Topic: Zerocash paper released - page 2. (Read 5115 times)

The way I see it is, Monero is just a prototype, eventually, give it a year or two this tech is going to mature and the norm. I would like to see Crypto move towards a more cash like system, no trace back. I would not prefer to see it go to a more bank like system.

Anyway, it'll happen and Crypto's will have to be developed to adapt. (including both Bitcoin and Monero, because better things will come)

Will these coins sit on the sidelines and say "use coinbase" or instead embrace this tech?

This is why sidechains could be perfect for bitcoin, allowing this additional ability.

I posted this in the Nxt.org forum privacy discussion and user Eadeqa replies that a person could use a third party like bitpay or coinbase to maintain anonymity. -https://nxtforum.org/general-discussion/%28poll-by-post%29-does-nxt-need-anonymity/msg24596/?topicseen#msg24596

I talked to the son of a billionaire about using Bitcoin personally and for the business he is in (Oil).

He is smart and young and did his own research and in the end had to advise his fathers company against it and also decided it's not good for personal use. I asked him to explain. He said that he can't see any real business accepting the system because it's far too transparent.

Imagine we are in a Bitcoin centric world. You can easily get bitcoin into a company or to a friend (buying or gifting) and then you can watch their wallets. Bitcoin gives real time information into things like what investments you're buying, when and where you bought your local coffee and so much more.

The transparency provided by Bitcoin is creepy and invasive. I remember explaining this reality to my Dad when I was getting him into Bitcoin just a few weeks ago, he was amazed it had grown this much with such a massive hole.

Bitcoin is less private than using paypal, VISA, MasterCard or your bank. Because in those situations a trusted third party knows your business but the world at large doesn't.

My friend said his company can never use it, the competitive advantage it would give to other companies would be too much, they would be able to tell how much cash flow they had, where they send their money, what contractors they were using.

I personally have always been a little bit into the "we must have privacy! Bitcoin isn't enough!" line, but since talking with real world people it became obvious how bad it really is.

I doubt you are right.

How many bitcoin millionaires think twice before sending $10 for a pizza from their wallet, so much of this can be traced and it'll get worse in the future. Companies are popping up to put as many company and individual names to addresses as possible.

This technology is needed.

No matter what is better, Monero or Zerocash, just don't think they will be something very big like 'the next Bitcoin'.

The real demands for privacy and anonymity is actually small. For many people, Bitcoin's privacy is enough.

LOL. That text contains gems such as:

coupled with constant use of elliptical curve cryptography which is known to be broken under quantum computing, as well is suspect to broken by the NSA[1] or could be broken since it is number theoretic public key cryptography.

I am struggling not to laugh while typing this, but it's too hysterical. If quantum computing exists in any usable form (it doesn't) or if elliptic curve crypto is broken by the NSA (unlikely) we are in WAY bigger trouble than "oh noez, can't spend magical Internet moneyz". Seriously. It's the equivalent of saying "it is suspected that the NSA can screendump every monitor in real time and capture mouse and keyboard movements, so the best thing to do is move to your own hardware you've built from scratch and your own operating system you've written from scratch." It's such an extreme case that it either doesn't exist, or if it does we've got bigger problems.

And the use of one-time ring signatures mucks up the pruning of the block chain of spent addresses. There is a tweak to improve this over the current CryptoNote (one of the tweaks I alluded to upthread).

Which makes SPV and thin clients difficult, but certainly does not affect anonymity on any level.

Bottom line is most of your anonymity will come from obfuscating your IP address with something more reliable than Tor and I2P, not from the block chain mixing of CryptoNote or Zerocash/coin, i.e. if your IP is correlated to your identity, then the one-time ring signature doesn't obscure your identity when you spend.

Monero and other CryptoNote coins can already use Tor.

The case where the one-time ring signature is really useful is a transaction with multiple inputs wherein the spender is merging his coins, thus enabling tracing of those coins to the same entity (the current spender). And it is very unfortunate the one-time ring signature is optional in this case, because it is the identity of the upchain spenders who suffer from this action by the current spender, thus the motivation is not there.

Those upchain spenders are the ones that either need to flush their inputs using a high mixin count, or they need to insist those sending funds to them do. This is not a technical issue, and is the equivalent of "I use WhateverAnonymousCoin but someone forgot to send coins anonymously to me".

So we can see as it is currently structured, CryptoNote doesn't really support anonymity much.

Agree to disagree.

Sorry to blow holes in your enthusiasm. Reality sucks if you haven't taken the time to do some serious work before launching.

Just to be clear: Monero supports all this joyful anonymity from today, not from "V2 guize!!!1111". Any problems, holes, and bugs will be ironed out over time. Any coin implementing ring signatures later will have the added disadvantage of still running in to issues later on. For me, personally, I'll stick to the software that will reach ring signature maturity faster.

