Topic: ZeroVert - First Zerocoin Implementation | Unanswered Questions (Read 5840 times)
Wow did this just dry up and blow away?
November 06, 2014, 02:57:14 PM
I'm disappointed. I have a huge investment in vertcoin and I would have liked to see this added to vertcoin, and not setup as a new coin. So now we have 3 coins to merge mine? It's a hassle to setup and these coins ( like MON)end up being worth next to nothing.
November 06, 2014, 05:51:01 AM
goddamn just add it to vertcoin, theres no one left anyway which had a problem with Zerocoin and theres been a shitload of time and money invested in vtc by its community already, theres absolutely no fucking reason to just create another coin.
Fucking this x1000
November 06, 2014, 03:05:21 AM
He has his reasons for making it a separate merge mined coin. If you disagree with those reasons, then don't participate in the new coin. Simple as that. Devs should not receive vitriolic responses when they've poured work into a project.
Othe, I'm sure you can relate.
Othe, I'm sure you can relate.
And two months down the line when ur invested in this coin and Poromin fucks off to some other coin? Maybe not Pugcoin this time... but god knows what...
November 06, 2014, 03:04:36 AM
What exactly should he do for vertcoin?
Er..
how about opening sourcing the stealth addresses that he has been too busy to do since August?
how about helping the other devs of HIS COIN port the Lyra2 algo
How about trying to improve and work on Vertcoin - the coin he seemingly abandoned months ago
November 06, 2014, 02:50:35 AM
He has his reasons for making it a separate merge mined coin. If you disagree with those reasons, then don't participate in the new coin. Simple as that. Devs should not receive vitriolic responses when they've poured work into a project.
Othe, I'm sure you can relate.
Othe, I'm sure you can relate.
November 06, 2014, 02:25:30 AM
goddamn just add it to vertcoin, theres no one left anyway which had a problem with Zerocoin and theres been a shitload of time and money invested in vtc by its community already, theres absolutely no fucking reason to just create another coin.
Fucking this x1000
I see where you guys are coming from, but consider this:
The accumulator requires an RSA modulus of unknown factorization, so we used the RSA modulus of unknown factorization from the world renowned RSA factoring challenge.
We implement zerocoin, not zerocash. And yes, we said generating transaction is less than a second, with verification time less than a minute
We implement zerocoin, not zerocash. And yes, we said generating transaction is less than a second, with verification time less than a minute
There's only a handful of even modestly secure primes p and q from that list, from 1536-bits to 2048-bits, with which to use to get N = pq. Key lengths of 2048 bits are unlikely to be secure within the next 5-15 years. As far as I can tell, whoever factors these first gets to spend all your zerocoins ever. It's also totally and trivially quantum insecure due to Shor's algorithm.
That you admit proof verification is measured in single to double digit seconds means that both DDoS of a node is trivial and block verification time is insane; you just need to spam invalid proofs from a number of unique IPs to computationally knock a node off the network, and generating a block with more than a few transactions will be an impossibility to propagate throughout the network before another competing block is published, resulting in massive amounts of orphans and a totally insecure blockchain. You could store the verifications over time in a cache, but it's incredibly easy for an attacker to simply not publish these and then publish a block with say, 200 valid zerocoin transactions and totally screw up the network.
That you're not even storing the niZKPs on chain is another huge problem affecting network consensus based on history.
Personally, potentially risking both established consensus on a live network, and also risking transactions being at risk on that same network seems like pretty good reasons to not want to hop right into a zerocoin implementation on a pre-existing chain, especially when zerocoin had only one or two other live implemtations that aren't even fully involved yet, and at least one of which isn't going so hot. The devs have mentioned they intend to have zerovert as a side chain.
If it became part of vert as a side chain, and they really follow through, then that might be the addition you were looking for?
What if this ends up going sideways? I would not like to see VTC at risk because of piling risky, alpha level software on top of risky, alpha level software.
Maybe I'm wrong though? Knowing there's serious risks, what do you think? I don't think this was ever even brought up or mentioned in VTC.
November 06, 2014, 01:44:55 AM
goddamn just add it to vertcoin, theres no one left anyway which had a problem with Zerocoin and theres been a shitload of time and money invested in vtc by its community already, theres absolutely no fucking reason to just create another coin.
