Looking for thought on Zerocoin
-
[quote name=“Bushstar” post=“29017” timestamp=“1380018762”]
The only concession I can think of is to give the transaction fees to the generator of the block and perhaps give a different coin as a reward. Is that completely nutty?
[/quote]Nope. Layered coins are all the rage.
-
[quote name=“Bushstar” post=“29017” timestamp=“1380018762”]
[quote author=Kevlar link=topic=3136.msg28982#msg28982 date=1379982591]
There’s a huge difference.#1, a human makes the decision at (mostly) random intervals, not every block.
#2, humans have to accept and download the updated client.
#3, if the developer goes awol, anyone can compile it themselves and take over the checkpointing process.With ACP, EVERY block at a height of top - 1 gets checkpointed. This ELIMINATES the consensus of the miners, and makes it a consensus of 1: Bushstar. No one can run the code Bushstar is running, because it’s not been released. No one can audit it, no one can verify it, no one can be the new consensus, because it’s proprietary. Miners can’t overrule the blockchain with a longer one any more, the clients listening to Bushstar will ignore it in favor of the shorter, checkpointed chain. This means that the protocol, which in Bitcoin states:
“Whatever chain is the longest is the most valid”
should just be changed to
“Whatever chain I saw first is the most valid”
If you know anything about how crypto-currencies are supposed to work, you would know that this completely eliminates their strongest point: Decentralization through protocol enforcement, and consensus via mining, AKA one cpu-cycle = one vote, as described in the original whitepaper.
So I ask you, which is better: Liberty Reserve, or Bitcoin? Because with ACP, Feathercoin is now a hybrid model of a public transaction log, but a private arbitrager of the consensus of that public transaction log… Kinda a LR crossed with BTC.
The frustrating part is you can (and other coins have) achieved the same level of protection as ACP promises WITHOUT ACP, WITHOUT centralization, WITHOUT a private arbitrager. But who cares about that, ACP FTW!!! It’s the same as manual checkpointing, only better!!! ???
[/quote]The checkpointing depth is set to 3 currently which may still be to low for some natural reorgs. As long as services require a few more than that then reversing transaction becomes difficult.
I was going to set the checkpoint depth to 1 but after getting CONSTRUCTIVE feedback from several people it was increased to 3.
How have these other coins got the same level of protection without just having a larger hashrate than attackers?
I can think of PoS which would break our inflation model, that is going to upset all those that have already heavily invested into Feathercoin. A 0% PoS has been suggested but I think that there needs to be some incentive for people to produce PoS blocks. The only concession I can think of is to give the transaction fees to the generator of the block and perhaps give a different coin as a reward. Is that completely nutty?
[/quote]So it looks like no one will weigh in on the Zerocoin solution because you’re all too busy nitpicking over details of ACP. It’s by far and away the most up-voted solution in the suggestion list with 90 votes compared to the next most popular one, merged mining with 26, but evidently protocol handlers are more important since those seem to be getting worked on.
The boat is in the process of leaving the dock as other coins rush to implement it. Will FTC be left behind? It’s starting to look that way, since it’s been months of discussion regarding this and zero visible progress has been made.
I am a disappoint.
-
It sounds like RS will have an anonymous coin solution by years end; however his past release dates have been 6-24 months off … so, there’s that.
I really hope the feather beats the others, because whoever puts it out first will be Gawd of all coins.
-
[quote name=“unkunku” post=“29384” timestamp=“1380313111”]
Maybe I should know, but who exactly is refered to as RS?
[/quote]RealSolid, owner of the MCXNow exchange, creator of SolidCoin, and the developer working on MicroCash.
-
[quote name=“unkunku” post=“29388” timestamp=“1380314763”]
Thank you, and very interesting.What I do not see however is an ETA for the arrival of Microcash? The features sound great though.
[/quote]In chat, he’s promoting a end of year release I believe.
-
I’ve tried asking RS (a few days ago) in chat about what “anonymous” is (in his coin) and if he’s implementing zerocoin protocol … but I’m no one and he wont’ answer me. :-\
-
[quote name=“Tuck Fheman” post=“29400” timestamp=“1380316862”]
I’ve tried asking RS (a few days ago) in chat about what “anonymous” is (in his coin) and if he’s implementing zerocoin protocol … but I’m no one and he wont’ answer me. :-\
[/quote]I’d be surprised if it was Zerocoin, but anything is possible. Much more likely is that it’s a built in coin mixer, since that’s pretty trivial to implement (see my github page, the BitMixr project) compared to Zerocoin.
