Counter-argument: "We don't even need cryptography!"
Money has never needed 'cryptography' or any kind of meta-layer obfuscating technology to implement a fundamental monetary property (such as fungibility). Any monetary medium that works will have self-generating fungibility - like the cash drawer or gold's low melting point.
If I melt down 10 gold coins to make a gold bar and then use that in a transaction, I'm not "hiding" the fact that I'm making the transaction. The fungibility does not come from any form of encryption, but rather from the fact that gold coins could be combined from 10 distinct "inputs" into one indistinct "output".
It's an inherent part of cryptocurrencies that that is possible - which is why they make an almost perfect monetary medium. Darkcoin / Dash levers that property without changing the fundamental characteristics of the blockchain. I'm not saying that a cryptographic approach like cryptonote isn't interesting or potentially useful in many cases, but I'm saying it's not necessarily the optimal solution to bitcoin's fungibility problem from a monetary point of view.
Again nonsense. Cryptonote/Monero is more fungible than coinjoin/mixing, even Satoshi, the creator(s) of Decentralized Cryptocurrency, acknowledged a system like what Cryptonote is today, would be "much better, easier, more convenient" than Bitcoin, which Dash is forked from. You've sprouted a lot of inaccurate statements recently, from the lie over the volume of XMR and DASH, to thinking bitmonerod was a wallet, then to saying that cryptocurrencies don't really use cryptography...Seriously?
This is a very interesting topic. If a solution was found, a much better, easier, more convenient implementation of Bitcoin would be possible.
Originally, a coin can be just a chain of signatures. With a timestamp service, the old ones could be dropped eventually before there's too much backtrace fan-out, or coins could be kept individually or in denominations. It's the need to check for the absence of double-spends that requires global knowledge of all transactions.
The challenge is, how do you prove that no other spends exist? It seems a node must know about all transactions to be able to verify that. If it only knows the hash of the in/outpoints, it can't check the signatures to see if an outpoint has been spent before. Do you have any ideas on this?
It's hard to think of how to apply zero-knowledge-proofs in this case.
We're trying to prove the absence of something, which seems to require knowing about all and checking that the something isn't included.
Something interesting also is this, the user "ByteCoin" is probably not related to Cryponote, but:
Nope, this is a much different solution.
I quoted the following portion of your post
When you are done parsing the block list, you will have the minimal set of valid and unspent out-points.
That's exactly what a balance sheet is. As long as everyone agrees on this list then transactions work fine. Why store anything else? The block chain is merely a device for ensuring the integrity of this list. Why not just download and store the list, verify its hash in the block chain on startup along with a sufficient history of block chain to be confident it's not falsified?
This provides superior bandwidth, disk space and privacy to your scheme.
The general public doesn't get to see any transactions or balances.
The public has to see the transactions to verify them, the balances can be calculated from them. I'm neglecting your embryonic scheme involving not incompletely broadcasting transactions due to unresolved obvious security problems.
If you want to provide more privacy you could always change transactions so that nobody can tell who the recipient is and how much until the recipient spends the money.
At the moment the beneficiary of a transaction is a certain bitcoin address. If that address has ever received coins before then everyone knows that all the money is in the same place. Alternatively, that address has been publicized as a receiving address so you know exactly where the money is going.
Instead you specify that the recipient of the money is the address that can decrypt a certain message that you have signed. So your transaction would comprise a load of signed TxIns and a signed public key encrypted message saying how much of the BitCoins goes to the person able to decrypt the message. All the network nodes try to decrypt the message with each of their public keys. The one who succeeds knows that they have received the money and updates their displayed balance accordingly. When the recipient decides to spend the money their transaction includes the decrypted message. Only when the other network nodes see this do they know who the recipient was and how much the transaction was worth. Any change is ascribed to the signing key and the decrypted message and original are cited when the change is spent in subsequent transactions.
I wonder why transactions weren't designed like this in BitCoin from the start.
ByteCoin