here is crypto-zoigberg response to annonymints concerns: maybe somone with knowledge can compare and discuss
CryptoNote's one-time ring signature as a way of obfuscating who is the payer (the spender), is optional and can only be used when there are other payees who have matching input amounts. In other words, it can't do any obfuscation for you on spending unless there are other coins that have the same balance as yours.
[/quote]
That's why coinbase and wallet by default split outs into standart amounts, and when you need to send money to someone anonymously you almost always have some outs for mixin, you can learn this in Bytecoin blockchain, just check blockchain index.
That very infrequent opportunity for use is coupled with constant use of elliptical curve cryptography which is known to be broken under quantum computing, as well is suspect to broken by the NSA[1] or could be broken since it is number theoretic public key cryptography.
Quantum computer is like Schrödinger's cat - it is both real and unreal.
The worst that can happend in case that quantum computer will become a real is hard fork.
And the use of one-time ring signatures mucks up the pruning of the block chain of spent addresses. There is a tweak to improve this over the current CryptoNote (one of the tweaks I alluded to upthread).
For this reason in Boolberry we chaged tx identification from whole blob hash to tx_prefix hash, and when blockchain entry will be covered by checkpoin the ring signatures could be cutoff.
Bottom line is most of your anonymity will come from obfuscating your IP address with something more reliable than Tor and I2P, not from the block chain mixing of CryptoNote or Zerocash/coin, i.e. if your IP is correlated to your identity, then the one-time ring signature doesn't obscure your identity when you spend.
I disagree with you here.
Crypto-currency, particularly Boolberry/CryptoNote, is a set of rules which is obligatory for all. First of all it is a currency_core that doesn't even know about network protocols or ip addresses.
It's just guarantees compliance with currency rules.
You (or anonymint) actually talks here about
the way of delivering transactions to crypto currency net. But even if we don't provide a way to anonymize your ip now, just act via third party anonymizer if you prefer.
The case where the one-time ring signature is really useful is a transaction with multiple inputs wherein the spender is merging his coins, thus enabling tracing of those coins to the same entity (the current spender). And it is very unfortunate the one-time ring signature is optional in this case, because it is the identity of the upchain spenders who suffer from this action by the current spender, thus the motivation is not there.
If i understand you right, we solved this problem by adding attribute to each out, that can force spender to use this out only with ring singature.
So we can see as it is currently structured, CryptoNote doesn't really support anonymity much.
Sorry to blow holes in your enthusiasm. Reality sucks if you haven't taken the time to do some serious work before launching.
Note that the use of a separate payee address for each transaction is a very useful strategy. This is a positive aspect of CryptoNote that adds anonymity, but again it is not so effective without reliable IP obfuscation, as the payee will reveal himself on spending.
Thanks for this post, you didn't blew holes in our enthusiasm. We still belive that this is most interesting technology in crypto-currencies field.
[/quote]
[/quote]
