[Cryptography] Bitcoin theft and the future of cryptocurrencies

grarpamp grarpamp at gmail.com
Mon Dec 25 20:03:53 PST 2017


On Mon, Dec 25, 2017 at 6:50 PM, Howard Chu <hyc at symas.com> wrote:
>> https://z.cash/ shows near term updates coming that significantly
>> raise performance.

Specifically sapling, which incorporates performance,
2nd ceremony, other updates.

This list should really be quite interested in reviewing sapling's
new choice of curves, eg at minimum somewhat rigorous
methodology like...
https://safecurves.cr.yp.to/

> Lots of promises, very little delivery thus far. Their github issue tracker
> looks like a disaster area.

No different than many other coins, with technology
and demands of the space advancing every quarter,
to which people should be well accustomed to this
as standard nature by now. Same for "volatility".

> Zerocash does no such thing.
> https://btcmanager.com/linkability-zcash-transactions-study-precipitates-debate-opt-privacy/

More media and crap rhetoric from competing coin rivalry.
Of course t-tx are not private, by design. Use z-tx to z-tx if privacy
is wanted.
Of course private z-tx make up only 20%, because t-tx is default,
what do you expect, and users are both stupid and haven't been trained
by those who might know (this list perhaps) into using privacy properly.
The available pool of z coins is similarly limited as a result.
The tin says t-tx and z-tx options exist so user can choose transparent
or private use cases as needed.
Nor do any coins generally implement options for random time delays
between tx, which has unfortunately or not been the realm of swaps
and their counterparty risk and fees.
Whose fault is it that services and users elect not to use z-tx?
Maybe they are not interested that privacy often comes with
cost, even computational cost, so what side are they truly on?
Will they change with sapling, or with future better coins?
'Shiny new maths'... isn't that the realm of this list?

Even a read of the abstract shows as flaws in user usage,
*not* an exploit of the coin itself.
Should a coin baby and encode user usage?
To what extent does babying correct the combined user failure?
Should they have options for distributing coins to addresses in
powers of 10 with sub-penny remainders being sent to charity of
choice? Or for a function mandating z output different amounts?
Decide that and more and bring the results to market.

Here's the actual paper...

On the linkability of Zcash transactions
Jeffrey Quesnelle University of Michigan-Dearborn
https://arxiv.org/pdf/1712.01210.pdf

Are any of these things really not documented or out in
common knowledge to the point of being exploits?

> And coinjoin was already demonstrably broken over a year ago.

Coinjoin, Monero, swaps... all just mixes.
Zerocash... cryptographic privacy.
Two totally different analysis vectors.

Formerly linked...
Zerocash... at least sender recipient amount,
expect future coins to get more exotic
with more functions under privacy.
Zerocoin... partial cryptographic privacy.

And now some searches on
zk-snark vs zk-stark
https://www.youtube.com/watch?v=HJ9K_o-RRSY
https://youtu.be/kYmnXxs9kUM
https://eccc.weizmann.ac.il/report/2017/134/

And proof / tx sizes have to be low enough to offer
viable benefit compared to BTC's on-disk accumulation.
Monero is quite a lot larger than anything to date.

PQ...
https://github.com/zcash/zcash/issues/805
https://github.com/zcash/zcash/issues/2527

Perhaps expect a new coin before long that will be strictly
sapling "z" - sn / st with an interesting airdrop little to no
founder reward or corporate ties and other nice things.

That's the beauty of the new cryptocurrency model, right?...
fork away from flaws and inefficiencies, import new tech,
exchange and move on. Even exchange fees and
user-timing-market realization losses are less than
fabled tax optioning right?

Search also...
Ethereum Metropolis
Monero adopting zk-tech
https://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Proof%20Systems/The_Knowledge_Complexity_Of_Interactive_Proof_Systems.pdf

"The founder’s reward does not only seem somehow greedy. It violates
the important principle of cryptocurrencies, that the network pays its
peers for work than can be proven on-chain. The Zcash tax is paid for
the developers regardless of the amount of work that they do. The
blockchain cannot proof the effort of developers and thus should not
pay for it."

"Fungibility is lost under optional encryption."

"Zcash ""plans"" to kill off t-tx."

"Kovri to make the offering complete by masking IP addresses"

Early days... so much future!


More information about the cypherpunks mailing list