Fucking this x1000
November 05, 2014, 11:58:38 PM
I'm speaking up because it's good to be involved and i am a busy body gossiping drama queen 8) ;D :o
So i don't know about any of that shit or those guys but i had supported VTC back but bailed when Scrypt Asics started coming out..
So i want throw in a few random thoughts.. thanks for reading ;)
First thing that came to mind is i was glad you did bring up your concern elsewhere if you think it should be said.. self moderated topics can be bad :(
But i don't know if a guy who made 3 coins so far is really THAT bad to be fair.. yes and no right ?
I hate to have a knee jerk reaction to that and flame the dev over it because face it guys what is worse..
A dev who made 3 coins or 3 anon devs ? get it ?
We want some accountability so we can not crucify every guy that comes along or they will simply hide.
I heard what you guys said here though.. it's a matter of does the new coins deserve to be made or worked on ? hmm i don't know..
So making more coins info ? Good + bad i figure.. at least we have a guy who is not hiding !
Also i was talking to a guy working on coding GPU miners on IRC and he had asked me what i thought about NeoScypt
i eventually re-read some info on it (i had forgotten what i heard way back)
And in passing talking with the guy i brought up what i think is ALWAYS a problem.
Do you fix an existing coin or make a new one ?
I am guilty of complaining either way LOL
The coder said something had to be done.. a change was needed !
And you know what.. i REALLY can't argue with that but i said it's a double edged sword :(
What i portrayed to that guy was the following..
Feathercoin was using the Scrypt algo previously so anyone who owned Scrypt-Asics could mine it super hard with high hash rates..
Now they are doing a hard fork and anyone that comes along to mine the coin now will be doing a small tiny fraction of the hash rates in comparison.
i said this can be viewed as an advantage to guys who got mining during the past 3 months vs the guys mining in the next 3 months.
i said, most people will probably have that perception.. it's going to turn some guys off the coin.
the GPU coder guy seemed pissed off i mentioned that and kind of mad at me now LOL
But i am just calling it as i see it.. nothing personal.. It's not FUD'ing ::)
So..
Make a new coin ? well then the old users supporting FTC are left high and dry right ? what to do ?
Maybe a FAIR coin conversion is better in that example ?
..if you got this far in my word salad congrats you win a prize.. front row tickets to Spoetnik's next rant :)
So i don't know about any of that shit or those guys but i had supported VTC back but bailed when Scrypt Asics started coming out..
So i want throw in a few random thoughts.. thanks for reading ;)
First thing that came to mind is i was glad you did bring up your concern elsewhere if you think it should be said.. self moderated topics can be bad :(
But i don't know if a guy who made 3 coins so far is really THAT bad to be fair.. yes and no right ?
I hate to have a knee jerk reaction to that and flame the dev over it because face it guys what is worse..
A dev who made 3 coins or 3 anon devs ? get it ?
We want some accountability so we can not crucify every guy that comes along or they will simply hide.
I heard what you guys said here though.. it's a matter of does the new coins deserve to be made or worked on ? hmm i don't know..
So making more coins info ? Good + bad i figure.. at least we have a guy who is not hiding !
Also i was talking to a guy working on coding GPU miners on IRC and he had asked me what i thought about NeoScypt
i eventually re-read some info on it (i had forgotten what i heard way back)
And in passing talking with the guy i brought up what i think is ALWAYS a problem.
Do you fix an existing coin or make a new one ?
I am guilty of complaining either way LOL
The coder said something had to be done.. a change was needed !
And you know what.. i REALLY can't argue with that but i said it's a double edged sword :(
What i portrayed to that guy was the following..
Feathercoin was using the Scrypt algo previously so anyone who owned Scrypt-Asics could mine it super hard with high hash rates..
Now they are doing a hard fork and anyone that comes along to mine the coin now will be doing a small tiny fraction of the hash rates in comparison.
i said this can be viewed as an advantage to guys who got mining during the past 3 months vs the guys mining in the next 3 months.
i said, most people will probably have that perception.. it's going to turn some guys off the coin.
the GPU coder guy seemed pissed off i mentioned that and kind of mad at me now LOL
But i am just calling it as i see it.. nothing personal.. It's not FUD'ing ::)
So..
