The hardware has to be audited. But we also have to audit our hardware that we use to run Cryptonote. If Intel is planting spies in the hardware, then we are screwed.

100% trust is impossible. And this is another reason I deprioritized anonymity. It is a clusterfuck.

Also I think perhaps Zerocash was working on a way to generate the public key decentralized, but I haven't kept up with progress on that.

Indeed Zerocash could end up being a Trojan Horse (a way to get fiat in the back door) and that is why I made my proposal to use them only as ephemeral mixes that die periodically, so then we will know if the key was compromised or not.

The result of my proposal is:

• Stolen coins isn't systemic to the overall coin (same as losing some coins to Mt. Gox and Cryptsy isn't), and at least participants get ongoing ceremonies to get better and better at auditing the hardware.
• No anonymity is ever lost.
• No NET coin supply is ever created out-of-thin-air (instead some people lose coins if they chose an insecure mixer that had a compromised key), which is also the case for both Zerocash and RIngCT where coin supply could be created out of thin air and we would never know it due to a bug in cryptography.

That will kick ass on Monero, because if I pass through the mixer, I know my anonymity is provable and I know I didn't lose my coins. It is only people who still sitting inside the mixer who risk losing coins. Everything has a risk. I would much rather the microscopic risk of a compromised key (causing me to lose some coins) to the sure risk of meta-data correlation in Monero which can send me to jail! Surely I would be judicious about not mixing all my coins at the same time and not all in the same mixer.