Re: CoinJoin: Bitcoin privacy for the real world (someday!)

Quote from: Mike Hearn on August 22, 2013, 11:42:30 AM

The advanced crypto part isn't necessarily that advanced and doesn't require ZK proof systems. Such protocols were already designed:

http://blog.ezyang.com/2012/07/secure-multiparty-bitcoin-anonymization/

It just requires secure multi-party sorts, which is a more well studied subset of general MPC.

Quote from: gmaxwell on August 30, 2013, 01:50:03 AM

A couple minutes ago Phantomcircuit directed me to this writeup...

That has two weaknesses:

1. All transactions must be the same amount.

2. The participants have to be trusted to produce uniformly distributed keys. I think this means it isn't secure?