Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: Official Anoncoin chat thread (including history)
by
CoinHoarder
on 27/09/2014, 03:17:09 UTC
Quote from: rsa_ufo_attack on September 27, 2014, 02:33:46 AM
Quote from: CoinHoarder on September 27, 2014, 01:11:31 AM
Quote from: Simcom on September 27, 2014, 01:07:50 AM
Yes, that is my understanding exactly, except I have read over and over that it is only possible to generate trustless parameters with zerocoin, not zerocash.  Do you have a source that states it is possible with zerocash?

I am just going off of what they have stated on Twitter. Along with the following statements, they have mentioned the ability to generate the parameters by using multi party computations.. which is basically what the rsa ufo project is doing with ZeroCoin. If you look through their statements on Twitter it doesn't sound much different than they way Anoncoin is computing the ZeroCoin accumulator.

@CoinHoarder, thanks for your smart intervention.

@Simcom, let me to explain you with the below abstract example:
I want to create a new key/lock for my safe and I ask Gnosis to manage that project.
Then Gnosis ask 20 persons to create 1/20 of this key (we can compare to the RSA UFO clients).
When all the parts have been created, Gnosis will collect and assemble them to create the final key (we can compare to RSA UFO server).

In this abstract example, you don't have to trust all the 20 persons that created 1/20 of the key. Indeed, even if one of them is not honest, the key can not be compromised because the person need the others 19 parts to recreate the final key.
But you must to trust Gnosis that collected and assembled all the parts to create the final key. If Gnosis is not honest, he can keep for him all the 20 parts to create infinite keys.
Now I take the case, you have a blind trust to Gnosis, what if someone hacked him during the collection and assembly of these parts (RSA UFO clients and servers)? The hacker will have the possibility to create infinite keys.

In conclusion, until today, there is no way to setup the accumulators of zerocoin in a trustless manner. The trustless manner is an illusion used for marketing purposes. The danger is that someone could have the power to issue Anoncoins from nothing.

From my understanding of RSA UFOs, that is not true as Gnosis only received N and there is no way for him to figure out the factorization of N, which is two large unfactorable numbers P and Q. By combining multiple RSA UFOs, I think Anoncoin is using 13, it ensures that the person that solved one of the UFOs in the distributed computing project cannot know the final accumulator, and Gnosis can't either since he doesn't know the factorization of the 13 RSA UFOs. It makes sense to me how it works and you are incorrect in saying Gnosis knows the factorization of N, as without a LOT of computing power it is impossible for him to know that.

The only worry I have about the RSA UFO project is that possibly someone already knows the factorization of N (IE. The government), or someone will later find it out with faster processors in the future. I am not sure if this is a realistic thing to be worried about though, as the only thing I know about this stuff is from doing research on ZeroCoin/Zerocash/Anoncoin. I will try to reach out to the Zerocash Devs to get their opinion on the RSA UFO project, as I would trust their opinion over a random poster on these forums (no offense).