Good afternoon mailing list subscribers! Good afternoon Mr. Green! First, I'd like to ask pardon if my question is not particularly bright - I am not a professional cryptographer, so I might be missing something very obvious. I have recently read the Zerocoin paper which describes a very interesting enhanced anonymity solution for bitcoin-like "blockchain based" cryptocurrencies ( those unfamiliar can check it out here http://spar.isi.jhu.edu/~mgreen/ZerocoinOakland.pdf ) The paper specifically states that "While we were not able to find an analogue of our scheme using alternative components, it is possible that further research will lead to other solutions. Ideally such an improvement could produce a drop-in replacement for our existing implementation" However, I've come across an alternative cryptographic accumulator that does not require trusted setup, the Lipmaa Euclidean Rings based design. ( http://www.cs.ut.ee/~lipmaa/papers/lip12b/cl-accum.pdf )

From my superficial assessment, it appears fitting for a zerocoin like design, but I find it quite likely that I am missing the obvious.

The question thus is: what exactly prevents Lipmaa accumulator from being used as aforementioned drop-in replacement ? Thank you very much in advance. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE