash has not said anything about planning to do these kinds of resets, as far as I've seen.

The above comments are in regard to a permisionless cryptocurrency ledgers, not permissioned blockchains.
Thanks... it is hard to know what TPTB has been talking about since he just says "read my thread". You summed it up nicely... I've been wondering what he has been talking about and too lazy/busy to read his long threads. Roll Eyes

I am sure governments and/or government contractors and/or corporations are probably scraping metadata from Bitcoin (and possibly other cryptocurrencies.) I haven't done a ton of research on the subject like you guys, but I tend to agree with you that if you wanted to be as private/anonymous as possible, you would still need to try and obscure your metadata even while using Zcash. If the view key is ever compromised then so is your privacy, and it would also be necessary if they do a reset. I don't think this will be a huge issue for corporations though, because really we are talking about IP (or possibly computer hardware/software (or OS) versions) leaks... which they wouldn't really be too worried about I don't think. They are more worried about financial privacy than anonymity, so that their competition is kept in the dark.

If it is true that, with the Zcash view key, someone can see all transactions that ever occurred on that account, then I see this as a major blow to the functionality of Zcash. Perhaps there is still space for a technology like Monero with per-transaction view keys (and hopefully Monero will be combined with some type of CT implementation soon.) I can't imagine corporations wanting to open their books to anyone and everyone that they need to prove to that any certain transaction(s) occurred. I am still confused if the Zcash view key reveals all transactions for any certain account, or if can be done on a transaction-by-transaction basis.
legendary
Activity: 1764
Merit: 1000
February 03, 2016, 11:12:03 PM
#76
i've reads get rich scam after scam in this altcoin section alone. these scammers give cryptocurrency a bad name.
their idea is pure repeat scam fuel by whales/hype. the people who keep losing money and keep them afloat to find new scam ideas are dumb people like you and your below/above posters hoping to get a piece of their many pies.
legendary
Activity: 2968
Merit: 1198
February 03, 2016, 11:08:04 PM
#75
The zerocoin mixer can be periodically reset, forcing all anonymous zerocoins to cash out periodically to basecoins which can be re-minted into the next instance of the zerocoin mixer. In this way, it can be proven that no zerocoins were created out-of-thin-air. All the anonymous mixing that occurs in the zerocoins can remain fully masked because the zerocoins balance can be merged before un-minting back to a basecoin.

So the problem is easily resolved. And the anonymity is not compromised even if the master private key was.

The process of resetting the mixer and forcing people to remint does compromise anonymity. If you were an adversary and wanted to spy on zerocash users, forcing such a reset (and then spying on them while redeeming and reminting) would be precisely one way you could go about doing it. This general pattern is a classic exploit method (e.g. force/trick user to reset password; intercept new password, etc.).



I don't get how you can spy on someone if you don't know who owns what address. They could simply generate a new address for the reset and then send it straight back to the zerocoin layer, no?

TPTB's premise is that IP addresses and other metadata are being spied on. You can't transact in basecoins, even just to move from one mixer to another, without encountering that exposure.

I don't agree with him that transacting in zerocash without worrying about your metadata exposure is of any real value, and neither does anyone else, but that's a different issue.

Also, TPTB operates under the premise that miners will be centralized and engage in 51% policy attacks. If they do that they can refuse to allow you to move your basecoins to the new mixer unless you identify yourself.

I agree with you that the possibility of moving to a reset coin has some potential value. It also has potential risks. The more times your have to perform the setup, the more opportunities there are for it to be compromised. Especially if it becomes routine and people get careless. Zcash has not said anything about planning to do these kinds of resets, as far as I've seen.

The above comments are in regard to a permisionless cryptocurrency ledgers, not permissioned blockchains.
legendary
Activity: 1484
Merit: 1026
In Cryptocoins I Trust
February 03, 2016, 10:59:55 PM
#74
The zerocoin mixer can be periodically reset, forcing all anonymous zerocoins to cash out periodically to basecoins which can be re-minted into the next instance of the zerocoin mixer. In this way, it can be proven that no zerocoins were created out-of-thin-air. All the anonymous mixing that occurs in the zerocoins can remain fully masked because the zerocoins balance can be merged before un-minting back to a basecoin.

So the problem is easily resolved. And the anonymity is not compromised even if the master private key was.

The process of resetting the mixer and forcing people to remint does compromise anonymity. If you were an adversary and wanted to spy on zerocash users, forcing such a reset (and then spying on them while redeeming and reminting) would be precisely one way you could go about doing it. This general pattern is a classic exploit method (e.g. force/trick user to reset password; intercept new password, etc.).



I don't get how you can spy on someone if you don't know who owns what address. They could simply generate a new address for the reset and then send it straight back to the zerocoin layer, no?

