Looking for thought on Zerocoin

Tuck Fheman

[quote name=“Kevlar” post=“28947” timestamp=“1379955854”]
You wouldn’t be the first person to suggest it, although I’ve not been formally diagnosed.
[/quote]

Me either, but I flunk the online test every time I take it. There’s a guy who runs the PostSatire blog on Tumblr and he cracks me up too. Turns out, he has Asperger’s. You can almost see it in the thought process online. ;)

Anywho, zerocoin protocol. I wish I could do more than spell it and bring it up on occasion to help get it implemented in Feather. I’m relying on you smart guys to come up with a solution. I’m more than willing to test any builds.

Kevlar

[quote name=“Tuck Fheman” post=“28970” timestamp=“1379971982”]
[quote author=Kevlar link=topic=3136.msg28947#msg28947 date=1379955854]
You wouldn’t be the first person to suggest it, although I’ve not been formally diagnosed.
[/quote]

Me either, but I flunk the online test every time I take it. There’s a guy who runs the PostSatire blog on Tumblr and he cracks me up too. Turns out, he has Asperger’s. You can almost see it in the thought process online. ;)

Anywho, zerocoin protocol. I wish I could do more than spell it and bring it up on occasion to help get it implemented in Feather. I’m relying on you smart guys to come up with a solution. I’m more than willing to test any builds.
[/quote]

Well I’ve tried to outline the initial set of problems that need resolving:
1. To hard fork, or to centralize.
2. To implement as compulsory, or as an optional feature.

I’d like to see those addressed, and a consensus reached, since those two items will entirely inform the technical implementation.

Kevlar

[quote name=“erk” post=“28975” timestamp=“1379976399”]
Just read the zero coin paper, it sounds like a useful feature. I think it would be worth including.
[/quote]

I’ve not actually heard a good reason NOT to implement it, besides “There’s other priorities”.

The question being asked is HOW to implement it.

Kevlar

[quote name=“erk” post=“28981” timestamp=“1379981695”]
[quote author=Bushstar link=topic=3136.msg28784#msg28784 date=1379798985]
Lot’s of people were not happy, including myself. It is not where I expected us to be going but now that we have it I am glad as I do not feel the weight of potential 51% attacks any more. We responded to the pressures we faced at the time and can lead the way for other coins who face such hostile attacks. Those attacks put clouds over us and it seemed like really dark times.

They are behind us now and we are finally down to 10 confirms on BTC-e after I spoke to the dev and explained our ACP. What we can do now is earnestly focus on the future and the things that we all really want to see.
[/quote] Just a small note on ACP, (sorry just started reading this thread today) I don’t see ACP as any different to the dev doing an update to the source with fresh checkpoints, a process which is entirely centralized for all coins that support checkpoints! All ACP does is eliminate the task of compiling the modified source or downloading an updated binary. What would be nice to see is a check box or feathercoin.conf setting to disable ACP, this is purely for psychological and debug reasons, as most people would choose to leave ACP enabled.
[/quote]

There’s a huge difference.

#1, a human makes the decision at (mostly) random intervals, not every block.
#2, humans have to accept and download the updated client.
#3, if the developer goes awol, anyone can compile it themselves and take over the checkpointing process.

With ACP, EVERY block at a height of top - 1 gets checkpointed. This ELIMINATES the consensus of the miners, and makes it a consensus of 1: Bushstar. No one can run the code Bushstar is running, because it’s not been released. No one can audit it, no one can verify it, no one can be the new consensus, because it’s proprietary. Miners can’t overrule the blockchain with a longer one any more, the clients listening to Bushstar will ignore it in favor of the shorter, checkpointed chain. This means that the protocol, which in Bitcoin states:

“Whatever chain is the longest is the most valid”

should just be changed to

“Whatever chain I saw first is the most valid”

If you know anything about how crypto-currencies are supposed to work, you would know that this completely eliminates their strongest point: Decentralization through protocol enforcement, and consensus via mining, AKA one cpu-cycle = one vote, as described in the original whitepaper.

So I ask you, which is better: Liberty Reserve, or Bitcoin? Because with ACP, Feathercoin is now a hybrid model of a public transaction log, but a private arbitrager of the consensus of that public transaction log… Kinda a LR crossed with BTC.

The frustrating part is you can (and other coins have) achieved the same level of protection as ACP promises WITHOUT ACP, WITHOUT centralization, WITHOUT a private arbitrager. But who cares about that, ACP FTW!!! It’s the same as manual checkpointing, only better!!! ???

