Pages:
Author

Topic: Zerovert - First Truly & Only Anonymous Coin with Zerocoin | Mandatory Upgrade ! - page 17. (Read 50921 times)

legendary
Activity: 938
Merit: 1001
For people wanting to mine it,

HashHarder has opened a pool.

Check the signature.
sr. member
Activity: 350
Merit: 250
member
Activity: 70
Merit: 10
Activity: 350

Oh, I see .. you'd rather these people come in here and exchange personal attacks.

You're #4 on my ignore list, I'm sorry but I just don't think you have anything to contribute.
full member
Activity: 154
Merit: 100
★YoBit.Net★ 100+ Coins Exchange & Dice

I still don't like the premine maybe they are really going to need it. I think its money/time spent better elsewhere!


OH oh oh (hold up hand like in school) I know i know! It's money/time better spent in......wait for it........ShadowCash!!!!!!!! Of course it is. Not. Trolls. Good grief Charlie Brown go back in to SDC already.
member
Activity: 70
Merit: 10
Activity: 350
Why is Spaincoindev in here trolling back and forth with longnshort. Talking a ll negatively in this coins thread. Sure I know just talking facts and tech but in such a way that its negative and fud like. Everyone knows what you aguys are doing. SpaincoinDev I think your coin is looking for you.

So would you rather have these people come in here and celebrate 80 bit security, or have people speak from their understanding about what is in front of us?

The fact that it's negative or positive doesn't change facts, there's really no way you can say 'well damn we've got potentially trusted secure setup parameters, but the actual zkps that are produced can be cracked with a toaster' in a positive light..



Even for the modest
lambda = 80 security level (ensuring forgery effort of 2^80 operations), Zerocoin spend proofs exceed 25KB. Since these proofs must be stored in the block chain, the large size of these proofs makes it challenging to deploy Zerocoin in practice.

We're right at 25kb..


The appropriate security strength to be used depends on the sensitivity of the data being protected, and needs to be determined by the owner of that data (e.g., a person or an organization). For the Federal government, a minimum security strength of 80 bits is recommended in 2010; a minimum security strength of 112 bits is strongly recommended, beginning in 2011 (see [SP 800-57]). However, with the acceptance of a certain amount of risk, the minimum of 80 bits of security strength may be used until the end of 2013. Based on the latest understanding of the state-of-the-art for breaking the cryptographic algorithms, given particular key lengths, the transition to the 112-bit security strength shall be accomplished by 2014, except where specifically indicated. See Appendix A for an explanation...


Wonder what info/comments the devs have? Have they done anything to keep ~25kb and use >80 bit security, with the same benefit that larger proofs provide?
legendary
Activity: 1078
Merit: 1050
Why is Spaincoindev in here trolling back and forth with longnshort. Talking a ll negatively in this coins thread. Sure I know just talking facts and tech but in such a way that its negative and fud like. Everyone knows what you aguys are doing. SpaincoinDev I think your coin is looking for you.

I'm very open about my opinions and i try to have the facts. This has been done for a long time, long before many of you came along and started sweeping everything under a rug with newbie accounts.
I'm very interested in the truth of things. They just don't justify a premine in my opinion, as this concept is no where near production ready.

There is a walk through here https://github.com/Zerocoin/libzerocoin/wiki/Integrating-with-bitcoin-clients

full member
Activity: 154
Merit: 100
★YoBit.Net★ 100+ Coins Exchange & Dice
Why is Spaincoindev in here trolling back and forth with longnshort. Talking a ll negatively in this coins thread. Sure I know just talking facts and tech but in such a way that its negative and fud like. Everyone knows what you aguys are doing. SpaincoinDev I think your coin is looking for you.
legendary
Activity: 1078
Merit: 1050

Well, even if it doesn't scale and it's not secure enough, it's still a nice proof of concept we can play with. I'll try some zerocoin spends tomorrow when the coins I mined mature. Unfortunately the issues are fundamental so it's not a matter of just tweaking some parameters to make this usable in real world situations.

It's quite clever that they never send zerocoins Tongue

I agree with SpainCoinDev, nice that someone actually implemented it, even though it was a bit reckless.

Good job zerovert Smiley

I still don't like the premine maybe they are really going to need it. I think its money/time spent better elsewhere!
full member
Activity: 164
Merit: 100

Well, even if it doesn't scale and it's not secure enough, it's still a nice proof of concept we can play with. I'll try some zerocoin spends tomorrow when the coins I mined mature. Unfortunately the issues are fundamental so it's not a matter of just tweaking some parameters to make this usable in real world situations.

It's quite clever that they never send zerocoins Tongue

I agree with SpainCoinDev, nice that someone actually implemented it, even though it was a bit reckless.

Good job zerovert Smiley
legendary
Activity: 1078
Merit: 1050

Well, even if it doesn't scale and it's not secure enough, it's still a nice proof of concept we can play with. I'll try some zerocoin spends tomorrow when the coins I mined mature. Unfortunately the issues are fundamental so it's not a matter of just tweaking some parameters to make this usable in real world situations.

