Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: Thoughts on Zcash?
by
smooth
on 04/02/2016, 04:08:04 UTC
Quote from: CoinHoarder on February 04, 2016, 03:59:55 AM
Quote from: smooth on February 04, 2016, 03:42:19 AM
Quote from: TPTB_need_war on February 04, 2016, 03:14:53 AM
The zerocoin mixer can be periodically reset, forcing all anonymous zerocoins to cash out periodically to basecoins which can be re-minted into the next instance of the zerocoin mixer. In this way, it can be proven that no zerocoins were created out-of-thin-air. All the anonymous mixing that occurs in the zerocoins can remain fully masked because the zerocoins balance can be merged before un-minting back to a basecoin.

So the problem is easily resolved. And the anonymity is not compromised even if the master private key was.

The process of resetting the mixer and forcing people to remint does compromise anonymity. If you were an adversary and wanted to spy on zerocash users, forcing such a reset (and then spying on them while redeeming and reminting) would be precisely one way you could go about doing it. This general pattern is a classic exploit method (e.g. force/trick user to reset password; intercept new password, etc.).



I don't get how you can spy on someone if you don't know who owns what address. They could simply generate a new address for the reset and then send it straight back to the zerocoin layer, no?

TPTB's premise is that IP addresses and other metadata are being spied on. You can't transact in basecoins, even just to move from one mixer to another, without encountering that exposure.

I don't agree with him that transacting in zerocash without worrying about your metadata exposure is of any real value, and neither does anyone else, but that's a different issue.

Also, TPTB operates under the premise that miners will be centralized and engage in 51% policy attacks. If they do that they can refuse to allow you to move your basecoins to the new mixer unless you identify yourself.

I agree with you that the possibility of moving to a reset coin has some potential value. It also has potential risks. The more times your have to perform the setup, the more opportunities there are for it to be compromised. Especially if it becomes routine and people get careless. Zcash has not said anything about planning to do these kinds of resets, as far as I've seen.

The above comments are in regard to a permisionless cryptocurrency ledgers, not permissioned blockchains.