Make a new coin ? well then the old users supporting FTC are left high and dry right ? what to do ?
Maybe a FAIR coin conversion is better in that example ?
..if you got this far in my word salad congrats you win a prize.. front row tickets to Spoetnik's next rant :)
November 05, 2014, 11:39:41 PM
What exactly should he do for vertcoin?
November 05, 2014, 11:00:34 PM
Nothing says he can' t make a new coin. If the coin is what he says it is it will be epic. Sounds to me like A bit of bag holder jealousy and envy. This new coin will give everyone a far chance to get in on it at the start not just bag holding vert guys.
Indeed, he can make another coin - to abandon.
Honestly.. his track record is not very good. Which is a shame, and a real shock, as I used to think he was a decent guy.
I have nothing to say, but if I have the intention to abandon Vert, why in the new coin, which going to releases today, still having Vert in the coin name?
Why I need to do merge mining with Vert? Why don't I use normal Scrypt to merge mine with Litecoin, which has more user base than Vert?
You have nothing to say?
How about the work you should be doing to help Vertcoin?
November 05, 2014, 10:37:05 PM
Actually, ZeroVert should be SpookVert.
And nothing can save Vert...
Oh wait, maybe they can freeride it on top of Bitcoin = CounterVert.
There needs to be a SuperNet of all the shit coins...
That promised and failed to implement Zerocoin..................... let's call it................... ZeroNet.
November 05, 2014, 06:28:07 PM
He claims to have fixed every problem with zerocoin, which is simple not believable. The binary could be full of backdoors, even if we had the source code it woudl take some time to determine whether the coin is safe.
WTF is the Spaincoindev even doing in here asking such shit. What about Spaincoin? Worry on that. It needs it.
November 05, 2014, 04:32:33 PM
He claims to have fixed every problem with zerocoin, which is simple not believable. The binary could be full of backdoors, even if we had the source code it woudl take some time to determine whether the coin is safe.
WTF is the Spaincoindev even doing in here asking such shit. What about Spaincoin? Worry on that. It needs it.
November 05, 2014, 04:18:30 PM
Another coin was desperately needed, he probably dumped all his Vertcoins so now he gets another 210,000 ZeroVert coins instant premine.
What a joke crypto has become
What a joke crypto has become
November 05, 2014, 03:46:41 PM
Wowsers all the fudders have come out to play! Mostly SDC shill accounts trying cause shit as usual and some butthurt vertcoin dudes thrown in for good measure. I'm mining it. A cool new coin all on its own. It can be a master of all anon coins. Do you thing dev and make it happen.
November 05, 2014, 02:07:58 PM
He claims to have fixed every problem with zerocoin, which is simple not believable. The binary could be full of backdoors, even if we had the source code it woudl take some time to determine whether the coin is safe.
I quote some stuff from the original thread:
assuming the OP is even a vtc dev, it would be suicidal to fork vtc to include zerocoin, zerovert's implementation will most probably not work properly anyway, zerocoin is a work in progress with known flaws.
Right, not a fork. This is a new coin that stands on its own.
It does work. We have done thorough testing. Would be happy to answer any questions you might have
Thank you! I'm glad it works if it truly does
- What would the blockchain size for zerovert be if it was vertcoin for example? (same amount of time going now, same amount of transactions)
- how long does it take to create an average tx you can find on the vertcoin network right now (same avg inputs, depth..),
- same but how long to confirm?
(I'm using vertcoin as the benchmark since you should be familiar with the current metrics and it's a more or less successful alt with some volume.)
- so, in general, how much more space/bandwidth or cpu power than a btc transaction do you need? (zerocoin is many times more)
- zerocoins have to be all the same face value, how are you addressing that? a few different zerocoin types? just one? your thoughts on the constraints either choice implies
- are you basing your work on https://github.com/Zerocoin/libzerocoin ?
- Address these issues: http://en.wikipedia.org/wiki/Zerocoin#Criticism
- Are you improving any aspects of zerocoin in the same way as zerocash? if so, what exactly?
- Are you improving any aspects of the original zerocoin in other ways? in what ways exactly?
- No pool or exchange will run your closed-source client in their servers, even less so given that you are unknown/id unproven so far. How do you plan on making people adopt your coin with closed source.
- What would the blockchain size for zerovert be if it was vertcoin for example? (same amount of time going now, same amount of transactions)
Almost the same. Only difference is the accumulator which is less than a kb per block
- how long does it take to create an average tx you can find on the vertcoin network right now (same avg inputs, depth..),
The act of creating an average tx is nearly the same (createrawtransaction, signrawtransaction, sendrawtransaction each under a second).
- same but how long to confirm?
(I'm using vertcoin as the benchmark since you should be familiar with the current metrics and it's a more or less successful alt with some volume.)
less than a minute
- so, in general, how much more space/bandwidth or cpu power than a btc transaction do you need? (zerocoin is many times more)
Space - not much more actually, we use an incremental accumulator that is A = u^(c1 * c2 * c3... * cn) mod n. So accumulator is less than a kb.
Cpu power, not a lot more either. We'll do some more performance testing to see compare to bitcoin later on.
- zerocoins have to be all the same face value, how are you addressing that? a few different zerocoin types? just one? your thoughts on the constraints either choice implies
One for now, we will eventually integrate support for multiple denominations
- are you basing your work on https://github.com/Zerocoin/libzerocoin ?
A bit of it
- Address these issues: http://en.wikipedia.org/wiki/Zerocoin#Criticism
Stored outside of blockchain, with RSA modulus from world renowned RSA factoring challenge of unknown factorization. Computational time is very reasonable in comparison to bitcoin
- Are you improving any aspects of zerocoin in the same way as zerocash? if so, what exactly?
We're investigating a lot of different possible improvements. If you can ask about specific improvements, I'll be better suited to answer. Not all improvements are possible with zerocoin though.
- Are you improving any aspects of the original zerocoin in other ways? in what ways exactly?
Using the RSA modulus from world renowned RSA factoring challenge of unknown factorization
- No pool or exchange will run your closed-source client in their servers, even less so given that you are unknown/id unproven so far. How do you plan on making people adopt your coin with closed source.
Not sure if that's true
___________
http://en.wikipedia.org/wiki/RSA_Factoring_Challenge
Right, but can you explain how you did the trustless setup to establish the accumulator? And also what trustless entities exactly were included in the setup, as right now it's impossible to verify that anyone except you has generated the accumulator? That's a rather important point as it would allow you to spend anyone's money otherwise, without anyone possibly being able to tell it was you doing so. It seems confusing to me how you possibly got the niZKP down to a reasonable size and verification time, too, for instance they're 128-256 kb in the default implementation, with verification times of 4 or more seconds each.
The accumulator requires an RSA modulus of unknown factorization, so we used the RSA modulus of unknown factorization from the world renowned RSA factoring challenge.
We implement zerocoin, not zerocash. And yes, we said generating transaction is less than a second, with verification time less than a minute
____________
There's only a handful of even modestly secure primes p and q from that list, from 1536-bits to 2048-bits, with which to use to get N = pq. Key lengths of 2048 bits are unlikely to be secure within the next 5-15 years. As far as I can tell, whoever factors these first gets to spend all your zerocoins ever. It's also totally and trivially quantum insecure due to Shor's algorithm.
That you admit proof verification is measured in single to double digit seconds means that both DDoS of a node is trivial and block verification time is insane; you just need to spam invalid proofs from a number of unique IPs to computationally knock a node off the network, and generating a block with more than a few transactions will be an impossibility to propagate throughout the network before another competing block is published, resulting in massive amounts of orphans and a totally insecure blockchain. You could store the verifications over time in a cache, but it's incredibly easy for an attacker to simply not publish these and then publish a block with say, 200 valid zerocoin transactions and totally screw up the network.
That you're not even storing the niZKPs on chain is another huge problem affecting network consensus based on history.
I quote some stuff from the original thread:
assuming the OP is even a vtc dev, it would be suicidal to fork vtc to include zerocoin, zerovert's implementation will most probably not work properly anyway, zerocoin is a work in progress with known flaws.
Right, not a fork. This is a new coin that stands on its own.
It does work. We have done thorough testing. Would be happy to answer any questions you might have
- What would the blockchain size for zerovert be if it was vertcoin for example? (same amount of time going now, same amount of transactions)
- how long does it take to create an average tx you can find on the vertcoin network right now (same avg inputs, depth..),
- same but how long to confirm?