-
[quote name=“unkunku” post=“29401” timestamp=“1380317312”]
Well, sounds fishy enough for me. Better wait with that SolidCoin buy ^^
[/quote]I’ve made a little trading SC in 2 days, so I can’t say anything bad about SC. ;)
I will admit I damn near became a bagholder today, but woke up to find some [s]poor sap[/s] savvy trader bought my [s]overpriced[/s] well priced SC order right before today’s tank. 8)
-
[quote name=“Kevlar” post=“29402” timestamp=“1380317462”]
I’d be surprised if it was Zerocoin, but anything is possible. Much more likely is that it’s a built in coin mixer, since that’s pretty trivial to implement (see my github page, the BitMixr project) compared to Zerocoin.
[/quote]I’m feeling lazy lately so I haven’t even read up on his coins that much, but I do enjoy trading them during the hyper-pumps on his exchange. I think he would be bragging about implementing zc (since he apparently likes to advertise) and since he’s not (from what I can tell), I’m going to have to agree with you.
If anyone knows what he’s using for “anonymity” please speak up. It could be he’s just using the word and doing nothing, since most assume you’re anonymous when using cryptocoins (as I did previously) not many would question his use of the word.
If I can drag myself away from trading tonight I’m going to try to find some more info.
Edit : Doh, thought this was in another thread. I did not mean to hijack this into a sc anon discussion. But, it is sort of relevant … so, yeah.
[b]So Kevlar, is the mixing solution just as good/better/worse than going with zerocoin?[/b]
-
[quote name=“Tuck Fheman” post=“29407” timestamp=“1380321480”]
[b]So Kevlar, is the mixing solution just as good/better/worse than going with zerocoin?[/b]
[/quote]It depends on your goal, and what you’re trying to achieve. Mixing introduces reasonable doubt and makes forensic analysis extremely difficult. It’s better than Zerocoin because it doesn’t require a protocol change, and a hard fork. It’s worse, because it doesn’t actually ELIMINATE taint and make forensic analysis impossible like Zerocoin does. If the mixer service gets hacked/compromised/raided, it’s still theoretically possible that some taint could be reconstructed. ‘Extremely difficult forensic analysis’ and ‘greatly diluted taint’ can be sufficient for anonymity, but it’s not the holy grail of perfect anonymity that Zerocoin is.
-
[quote name=“unkunku” post=“29414” timestamp=“1380325044”]
I don’t mean to fish for information, but just recently noticed the fine pumps in solidcoin.Would you maybe be willing to share some information regarding the price-movements? A simple comment as to where you feel a “cheap” price-tag of solidcoin would be greatly appreciated :)
[/quote]Can we take this to another thread please? This is supposed to be about Zerocoin.
-
[quote name=“Kevlar” post=“29415” timestamp=“1380325535”]
It depends on your goal, and what you’re trying to achieve.
[/quote]World domination of course.
[quote author=Kevlar link=topic=3136.msg29415#msg29415 date=1380325535]
‘Extremely difficult forensic analysis’ and ‘greatly diluted taint’ can be sufficient for anonymity, but it’s not the holy grail of perfect anonymity that Zerocoin is.
[/quote]It’s never easy. :-\
-
[img]http://b-i.forbesimg.com/andygreenberg/files/2013/04/Screen-Shot-2013-04-12-at-2.16.44-AM.png[/img]
Old article to re-bring up some points on ZC …
[quote]“You can feel like you’re private using Bitcoin, but there are going to be companies like Google and Facebook and [Google-owned ad firm] DoubleClick looking at the data and pulling personal information out of it. There may be already,†says Green. “It’s not wrong to be paranoid about privacy when it comes to Bitcoin.â€[/quote]
[quote]Zerocoin is designed to offer the same privacy and untraceability properties as one of those laundry services, but without the need to trust any potentially shady entity; As with Bitcoin, the user would only have to trust the currency system itself.[/quote]
[quote]In fact, you can think of Zerocoin like the world’s biggest laundry â€" one that can handle millions of users, has no trusted party, and can’t be compromised,â€
[/quote]
[quote]But until it’s integrated into the Bitcoin protocol, Zerocoin would require third-party services to act as issuers of its anonymizing tokens, introducing some of the same trust problems that currently exist with laundry services.[/quote]
^ Can anyone elaborate? (or if you have previously, please link me to the post).[quote]If Zerocoin is implemented, it could lead to questions about the ethical and societal implications of truly untraceable digital payments. Anarchists and libertarians have long dreamed of perfect payment privacy as a means to avoid taxes, thwart laws and even destroy the government.[/quote]
[quote]“But privacy is important. And people have a right to it.â€[/quote]
[url=http://www.forbes.com/sites/andygreenberg/2013/04/12/zerocoin-add-on-for-bitcoin-could-make-it-truly-anonymous-and-untraceable/]http://www.forbes.com/sites/andygreenberg/2013/04/12/zerocoin-add-on-for-bitcoin-could-make-it-truly-anonymous-and-untraceable/[/url]
-
[quote name=“Tuck Fheman” post=“29420” timestamp=“1380330099”]
[quote]But until it’s integrated into the Bitcoin protocol, Zerocoin would require third-party services to act as issuers of its anonymizing tokens, introducing some of the same trust problems that currently exist with laundry services.[/quote]
^ Can anyone elaborate? (or if you have previously, please link me to the post).