It's quite clever that they never send zerocoins Tongue
sr. member
Activity: 364
Merit: 250
SpainCoin.org

Well, even if it doesn't scale and it's not secure enough, it's still a nice proof of concept we can play with. I'll try some zerocoin spends tomorrow when the coins I mined mature. Unfortunately the issues are fundamental so it's not a matter of just tweaking some parameters to make this usable in real world situations.
legendary
Activity: 1078
Merit: 1050
Yeah its fairly large and i have a feeling its going to get bigger and bigger  /coin
so if you want to "anonymize" 1000 coins, you need to mint 1000 coins, and spend 1000 coins

Nah, the proofs stay the same size. Although, it looks like the parameters they chose may be totally insecure, at least if they're using the default ZRC lib. I think secure proof sizes were larger, around 128 KB with >3k bit keys, their proof sizes imply much smaller bit commitments.

Thats 24.1Kb / proof/coin 1000coin/proof=25mb

If you wanted to anonymous 1000 coins using this solution, it would cost 40 zerovert, and it would take about 17 hours to verify
and add 25MB to the blockchain as I understand it
legendary
Activity: 1484
Merit: 1005
Yeah its fairly large and i have a feeling its going to get bigger and bigger  /coin
so if you want to "anonymize" 1000 coins, you need to mint 1000 coins, and spend 1000 coins

Nah, the proofs stay the same size. Although, it looks like the parameters they chose may be totally insecure, at least if they're using the default ZRC lib. I think secure proof sizes were larger, around 128 KB with >3k bit keys, their proof sizes imply much smaller bit commitments. If this is the case the security is already broken.
legendary
Activity: 1078
Merit: 1050
some zerocoin transactions:
http://pastebin.com/raw.php?i=CC4jCjD3

They look pretty huge to me (as expected), contradicting their claims here:

Interesting, so about 26 KB just for a ZeroCoin commitment and niZKP in the scriptsig alone. That's the same as from libzerocoin.

Yeah its fairly large and i have a feeling its going to get bigger and bigger  /coin
so if you want to "anonymize" 1000 coins, you need to mint 1000 coins, and spend 1000 coins. 25mb of transactions to spend 1000 coins? Huge fee!?

legendary
Activity: 1484
Merit: 1005
some zerocoin transactions:
http://pastebin.com/raw.php?i=CC4jCjD3

They look pretty huge to me (as expected), contradicting their claims here:

Interesting, so about 26 KB just for a ZeroCoin commitment and niZKP in the scriptsig alone. That's the same as from libzerocoin.

From Green's lab:
Quote
For 1024 bit commitments and an 80 bit security level, this results in a 20KB double
discrete log proof and a total proof size (including the accumulator proof) of
25KB.
http://fc14.ifca.ai/bitcoin/papers/bitcoin14_submission_12.pdf

...80 bit security?
legendary
Activity: 1078
Merit: 1050


I'd say they took libzerocoin, integrated it poorly and gave it a go. Note that the zerocoin authors never even created a coin because realistically zerocoin is not ready to be used.

some zerocoin transactions:
http://pastebin.com/raw.php?i=CC4jCjD3

They look pretty huge to me (as expected), contradicting their claims here:

- so, in general, how much more space/bandwidth or cpu power than a btc transaction do you need? (zerocoin is many times more)
Space - not much more actually, (...)

Cpu power, not a lot more either. We'll do some more performance testing to see compare to bitcoin later on.

- are you basing your work on https://github.com/Zerocoin/libzerocoin ?

A bit of it

You are freaking me and a few of my friends out now do you have cams in my house!?
We have the testnet premine let me know if you want some to test with
hero member
Activity: 742
Merit: 500
The accumulator requires an RSA modulus of unknown factorization, so we used the RSA modulus of unknown factorization from the world renowned RSA factoring challenge.

Is there any way to verify this since the source is not available? Just have to take your word for it and keep an eye on the blockchain for double spends?

Yes, that's the case for now. I assure you that the N value is in fact from the RSA modulus. Also Poramin is a well known cryptocurrency developer, who also made Vertcoin - the first coin that really made a good effort towards ASIC resistance (and one of top 5 most valuable cryptocurrencies this february)

How about a zero knowledge proof that you have a trustless setup. Use a zk-snark. That's what they are for.
sr. member
Activity: 364
Merit: 250
SpainCoin.org


I'd say they took libzerocoin, integrated it poorly and gave it a go. Note that the zerocoin authors never even created a coin because realistically zerocoin is not ready to be used.

some zerocoin transactions:
http://pastebin.com/raw.php?i=CC4jCjD3

They look pretty huge to me (as expected), contradicting their claims here:

- so, in general, how much more space/bandwidth or cpu power than a btc transaction do you need? (zerocoin is many times more)
Space - not much more actually, (...)

Cpu power, not a lot more either. We'll do some more performance testing to see compare to bitcoin later on.

- are you basing your work on https://github.com/Zerocoin/libzerocoin ?

A bit of it
member
Activity: 61
Merit: 10
windows-qt wallet open, flash back, fix!
newbie
Activity: 1
Merit: 0
seems way better than sdc already

"seems"

zerocoin helps with traceability but it doesn't hide the amounts per transactions or prevent leakage from addresses. One of the main reasons why ZC devs are focusing on zerocash not zerocoin and one of the main reasons why sdc is not using zerocoin in shadowcash.

That aside. Best of luck to this project the goal is financial privacy and if the devs here are putting on honest effort into moving that forward then hats off to you. One thing you can't honest effort with zerocoin is proof of a trustless setup and without an open source codebase you will need an independent audit to prove the trustless claim. I'm looking forward to seeing progress on that front.

Best of luck.

Cool story bro.
Pages:
Jump to: