Hi all, long time no see. I've just discovered I developed a sort of addiction to btctalk :-)
I just found out an hidden "gem" in the development section:
"Off-chain anonymous transactions by secure transfer of private keys"
I think the apparent lack of interest is due to the fact that OtherCoin doesn't claim (or is expected to have) a net effect on the Bitcoin price. Its intention is to simply make off-chain truly private transactions possible. As a side effect, it would also make any blockchain transaction analysis useless (since coins could exchange hands offline hundreds or thousands of times without any trace in the blockchain or anywhere else on the Internet). It also removes the one to one mapping between addresses and persons - in the current system, once you've identified who owns a particular address, you can safely assume that any past or future payments sent to that address belong to that person. With OtherCoin in place, an address could effectively be "owned" by hundreds of people, just at different moments in time.
Here the link for the updated white paper:
http://www.othercoin.com/OtherCoin.pdfI didn't have a chance to look at this in detail, but if the sender knows the private key, then double spends are a concern and the incomplete mitigation (to spend asap) is a timing analysis vector and afaics brings the traceability right back onto the blockchain.
Edit: myself (and I assume smooth and others) have thought deeply about all these sort of schemes and dismissed them. There isn't likely anything new under the sun except for some exotic new crypto that improves upon the Zerocash, Zerocoin, or fully homomorphic schemes. I would like to see a quantum resistant reformulation of Cryptonote.
Untraceability (e.g. when merging change from prior txns) can only be secured mixing of txns on the blockchain. Mixing can be done on the blockchain using an orthogonal protocol such as CoinJoin, but as explained by myself and smooth upthread, CoinJoin is not autonomous, is not immune to being jammed by a determined attacker, and has a user simultaneity requirement that will prevent it from scaling. Darkcoin mitigated the jammability by implementing masternodes which compromise anonymity against a ubiquitous attacker such as the NSA and they were the last time I checked adding some pre-mixing scheme to mitigate the simultaneity issue but that pre-mixing comes at a cost (and I think also a cost to scalability as well). Afaics after much thought and study, onchain mixing such as Cryptonote's one-time ring sigs (or Zerocoin and Zerocash but we pointed out their vulnerabilities upthread) is the only way to achieve anonymity with ledger-based crypto-currency. Note I also pointed out upthread that one-time ring sigs are not sufficient, and we need IP obfuscation as well. I argue that Tor (and likely I2P as well) are not entirely reliable IP obfuscation (argue they are subject to various attacks on the anonymity).