[Cryptography] Bitcoin theft and the future of cryptocurrencies

Howard Chu hyc at symas.com
Wed Dec 27 16:28:48 EST 2017 

grarpamp wrote:
> On Mon, Dec 25, 2017 at 6:50 PM, Howard Chu <hyc at symas.com> wrote:
>>> https://z.cash/ shows near term updates coming that significantly
>>> raise performance.
> 
> Specifically sapling, which incorporates performance,
> 2nd ceremony, other updates.
> 
> This list should really be quite interested in reviewing sapling's
> new choice of curves, eg at minimum somewhat rigorous
> methodology like...
> https://safecurves.cr.yp.to/
> 
>> Lots of promises, very little delivery thus far. Their github issue tracker
>> looks like a disaster area.
> 
> No different than many other coins, with technology
> and demands of the space advancing every quarter,
> to which people should be well accustomed to this
> as standard nature by now. Same for "volatility".
> 
>> Zerocash does no such thing.
>> https://btcmanager.com/linkability-zcash-transactions-study-precipitates-debate-opt-privacy/
> 
> More media and crap rhetoric from competing coin rivalry.

Nonsense. The paper's author has no connection to any particular coin project.

> Of course t-tx are not private, by design. Use z-tx to z-tx if privacy
> is wanted.
> Of course private z-tx make up only 20%, because t-tx is default,
> what do you expect, and users are both stupid and haven't been trained
> by those who might know (this list perhaps) into using privacy properly.
> The available pool of z coins is similarly limited as a result.
> The tin says t-tx and z-tx options exist so user can choose transparent
> or private use cases as needed.
> Nor do any coins generally implement options for random time delays
> between tx, which has unfortunately or not been the realm of swaps
> and their counterparty risk and fees.
> Whose fault is it that services and users elect not to use z-tx? > Maybe they are not interested that privacy often comes with
> cost, even computational cost, so what side are they truly on?

Point is that zcash promises perfect privacy but the tech is *unusable*. If it 
were practical to use, exchanges would have adopted it. And, knowing that the 
tech is so computationally expensive, the zcash project has done *nothing* to 
educate its users on the actual risks involved. They've been completely 
irresponsible here, focused only on appeasing their investors.

> Will they change with sapling, or with future better coins?
> 'Shiny new maths'... isn't that the realm of this list?

> Here's the actual paper...
> 
> On the linkability of Zcash transactions
> Jeffrey Quesnelle University of Michigan-Dearborn
> https://arxiv.org/pdf/1712.01210.pdf
> 
> Are any of these things really not documented or out in
> common knowledge to the point of being exploits?
> 
>> And coinjoin was already demonstrably broken over a year ago.
> 
> Coinjoin, Monero, swaps... all just mixes.

Monero ring signatures are not just mixes - the real signer is unprovable by a 
3rd party observer. And the use of stealth addresses means even if you could 
pin down a particular signer, you can't actually associate it to a specific 
receiver.

> Zerocash... cryptographic privacy.
> Two totally different analysis vectors.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

More information about the cryptography mailing list