Tuck Fheman

[quote name=“Kevlar” post=“28971” timestamp=“1379972461”]
Well I’ve tried to outline the initial set of problems that need resolving:
1. To hard fork, [s]or to centralize.[/s]
2. To implement [s]as compulsory, or[/s] as an optional feature.

I’d like to see those addressed, and a consensus reached, since those two items will entirely inform the technical implementation.
[/quote]

ghostlander

[quote name=“Kevlar” post=“28982” timestamp=“1379982591”]
With ACP, EVERY block at a height of top - 1 gets checkpointed.[/quote]

It is at a top height - 3 blocks currently.

[quote author=Kevlar link=topic=3136.msg28982#msg28982 date=1379982591]
This ELIMINATES the consensus of the miners, and makes it a consensus of 1: Bushstar. No one can run the code Bushstar is running, because it’s not been released. No one can audit it, no one can verify it, no one can be the new consensus, because it’s proprietary. Miners can’t overrule the blockchain with a longer one any more, the clients listening to Bushstar will ignore it in favor of the shorter, checkpointed chain.[/quote]

This is nonsense. All the code needed to set up a master node to checkpoint blocks and send alerts is built into the client and available at GitHub. There is no special proprietary version of the client for that purpose. You can set up a master node of your own and release a client with your public keys compiled in. That’s a good question who will download it and subscribe to your checkpoints though.

By the way, the tool Coblee uses for sending network alerts seems proprietary. I don’t see you very upset about that.

Bushstar

[quote name=“Kevlar” post=“28982” timestamp=“1379982591”]
There’s a huge difference.

#1, a human makes the decision at (mostly) random intervals, not every block.
#2, humans have to accept and download the updated client.
#3, if the developer goes awol, anyone can compile it themselves and take over the checkpointing process.

With ACP, EVERY block at a height of top - 1 gets checkpointed. This ELIMINATES the consensus of the miners, and makes it a consensus of 1: Bushstar. No one can run the code Bushstar is running, because it’s not been released. No one can audit it, no one can verify it, no one can be the new consensus, because it’s proprietary. Miners can’t overrule the blockchain with a longer one any more, the clients listening to Bushstar will ignore it in favor of the shorter, checkpointed chain. This means that the protocol, which in Bitcoin states:

“Whatever chain is the longest is the most valid”

should just be changed to

“Whatever chain I saw first is the most valid”

If you know anything about how crypto-currencies are supposed to work, you would know that this completely eliminates their strongest point: Decentralization through protocol enforcement, and consensus via mining, AKA one cpu-cycle = one vote, as described in the original whitepaper.

So I ask you, which is better: Liberty Reserve, or Bitcoin? Because with ACP, Feathercoin is now a hybrid model of a public transaction log, but a private arbitrager of the consensus of that public transaction log… Kinda a LR crossed with BTC.

The frustrating part is you can (and other coins have) achieved the same level of protection as ACP promises WITHOUT ACP, WITHOUT centralization, WITHOUT a private arbitrager. But who cares about that, ACP FTW!!! It’s the same as manual checkpointing, only better!!! ???
[/quote]

The checkpointing depth is set to 3 currently which may still be to low for some natural reorgs. As long as services require a few more than that then reversing transaction becomes difficult.

I was going to set the checkpoint depth to 1 but after getting CONSTRUCTIVE feedback from several people it was increased to 3.

How have these other coins got the same level of protection without just having a larger hashrate than attackers?

I can think of PoS which would break our inflation model, that is going to upset all those that have already heavily invested into Feathercoin. A 0% PoS has been suggested but I think that there needs to be some incentive for people to produce PoS blocks. The only concession I can think of is to give the transaction fees to the generator of the block and perhaps give a different coin as a reward. Is that completely nutty?

Tuck Fheman

[quote name=“Bushstar” post=“29017” timestamp=“1380018762”]
The only concession I can think of is to give the transaction fees to the generator of the block and perhaps give a different coin as a reward. Is that completely nutty?
[/quote]

Nope. Layered coins are all the rage.

Kevlar

[quote name=“Bushstar” post=“29017” timestamp=“1380018762”]
[quote author=Kevlar link=topic=3136.msg28982#msg28982 date=1379982591]
There’s a huge difference.

#1, a human makes the decision at (mostly) random intervals, not every block.
#2, humans have to accept and download the updated client.
#3, if the developer goes awol, anyone can compile it themselves and take over the checkpointing process.

