On Mon, Dec 25, 2017 at 6:50 PM, Howard Chu <hyc@symas.com> wrote:

...

https://z.cash/ shows near term updates coming that significantly raise performance.

Specifically sapling, which incorporates performance, 2nd ceremony, other updates. This list should really be quite interested in reviewing sapling's new choice of curves, eg at minimum somewhat rigorous methodology like... https://safecurves.cr.yp.to/

Lots of promises, very little delivery thus far. Their github issue tracker looks like a disaster area.

No different than many other coins, with technology and demands of the space advancing every quarter, to which people should be well accustomed to this as standard nature by now. Same for "volatility".

Zerocash does no such thing. https://btcmanager.com/linkability-zcash-transactions-study-precipitates-deb...

More media and crap rhetoric from competing coin rivalry. Of course t-tx are not private, by design. Use z-tx to z-tx if privacy is wanted. Of course private z-tx make up only 20%, because t-tx is default, what do you expect, and users are both stupid and haven't been trained by those who might know (this list perhaps) into using privacy properly. The available pool of z coins is similarly limited as a result. The tin says t-tx and z-tx options exist so user can choose transparent or private use cases as needed. Nor do any coins generally implement options for random time delays between tx, which has unfortunately or not been the realm of swaps and their counterparty risk and fees. Whose fault is it that services and users elect not to use z-tx? Maybe they are not interested that privacy often comes with cost, even computational cost, so what side are they truly on? Will they change with sapling, or with future better coins? 'Shiny new maths'... isn't that the realm of this list? Even a read of the abstract shows as flaws in user usage, *not* an exploit of the coin itself. Should a coin baby and encode user usage? To what extent does babying correct the combined user failure? Should they have options for distributing coins to addresses in powers of 10 with sub-penny remainders being sent to charity of choice? Or for a function mandating z output different amounts? Decide that and more and bring the results to market. Here's the actual paper... On the linkability of Zcash transactions Jeffrey Quesnelle University of Michigan-Dearborn https://arxiv.org/pdf/1712.01210.pdf Are any of these things really not documented or out in common knowledge to the point of being exploits?

And coinjoin was already demonstrably broken over a year ago.

Coinjoin, Monero, swaps... all just mixes. Zerocash... cryptographic privacy. Two totally different analysis vectors. Formerly linked... Zerocash... at least sender recipient amount, expect future coins to get more exotic with more functions under privacy. Zerocoin... partial cryptographic privacy. And now some searches on zk-snark vs zk-stark https://www.youtube.com/watch?v=HJ9K_o-RRSY https://youtu.be/kYmnXxs9kUM https://eccc.weizmann.ac.il/report/2017/134/ And proof / tx sizes have to be low enough to offer viable benefit compared to BTC's on-disk accumulation. Monero is quite a lot larger than anything to date. PQ... https://github.com/zcash/zcash/issues/805 https://github.com/zcash/zcash/issues/2527 Perhaps expect a new coin before long that will be strictly sapling "z" - sn / st with an interesting airdrop little to no founder reward or corporate ties and other nice things. That's the beauty of the new cryptocurrency model, right?... fork away from flaws and inefficiencies, import new tech, exchange and move on. Even exchange fees and user-timing-market realization losses are less than fabled tax optioning right? Search also... Ethereum Metropolis Monero adopting zk-tech https://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Proof%20S... "The founder’s reward does not only seem somehow greedy. It violates the important principle of cryptocurrencies, that the network pays its peers for work than can be proven on-chain. The Zcash tax is paid for the developers regardless of the amount of work that they do. The blockchain cannot proof the effort of developers and thus should not pay for it." "Fungibility is lost under optional encryption." "Zcash ""plans"" to kill off t-tx." "Kovri to make the offering complete by masking IP addresses" Early days... so much future!