This is actually the first time I've heard about it being able to be reset like that. I think that is a pro, not a con. It would give users the peace of mind that no one's printing money from time to time, even though everyone cab be fairly sure that they aren't since the seed will be generated using MPC transparently.

The only thing about this coin I'm not liking is the percentage of each block that goes to a corporation. I hope AnonyMint will free us from corporate tyranny? I guess if you are not implementing ZC technology then someone else will eventually fork it and cut the corporation out of the loop. However, network effects can grow quite fast...
legendary
Activity: 2968
Merit: 1198
February 03, 2016, 10:42:19 PM
#73
The zerocoin mixer can be periodically reset, forcing all anonymous zerocoins to cash out periodically to basecoins which can be re-minted into the next instance of the zerocoin mixer. In this way, it can be proven that no zerocoins were created out-of-thin-air. All the anonymous mixing that occurs in the zerocoins can remain fully masked because the zerocoins balance can be merged before un-minting back to a basecoin.

So the problem is easily resolved. And the anonymity is not compromised even if the master private key was.

The process of resetting the mixer and forcing people to remint does compromise anonymity. If you were an adversary and wanted to spy on zerocash users, forcing such a reset (and then spying on them while redeeming and reminting) would be precisely one way you could go about doing it. This general pattern is a classic exploit method (e.g. force/trick user to reset password; intercept new password, etc.).

sr. member
Activity: 420
Merit: 262
February 03, 2016, 10:14:53 PM
#72
Guys when you get past your vested interests which clouds your vision, then you'll eventually realize as I had already explained in excruciating detail, that Zcash is the only technology that can realistically give us (and more importantly corporations) privacy on public block chains due to the insoluble meta-data and overlapping rings anonymity unmasking issue for Cryptonote/RingCT (and any other mixing solution for anonymity such as CoinJoin/Dash, CoinShuffle, etc.).

The zerocoin mixer can be periodically reset, forcing all anonymous zerocoins to cash out periodically to basecoins which can be re-minted into the next instance of the zerocoin mixer. In this way, it can be proven that no zerocoins were created out-of-thin-air. All the anonymous mixing that occurs in the zerocoins can remain fully masked because the zerocoins balance can be merged before un-minting back to a basecoin.

So the problem is easily resolved. And the anonymity is not compromised even if the master private key was.

Corporations are going to generate their own masterkey in a consortium ceremony, so they will be in control of their destiny on this. Again I urge Zcash to focus on the corporate market.
legendary
Activity: 1484
Merit: 1026
In Cryptocoins I Trust
February 03, 2016, 08:28:09 PM
#71
Your memory is only partially right. There is a potential problem with trusted setup. They have said they play to do this in some public ceremony with multiple parties so that unless ALL of those parties collude, the minting process is safe.

If all parties colluded they could print a unlimited number of coins undetected, however the privacy of transactions would not be affected. Essentially it is an economic threat of a poorly designed setup allowing parties to collude to print unlimited coins. There is not a privacy threat from collusion.


Good god that is like a million times worse. So they'd be able to 'print' unlimited quantity of money undetected ? And we trust that this inner circle present at the seeding ceremony are trustworthy !

 Shocked  Shocked  Shocked

LucyLovesCrypto is right and describes the weaknesses, and potential threats of it perfectly. I also elaborated on it here -> https://forum.bitcoin.com/post16245.html#p16245

Umm... no he is not correct. They have already stated how they are going to generate the seed.

After a little research, they seem to have figured out a good way to do this using multi party computation. Using MPC to generate the seed was talked about in the original version of Zerocoin, and it seems like they will use their own version of it for Zerocash. If you look into the (now proven false rumors) that Anoncoin was going to implement Zerocoin there is a lot of discussion about MPC. The whitepaper for the MPC math they will use to generate the seed is written by the authors of the Zerocash whitepaper. https://forum.z.cash/t/trusted-setup-phase/68/2


Touche  Cheesy
full member
Activity: 124
Merit: 100
February 03, 2016, 08:02:48 PM
#70
Also I remember hearing about an anonymisation technique in which you have to trust the person who generated the first block to destroy the private key without writing it down, otherwise they have the ability to decrypt the anonymisation forever after. Is this using that technique ? If so why trust they don't have the backdoor key handy ?

Your memory is only partially right. There is a potential problem with trusted setup. They have said they play to do this in some public ceremony with multiple parties so that unless ALL of those parties collude, the minting process is safe.

If all parties colluded they could print a unlimited number of coins undetected, however the privacy of transactions would not be affected. Essentially it is an economic threat of a poorly designed setup allowing parties to collude to print unlimited coins. There is not a privacy threat from collusion.