With ACP, EVERY block at a height of top - 1 gets checkpointed. This ELIMINATES the consensus of the miners, and makes it a consensus of 1: Bushstar. No one can run the code Bushstar is running, because it’s not been released. No one can audit it, no one can verify it, no one can be the new consensus, because it’s proprietary. Miners can’t overrule the blockchain with a longer one any more, the clients listening to Bushstar will ignore it in favor of the shorter, checkpointed chain. This means that the protocol, which in Bitcoin states:

“Whatever chain is the longest is the most valid”

should just be changed to

“Whatever chain I saw first is the most valid”

If you know anything about how crypto-currencies are supposed to work, you would know that this completely eliminates their strongest point: Decentralization through protocol enforcement, and consensus via mining, AKA one cpu-cycle = one vote, as described in the original whitepaper.

So I ask you, which is better: Liberty Reserve, or Bitcoin? Because with ACP, Feathercoin is now a hybrid model of a public transaction log, but a private arbitrager of the consensus of that public transaction log… Kinda a LR crossed with BTC.

The frustrating part is you can (and other coins have) achieved the same level of protection as ACP promises WITHOUT ACP, WITHOUT centralization, WITHOUT a private arbitrager. But who cares about that, ACP FTW!!! It’s the same as manual checkpointing, only better!!! ???
[/quote]

The checkpointing depth is set to 3 currently which may still be to low for some natural reorgs. As long as services require a few more than that then reversing transaction becomes difficult.

I was going to set the checkpoint depth to 1 but after getting CONSTRUCTIVE feedback from several people it was increased to 3.

How have these other coins got the same level of protection without just having a larger hashrate than attackers?

I can think of PoS which would break our inflation model, that is going to upset all those that have already heavily invested into Feathercoin. A 0% PoS has been suggested but I think that there needs to be some incentive for people to produce PoS blocks. The only concession I can think of is to give the transaction fees to the generator of the block and perhaps give a different coin as a reward. Is that completely nutty?
[/quote]

So it looks like no one will weigh in on the Zerocoin solution because you’re all too busy nitpicking over details of ACP. It’s by far and away the most up-voted solution in the suggestion list with 90 votes compared to the next most popular one, merged mining with 26, but evidently protocol handlers are more important since those seem to be getting worked on.

The boat is in the process of leaving the dock as other coins rush to implement it. Will FTC be left behind? It’s starting to look that way, since it’s been months of discussion regarding this and zero visible progress has been made.

I am a disappoint.

Tuck Fheman

It sounds like RS will have an anonymous coin solution by years end; however his past release dates have been 6-24 months off … so, there’s that.

I really hope the feather beats the others, because whoever puts it out first will be Gawd of all coins.

Kevlar

[quote name=“unkunku” post=“29384” timestamp=“1380313111”]
Maybe I should know, but who exactly is refered to as RS?
[/quote]

RealSolid, owner of the MCXNow exchange, creator of SolidCoin, and the developer working on MicroCash.

Tuck Fheman

[quote name=“unkunku” post=“29388” timestamp=“1380314763”]
Thank you, and very interesting.

What I do not see however is an ETA for the arrival of Microcash? The features sound great though.
[/quote]

In chat, he’s promoting a end of year release I believe.

Tuck Fheman

I’ve tried asking RS (a few days ago) in chat about what “anonymous” is (in his coin) and if he’s implementing zerocoin protocol … but I’m no one and he wont’ answer me. :-\

Kevlar

[quote name=“Tuck Fheman” post=“29400” timestamp=“1380316862”]
I’ve tried asking RS (a few days ago) in chat about what “anonymous” is (in his coin) and if he’s implementing zerocoin protocol … but I’m no one and he wont’ answer me. :-\
[/quote]

I’d be surprised if it was Zerocoin, but anything is possible. Much more likely is that it’s a built in coin mixer, since that’s pretty trivial to implement (see my github page, the BitMixr project) compared to Zerocoin.

Tuck Fheman

[quote name=“unkunku” post=“29401” timestamp=“1380317312”]
Well, sounds fishy enough for me. Better wait with that SolidCoin buy ^^
[/quote]

I’ve made a little trading SC in 2 days, so I can’t say anything bad about SC. ;)

I will admit I damn near became a bagholder today, but woke up to find some [s]poor sap[/s] savvy trader bought my [s]overpriced[/s] well priced SC order right before today’s tank. 8)

Tuck Fheman

[quote name=“Kevlar” post=“29402” timestamp=“1380317462”]
I’d be surprised if it was Zerocoin, but anything is possible. Much more likely is that it’s a built in coin mixer, since that’s pretty trivial to implement (see my github page, the BitMixr project) compared to Zerocoin.
[/quote]

I’m feeling lazy lately so I haven’t even read up on his coins that much, but I do enjoy trading them during the hyper-pumps on his exchange. I think he would be bragging about implementing zc (since he apparently likes to advertise) and since he’s not (from what I can tell), I’m going to have to agree with you.