(I'm using vertcoin as the benchmark since you should be familiar with the current metrics and it's a more or less successful alt with some volume.)
- so, in general, how much more space/bandwidth or cpu power than a btc transaction do you need? (zerocoin is many times more)
- zerocoins have to be all the same face value, how are you addressing that? a few different zerocoin types? just one? your thoughts on the constraints either choice implies
- are you basing your work on https://github.com/Zerocoin/libzerocoin ?
- Address these issues: http://en.wikipedia.org/wiki/Zerocoin#Criticism
- Are you improving any aspects of zerocoin in the same way as zerocash? if so, what exactly?
- Are you improving any aspects of the original zerocoin in other ways? in what ways exactly?
- No pool or exchange will run your closed-source client in their servers, even less so given that you are unknown/id unproven so far. How do you plan on making people adopt your coin with closed source.
- What would the blockchain size for zerovert be if it was vertcoin for example? (same amount of time going now, same amount of transactions)
Almost the same. Only difference is the accumulator which is less than a kb per block
- how long does it take to create an average tx you can find on the vertcoin network right now (same avg inputs, depth..),
The act of creating an average tx is nearly the same (createrawtransaction, signrawtransaction, sendrawtransaction each under a second).
- same but how long to confirm?
(I'm using vertcoin as the benchmark since you should be familiar with the current metrics and it's a more or less successful alt with some volume.)
less than a minute
- so, in general, how much more space/bandwidth or cpu power than a btc transaction do you need? (zerocoin is many times more)
Space - not much more actually, we use an incremental accumulator that is A = u^(c1 * c2 * c3... * cn) mod n. So accumulator is less than a kb.
Cpu power, not a lot more either. We'll do some more performance testing to see compare to bitcoin later on.
- zerocoins have to be all the same face value, how are you addressing that? a few different zerocoin types? just one? your thoughts on the constraints either choice implies
One for now, we will eventually integrate support for multiple denominations
- are you basing your work on https://github.com/Zerocoin/libzerocoin ?
A bit of it
- Address these issues: http://en.wikipedia.org/wiki/Zerocoin#Criticism
Stored outside of blockchain, with RSA modulus from world renowned RSA factoring challenge of unknown factorization. Computational time is very reasonable in comparison to bitcoin
- Are you improving any aspects of zerocoin in the same way as zerocash? if so, what exactly?
We're investigating a lot of different possible improvements. If you can ask about specific improvements, I'll be better suited to answer. Not all improvements are possible with zerocoin though.
- Are you improving any aspects of the original zerocoin in other ways? in what ways exactly?
Using the RSA modulus from world renowned RSA factoring challenge of unknown factorization
- No pool or exchange will run your closed-source client in their servers, even less so given that you are unknown/id unproven so far. How do you plan on making people adopt your coin with closed source.
Not sure if that's true
___________
Quote
Using the RSA modulus from world renowned RSA factoring challenge of unknown factorization
http://en.wikipedia.org/wiki/RSA_Factoring_Challenge
Right, but can you explain how you did the trustless setup to establish the accumulator? And also what trustless entities exactly were included in the setup, as right now it's impossible to verify that anyone except you has generated the accumulator? That's a rather important point as it would allow you to spend anyone's money otherwise, without anyone possibly being able to tell it was you doing so. It seems confusing to me how you possibly got the niZKP down to a reasonable size and verification time, too, for instance they're 128-256 kb in the default implementation, with verification times of 4 or more seconds each.
The accumulator requires an RSA modulus of unknown factorization, so we used the RSA modulus of unknown factorization from the world renowned RSA factoring challenge.
We implement zerocoin, not zerocash. And yes, we said generating transaction is less than a second, with verification time less than a minute
____________
The accumulator requires an RSA modulus of unknown factorization, so we used the RSA modulus of unknown factorization from the world renowned RSA factoring challenge.
We implement zerocoin, not zerocash. And yes, we said generating transaction is less than a second, with verification time less than a minute
We implement zerocoin, not zerocash. And yes, we said generating transaction is less than a second, with verification time less than a minute
There's only a handful of even modestly secure primes p and q from that list, from 1536-bits to 2048-bits, with which to use to get N = pq. Key lengths of 2048 bits are unlikely to be secure within the next 5-15 years. As far as I can tell, whoever factors these first gets to spend all your zerocoins ever. It's also totally and trivially quantum insecure due to Shor's algorithm.
