[cryptography] an untraceability extension to Bitcoin using a combination of digital commitments, one-way accumulators and zero-knowledge proofs,

ianG iang at iang.org
Fri Apr 12 15:40:36 PDT 2013 

Steve Bellovin posted this on another list, hattip to him.

http://www.forbes.com/sites/andygreenberg/2013/04/12/zerocoin-add-on-for-bitcoin-could-make-it-truly-anonymous-and-untraceable/

For those following Bitcoin this is news.  Matthew Green writes:

    For those who just want the TL;DR, here it is:

Zerocoin is a new cryptographic extension to Bitcoin that (if adopted) 
would bring true cryptographic anonymity to Bitcoin. It works at the 
protocol level and doesn't require new trusted parties or services. With 
some engineering, it might (someday) turn Bitcoin into a completely 
untraceable, anonymous electronic currency.

http://blog.cryptographyengineering.com/2013/04/zerocoin-making-bitcoin-anonymous.html



(iang adds:)

Bitcoin is psuedonymous but traceable, which is to say that all  
transactions are traceable from identity to identity, but those identities 
are psuedonyms, being (hashes of) public keys.  This is pretty weak.  In 
contrast, Chaumian blinding was untraceable but typically identified 
according to an issuer's regime.  Because Chaumian mathematics required a 
mint, this devolved to trusted/identified, so again not as strong as some 
hoped.

Bitcoin fixed this 'flaw' by decorporating the mint into an algorithm.  
This suggests a new axis of distributed.  But  Bitcoin lost the  
untraceability in the process, thus rendering it a rather ridiculous  
attempt at privacy, as the entire graph was on display.  Bitcoin is more  
or less worse at privacy than Chaumian cash ever was.

The holy grail in Chaumian times was untraceable & unidentifiable, to  
which Bitcoin added distributed.  This paper by Miers, Garman, Green &  
Rubin suggests untraceable & psuedonymous & distributed is possible:

http://spar.isi.jhu.edu/~mgreen/ZerocoinOakland.pdf

(I haven't as yet read the paper so there may be killer details in there.)


iang
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list