I think that will be the biggest problem. Why should anyone trust a few people(from a "for profit" company) to not profit if they have the possibility to do it without anyone noticing it?  Thats a no-brainer...

Who said there will only be a few people from the company at this ceremony? Maybe they are inviting mother teresa, ghandi, oprah, and pinnochio.

You are right, they didn't say that all the parties will be from their company. I shouldn't have made such a hasty comment.
legendary
Activity: 2268
Merit: 1141
February 03, 2016, 06:49:18 PM
#69
Also I remember hearing about an anonymisation technique in which you have to trust the person who generated the first block to destroy the private key without writing it down, otherwise they have the ability to decrypt the anonymisation forever after. Is this using that technique ? If so why trust they don't have the backdoor key handy ?

Your memory is only partially right. There is a potential problem with trusted setup. They have said they play to do this in some public ceremony with multiple parties so that unless ALL of those parties collude, the minting process is safe.

If all parties colluded they could print a unlimited number of coins undetected, however the privacy of transactions would not be affected. Essentially it is an economic threat of a poorly designed setup allowing parties to collude to print unlimited coins. There is not a privacy threat from collusion.


Good god that is like a million times worse. So they'd be able to 'print' unlimited quantity of money undetected ? And we trust that this inner circle present at the seeding ceremony are trustworthy !

 Shocked  Shocked  Shocked

LucyLovesCrypto is right and describes the weaknesses, and potential threats of it perfectly. I also elaborated on it here -> https://forum.bitcoin.com/post16245.html#p16245
legendary
Activity: 2968
Merit: 1198
February 03, 2016, 06:23:30 PM
#68
legendary
Activity: 1484
Merit: 1026
In Cryptocoins I Trust
February 03, 2016, 06:15:54 PM
#67
Also I remember hearing about an anonymisation technique in which you have to trust the person who generated the first block to destroy the private key without writing it down, otherwise they have the ability to decrypt the anonymisation forever after. Is this using that technique ? If so why trust they don't have the backdoor key handy ?

Your memory is only partially right. There is a potential problem with trusted setup. They have said they play to do this in some public ceremony with multiple parties so that unless ALL of those parties collude, the minting process is safe.

If all parties colluded they could print a unlimited number of coins undetected, however the privacy of transactions would not be affected. Essentially it is an economic threat of a poorly designed setup allowing parties to collude to print unlimited coins. There is not a privacy threat from collusion.


Good god that is like a million times worse. So they'd be able to 'print' unlimited quantity of money undetected ? And we trust that this inner circle present at the seeding ceremony are trustworthy !

 Shocked  Shocked  Shocked

We don't know how the participants will be chosen, so perhaps best to wait and see before reaching conclusions.

They are using multi party computation, which is a transparent way to generate the starting seed. See my post up-thread.... there will be no "ceremony".
legendary
Activity: 2968
Merit: 1198
February 03, 2016, 06:10:14 PM
#66
Also I remember hearing about an anonymisation technique in which you have to trust the person who generated the first block to destroy the private key without writing it down, otherwise they have the ability to decrypt the anonymisation forever after. Is this using that technique ? If so why trust they don't have the backdoor key handy ?

Your memory is only partially right. There is a potential problem with trusted setup. They have said they play to do this in some public ceremony with multiple parties so that unless ALL of those parties collude, the minting process is safe.

If all parties colluded they could print a unlimited number of coins undetected, however the privacy of transactions would not be affected. Essentially it is an economic threat of a poorly designed setup allowing parties to collude to print unlimited coins. There is not a privacy threat from collusion.


Good god that is like a million times worse. So they'd be able to 'print' unlimited quantity of money undetected ? And we trust that this inner circle present at the seeding ceremony are trustworthy !

 Shocked  Shocked  Shocked

We don't know how the participants will be chosen, so perhaps best to wait and see before reaching conclusions.
legendary
Activity: 2101
Merit: 1061
February 03, 2016, 05:27:28 PM
#65
Also I remember hearing about an anonymisation technique in which you have to trust the person who generated the first block to destroy the private key without writing it down, otherwise they have the ability to decrypt the anonymisation forever after. Is this using that technique ? If so why trust they don't have the backdoor key handy ?

Your memory is only partially right. There is a potential problem with trusted setup. They have said they play to do this in some public ceremony with multiple parties so that unless ALL of those parties collude, the minting process is safe.

If all parties colluded they could print a unlimited number of coins undetected, however the privacy of transactions would not be affected. Essentially it is an economic threat of a poorly designed setup allowing parties to collude to print unlimited coins. There is not a privacy threat from collusion.


Good god that is like a million times worse. So they'd be able to 'print' unlimited quantity of money undetected ? And we trust that this inner circle present at the seeding ceremony are trustworthy !

 Shocked  Shocked  Shocked
Pages:
Jump to: