From iang@iang.org Fri Jul 6 02:37:18 2018 From: ianG To: cypherpunks-legacy@lists.cpunks.org Subject: [cryptography] an untraceability extension to Bitcoin using a combination of digital commitments, one-way accumulators and zero-knowledge proofs, Date: Fri, 06 Jul 2018 02:37:18 +0000 Message-ID: <172289284637.3881296.12782910351291582551.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4867228063195237210==" --===============4867228063195237210== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Steve Bellovin posted this on another list, hattip to him. http://www.forbes.com/sites/andygreenberg/2013/04/12/zerocoin-add-on-for-bitc= oin-could-make-it-truly-anonymous-and-untraceable/ For those following Bitcoin this is news. Matthew Green writes: For those who just want the TL;DR, here it is: Zerocoin is a new cryptographic extension to Bitcoin that (if adopted)=20 would bring true cryptographic anonymity to Bitcoin. It works at the=20 protocol level and doesn't require new trusted parties or services. With=20 some engineering, it might (someday) turn Bitcoin into a completely=20 untraceable, anonymous electronic currency. http://blog.cryptographyengineering.com/2013/04/zerocoin-making-bitcoin-anony= mous.html (iang adds:) Bitcoin is psuedonymous but traceable, which is to say that all =20 transactions are traceable from identity to identity, but those identities=20 are psuedonyms, being (hashes of) public keys. This is pretty weak. In=20 contrast, Chaumian blinding was untraceable but typically identified=20 according to an issuer's regime. Because Chaumian mathematics required a=20 mint, this devolved to trusted/identified, so again not as strong as some=20 hoped. Bitcoin fixed this 'flaw' by decorporating the mint into an algorithm. =20 This suggests a new axis of distributed. But Bitcoin lost the =20 untraceability in the process, thus rendering it a rather ridiculous =20 attempt at privacy, as the entire graph was on display. Bitcoin is more =20 or less worse at privacy than Chaumian cash ever was. The holy grail in Chaumian times was untraceable & unidentifiable, to =20 which Bitcoin added distributed. This paper by Miers, Garman, Green & =20 Rubin suggests untraceable & psuedonymous & distributed is possible: http://spar.isi.jhu.edu/~mgreen/ZerocoinOakland.pdf (I haven't as yet read the paper so there may be killer details in there.) iang _______________________________________________ cryptography mailing list cryptography(a)randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============4867228063195237210==--