If anyone knows what he’s using for “anonymity” please speak up. It could be he’s just using the word and doing nothing, since most assume you’re anonymous when using cryptocoins (as I did previously) not many would question his use of the word.

If I can drag myself away from trading tonight I’m going to try to find some more info.

Edit : Doh, thought this was in another thread. I did not mean to hijack this into a sc anon discussion. But, it is sort of relevant … so, yeah.

[b]So Kevlar, is the mixing solution just as good/better/worse than going with zerocoin?[/b]

Kevlar

[quote name=“Tuck Fheman” post=“29407” timestamp=“1380321480”]
[b]So Kevlar, is the mixing solution just as good/better/worse than going with zerocoin?[/b]
[/quote]

It depends on your goal, and what you’re trying to achieve. Mixing introduces reasonable doubt and makes forensic analysis extremely difficult. It’s better than Zerocoin because it doesn’t require a protocol change, and a hard fork. It’s worse, because it doesn’t actually ELIMINATE taint and make forensic analysis impossible like Zerocoin does. If the mixer service gets hacked/compromised/raided, it’s still theoretically possible that some taint could be reconstructed. ‘Extremely difficult forensic analysis’ and ‘greatly diluted taint’ can be sufficient for anonymity, but it’s not the holy grail of perfect anonymity that Zerocoin is.

Kevlar

[quote name=“unkunku” post=“29414” timestamp=“1380325044”]
I don’t mean to fish for information, but just recently noticed the fine pumps in solidcoin.

Would you maybe be willing to share some information regarding the price-movements? A simple comment as to where you feel a “cheap” price-tag of solidcoin would be greatly appreciated :)
[/quote]

Can we take this to another thread please? This is supposed to be about Zerocoin.

Tuck Fheman

[quote name=“Kevlar” post=“29415” timestamp=“1380325535”]
It depends on your goal, and what you’re trying to achieve.
[/quote]

World domination of course.

[quote author=Kevlar link=topic=3136.msg29415#msg29415 date=1380325535]
‘Extremely difficult forensic analysis’ and ‘greatly diluted taint’ can be sufficient for anonymity, but it’s not the holy grail of perfect anonymity that Zerocoin is.
[/quote]

It’s never easy. :-\

Tuck Fheman

[img]http://b-i.forbesimg.com/andygreenberg/files/2013/04/Screen-Shot-2013-04-12-at-2.16.44-AM.png[/img]

Old article to re-bring up some points on ZC …

[quote]“You can feel like you’re private using Bitcoin, but there are going to be companies like Google and Facebook and [Google-owned ad firm] DoubleClick looking at the data and pulling personal information out of it. There may be already,” says Green. “It’s not wrong to be paranoid about privacy when it comes to Bitcoin.”[/quote]
[quote]Zerocoin is designed to offer the same privacy and untraceability properties as one of those laundry services, but without the need to trust any potentially shady entity; As with Bitcoin, the user would only have to trust the currency system itself.[/quote]
[quote]In fact, you can think of Zerocoin like the world’s biggest laundry â€" one that can handle millions of users, has no trusted party, and can’t be compromised,”
[/quote]
[quote]But until it’s integrated into the Bitcoin protocol, Zerocoin would require third-party services to act as issuers of its anonymizing tokens, introducing some of the same trust problems that currently exist with laundry services.[/quote]
^ Can anyone elaborate? (or if you have previously, please link me to the post).

[quote]If Zerocoin is implemented, it could lead to questions about the ethical and societal implications of truly untraceable digital payments. Anarchists and libertarians have long dreamed of perfect payment privacy as a means to avoid taxes, thwart laws and even destroy the government.[/quote]

[quote]“But privacy is important. And people have a right to it.”[/quote]

[url=http://www.forbes.com/sites/andygreenberg/2013/04/12/zerocoin-add-on-for-bitcoin-could-make-it-truly-anonymous-and-untraceable/]http://www.forbes.com/sites/andygreenberg/2013/04/12/zerocoin-add-on-for-bitcoin-could-make-it-truly-anonymous-and-untraceable/[/url]