That you admit proof verification is measured in single to double digit seconds means that both DDoS of a node is trivial and block verification time is insane; you just need to spam invalid proofs from a number of unique IPs to computationally knock a node off the network, and generating a block with more than a few transactions will be an impossibility to propagate throughout the network before another competing block is published, resulting in massive amounts of orphans and a totally insecure blockchain. You could store the verifications over time in a cache, but it's incredibly easy for an attacker to simply not publish these and then publish a block with say, 200 valid zerocoin transactions and totally screw up the network.
That you're not even storing the niZKPs on chain is another huge problem affecting network consensus based on history.
November 05, 2014, 10:15:45 AM
Nothing says he can' t make a new coin. If the coin is what he says it is it will be epic. Sounds to me like A bit of bag holder jealousy and envy. This new coin will give everyone a far chance to get in on it at the start not just bag holding vert guys.
Indeed, he can make another coin - to abandon.
Honestly.. his track record is not very good. Which is a shame, and a real shock, as I used to think he was a decent guy.
I have nothing to say, but if I have the intention to abandon Vert, why in the new coin, which going to releases today, still having Vert in the coin name?
Why I need to do merge mining with Vert? Why don't I use normal Scrypt to merge mine with Litecoin, which has more user base than Vert?
Why not add it to vertcoin? why all the merge mining non sense at all? You cant even sidechain it later because sidechains use the original coins and dont have an extra emission!
There was last time i checked around 5000 vtc reddit subscribers and 30.000 twitter followers who have done all a shitload for vtc but hey yeah lets make a new coin...
Ask yourself this, why would I create a totally new coin, delete two unmoderated threads within hours of each other after being critisized, start a moderated one, be a anonymous newbie account , and have a 2% premine. I think it's obvious why ZeroVert "dev" doesnt want to add Zerovert to Vertcoin
.Also, zerocoin was scrapped for a reason, it's very impractical.
November 05, 2014, 10:05:08 AM
Nothing says he can' t make a new coin. If the coin is what he says it is it will be epic. Sounds to me like A bit of bag holder jealousy and envy. This new coin will give everyone a far chance to get in on it at the start not just bag holding vert guys.
Indeed, he can make another coin - to abandon.
Honestly.. his track record is not very good. Which is a shame, and a real shock, as I used to think he was a decent guy.
I have nothing to say, but if I have the intention to abandon Vert, why in the new coin, which going to releases today, still having Vert in the coin name?
Why I need to do merge mining with Vert? Why don't I use normal Scrypt to merge mine with Litecoin, which has more user base than Vert?
Why not add it to vertcoin? why all the merge mining non sense at all? You cant even sidechain it later because sidechains use the original coins and dont have an extra emission!
There was last time i checked around 5000 vtc reddit subscribers and 30.000 twitter followers who have done all a shitload for vtc but hey yeah lets make a new coin...
I understand distribution because isn't zerocoin going to be much slower?
At the least why not basically distribute it to existing vert holders and start the time line for release where vert is at?
November 05, 2014, 09:30:32 AM
Nothing says he can' t make a new coin. If the coin is what he says it is it will be epic. Sounds to me like A bit of bag holder jealousy and envy. This new coin will give everyone a far chance to get in on it at the start not just bag holding vert guys.
Indeed, he can make another coin - to abandon.
Honestly.. his track record is not very good. Which is a shame, and a real shock, as I used to think he was a decent guy.
I have nothing to say, but if I have the intention to abandon Vert, why in the new coin, which going to releases today, still having Vert in the coin name?
Why I need to do merge mining with Vert? Why don't I use normal Scrypt to merge mine with Litecoin, which has more user base than Vert?
Why not add it to vertcoin? why all the merge mining non sense at all? You cant even sidechain it later because sidechains use the original coins and dont have an extra emission!
There was last time i checked around 5000 vtc reddit subscribers and 30.000 twitter followers who have done all a shitload for vtc but hey yeah lets make a new coin...
Jump to: