But engineering hurdles remain:
- 1. Requires a hard fork
- 2. Any requirement that all transactions participate in mixing is a non-starter. Some payment schemes bootstrap trust by intentionally being non-private, showing their bitcoin holdings and bitcoin payments with provable digital signatures.
Any forced 100% privacy scheme that prevented opt-in auditing would make life difficult for some existing users, who place value in the transparency of the system.
I've probably thought about this issue more than almost anyone with my work on fidelity bonded banking, and even ZeroCoin can be made fully transparent if you choose too. The key thing is that a: zerocoin has a public list of all spent coins, which lets you know when a coin was spent, and b: it's still possible to prove you were the one that spent a coin. Auditing in that scenario comes down to you publishing proofs of what coins you have spent in a provable public manner, and transparency is achieved by the fact that in a well-designed system you can't get away with lying about your transactions. You can fail to publish your accounting logs, an act that is of course very suspicious, but that's actually no different from the scenario with pervasive coin mixing: either way where the money went is unknown.
When it comes to receiving money, no amount of auditing can prevent you from taking money in behind the scenes, but there is no way to do that and also hide the fact that you are doing that from your sender. In this case the solution is actually identical to the non-zerocoin solution: publish in advance what addresses you accept payment on, and anyone can scan the blockchain for payments to those addresses.
Agree from an engineering point of view; ZeroCoin's requirement for a hard-fork and many lines of new code using complex crypto is a risk Bitcoin shouldn't take. Coin mixing done well has very close to as good privacy, and can be easily fixed if it doesn't work.