Note that the use of a separate payee address for each transaction is a very useful strategy. This is a positive aspect of CryptoNote that adds anonymity, but again it is not so effective without reliable IP obfuscation, as the payee will reveal himself on spending.

Hence: Tor.

Thanks Brilliant.

His main point seems to be IP address tracking and blockchain pruning.

I think that both Zerocash/coin and Monero have the pruning issue, however how can they not? It's apart of the design and perhaps some super genius can one day work it out.

The negatives are not too bad. Monero is meant to be splitting payments into different amounts already.

Zerocash is still trusted and therefore unacceptable and AnonyMint also said that CoinJoin/DarkCoin is so far removed from the capabilities of Zero and Monero that it's not even in the same ball park.

So we are left with two current contenders, Monero and Zero.

Zero is somewhat trusted, so that is out.

All that is left is Monero.

Monero is broken if the NSA can crack the cryptography, the same cryptography that protects every bitcoin address.

Right. That doesn't mean we shouldn't use them, but it is something to be aware of.

Every coin is vulnerable to quantum computers.

Bitcoin will become susceptible to attack if a quantum computer is ever invented.

https://bitcointalk.org/index.php?topic=583449.1340

"So we can see as it is currently structured, CryptoNote doesn't really support anonymity much.

Sorry to blow holes in your enthusiasm. Reality sucks if you haven't taken the time to do some serious work before launching."

lol AnonyMint again, he even said Bitcoin is flawed many times. Should we listen to him, abandon all crypto and back to use fiat ?

But somehow he's right, All crypto coins is not perfect at the moment. Bitcoin once has deadly loophole that can be exploited to create infinite amount of coins.

Interesting, I haven't read the entire thread, can you link me please.

Don't act like Monero doesn't have flaws. Refer to Anonymint's posts in the Monero thread.

Well Zerocash is forever trusted, that might be an issue especially for people looking for private trustless transactions.

Zerocash: made by serious scientists, strongest privacy but totally new, untested technology. It might have exploits we don't know yet. Even Matthew Green himself adviced people not to invest too much hope and money into his design.

Monero: less privacy than Zerocash but appear to be 'more safe' because it utilize an existing technology.

Darkcoin: worst privacy because of inferior CoinJoin technique, instamined coin. Its anonymity is centralized on a small group of 'masternodes', which is not good for 'decentralized currency'.

Lol 2yr premine. I also don't like the one time 'trusted entity' part about ZeroCash though I'm still going to mine their altcoin to check it out. Regardless you can just launder/tumble coins after using Zerocash if whatever you were doing required complete transaction history obfuscation

Bytecoin's chain is already 1.8 years old. How crazy, I thought it was only released 9 weeks ago!

I just info-dumped to you on IRC, I'll repeat here:

[20:29:58]  fluffypony:    just fyi in case you weren't aware
[20:30:04]  fluffypony:    we forked Bytecoin to Monero nearly a month ago
[20:30:07]  fluffypony:    and gave it a fair launch
[20:30:19]  fluffypony:    because there is much fishiness about the "2 years in hiding on the darkweb"
[20:30:38]  fluffypony:    they also released a purposely crippled miner, with crazy amounts of obfuscation
[20:30:54]  fluffypony:    took very little unravelling to get it performing at 12x the levels it shipped at
[20:32:05]  fluffypony:    lastly, even if it genuinely has been around for 2 years "in sekrit on the darkwebz" and that isn't just a massive excuse for a premine over a few months with falsified blockchain dates and then a release of a crippled miner to inflate the timescale, how on earth did it exist for 2 years and the RPC API is thoroughly broken?
[20:32:34]  fluffypony:    we've had to do so much fixing, and the documentation on their wiki is wrong (eg. a trailing slash on the JSON RPC API URL when there is none, the slash causes a 404)
[20:33:18]  fluffypony:    I can't possibly imagine that developers of a cryptocurrency in use and development for 2 years can't be bothered to make sure the transfer method of the API works

Let's sing the technical praises for what Bytecoin has brought to the table, but let's use the variant without the 80% premine k?

"will be implementing" vs. "already in use"

Yeah, I think I'll stick to what works.

I2P is far from the holy grail for anonymity.

Also please don't talk about masternodes like they're a good thing, it's trivially easy to take out a significant portion (if not all) masternodes through a simple DDoS and keep a set of malicious masternodes online, giving someone like the NSA effective control of the path the coins take. So not only does it not provide "better anonymity" in actuality, but it provides an attacker with a neat way of controlling the flow of currency whilst still retaining the veil of anonymity.

Darkcoin isn't just implementing Ring Signatures, but I2P as well...those two combined with Masternodes gives a much superior anonymity than just Ring Signatures alone like in Monero....