[/quote]Because an in-blockchain implementation would require a hard fork, one proposed solution is to run a mixing service that issues Zerocoin claim checks, thus allowing for anonymization when using the service, so if the mixing service got hacked/raided by the police/compromised, they still couldn’t tie anything back to it’s users.
This is just an upgraded mixing service, and still suffers from the same problem as all other mixing services as I mentioned before including centralization, but it does so while guarantee anonymity for it’s customers, which is at least a step in the right direction.
-
Sorry if this has been brought up previously and I missed it. I just came across this on the ANC thread since Kevlar mentioned them awhile back.
[quote]Zerocoin as currently implemented requires configuration with a trusted non-secret integer of 1,026 bits in length generated by multiplying together two factors p and q. That means you need a “trusted party” to configure Zerocoin; more importantly, if this trusted party decides to hold on to the p and q factors they used (rather than destroying them) or shares them with anybody, then they will be able to double spend any zerocoins. This is a fatal flaw if we wish Zerocoin to operate in a zero-trust manner.[/quote]
[url=https://bitcointalk.org/index.php?topic=227287.msg3194770#msg3194770]https://bitcointalk.org/index.php?topic=227287.msg3194770#msg3194770[/url]
So, it’s going to be awhile I assume before this issue is solved and until then there’s no point moving forward with zerocoin outside of research(?).
-
[quote name=“Tuck Fheman” post=“29569” timestamp=“1380420857”]
Sorry if this has been brought up previously and I missed it. I just came across this on the ANC thread since Kevlar mentioned them awhile back.[quote]Zerocoin as currently implemented requires configuration with a trusted non-secret integer of 1,026 bits in length generated by multiplying together two factors p and q. That means you need a “trusted party” to configure Zerocoin; more importantly, if this trusted party decides to hold on to the p and q factors they used (rather than destroying them) or shares them with anybody, then they will be able to double spend any zerocoins. This is a fatal flaw if we wish Zerocoin to operate in a zero-trust manner.[/quote]
[url=https://bitcointalk.org/index.php?topic=227287.msg3194770#msg3194770]https://bitcointalk.org/index.php?topic=227287.msg3194770#msg3194770[/url]
So, it’s going to be awhile I assume before this issue is solved and until then there’s no point moving forward with zerocoin outside of research(?).
[/quote]No, there’s solutions in existence for this now. You can do a secure multi-party computation to set this up correctly and prove that it was done so using a deterministic computation proof. The much more troubling part is the size of the ZKP since it goes in the blockchain, and the time it takes to compute it (hint: it’s not trivial). We’re still working on that one.
-
[quote name=“Kevlar” post=“29574” timestamp=“1380426315”]
and the time it takes to compute it (hint: it’s not trivial).
[/quote]How long does it take currently?
-
[quote name=“Tuck Fheman” post=“29731” timestamp=“1380482222”]
[quote author=Kevlar link=topic=3136.msg29574#msg29574 date=1380426315]
and the time it takes to compute it (hint: it’s not trivial).
[/quote]How long does it take currently?
[/quote]On my pathetic i5? About 10 seconds. Per proof. This is compared to the milliseconds it takes to verify a block in the blockchain. This isn’t so bad when I just want to verify my own coins, but when it’s everyone elses too… this doesn’t scale at all.
-
[quote name=“coblee” post=“30475” timestamp=“1381035043”]
[quote author=ghostlander link=topic=3136.msg29002#msg29002 date=1380002553]
By the way, the tool Coblee uses for sending network alerts seems proprietary. I don’t see you very upset about that.
[/quote]Here’s the tool if you are interested: https://gist.github.com/gavinandresen/1481736
Some modification was need for 0.8. Let me know if anyone needs help with it.
[/quote]Thanks. We have merged Sunny’s code as it’s more flexible.
[url=https://github.com/FeatherCoin/FeatherCoin/commit/249d5b765bf9a2b560beadf884482c634dff13b2]sendalert command added[/url]
[url=https://github.com/FeatherCoin/FeatherCoin/commit/2e89b327a4518e2fd32ca80cc444fb3747f9c6e4]Updated Sendalert - Kudos to Sunny King[/url]