Official Anoncoin chat thread (including history)

[CoinHoarder]

Well that is interesting, But I think unless they are able to pool hundreds of people to publicly generate the parameters in a trustless manner I kind of doubt the darknetmarket people will use zerocash over zerocoin.  I'm willing to bet money they would trust meeh over matt green et al.

They seem to think that they can, but the answer to that question is not clear as it is based off of random Twitter messages. We could really use some clarification on this by the original ZeroCoin/cash developers.

[entertheabyss]

I think the problem is we are all here discussing something we don't truly understand and never really will be able to understand on a technical level. Seeing as though the ZeroCoin/Zerocash guys aren't really interested in communicating with the cryptocurrency community, there are bound to be misconceptions and misinformation that arises. I take everything everyone says on this stuff with a grain of salt and tend to believe the original people working on the ZeroCoin/Zerocash projects over others. I have asked one of them their opinion on Anoncoin but he didn't answer, so I am on the fence about Anoncoin's implementation of ZeroCoin and the RSA UFO project.. as I don't fully understand both and the ZeroCoin/Zerocash developers haven't commented on it.

I did see Ian Miers' speech at the Bitcoin 2013 conference in person, he struck me as someone that really cares about financial privacy for the betterment of society, and someone that is unlikely to be a shill for the government. https://m.youtube.com/watch?v=A7rnE9nqhic

Again, maybe I am naive but if he feels Zerocash is a better solution then who am I to argue with his expertise?

With all that being said. I see Anoncoin's implementation of ZeroCoin, if successful, as being the most anonymous cryptocurrency that exists today. Who knows if Zerocash will ever come to be, and I think this "experiment" (which is how I look at it) is very important and needed.

he's trying to make zerocash trustlesser, but its unclear whether its even mathematically feasible. Luckily zerocoin uses RSA stuff and there is a known way to make it trustless. 


you can view the zercash white paper here: http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf

it clearly states that

"Both zk-SNARKs and NIZKs require a one-time trusted setup of public parameters (proving and verication keys for zk-SNARKs,  and a common reference string for NIZKs).

there is no mention of any method for creating a distributed less trusting setup, and there is no cryptographic literature to support the notion that is possible (though further cryptographic innovations and discoveries may change this). So without a mathematical breakthrough zerocash will remain a dubious technology.

[Simcom]

@Simcom, let me to explain you with the below abstract example:
I want to create a new key/lock for my safe and I ask Gnosis to manage that project.
Then Gnosis ask 20 persons to create 1/20 of this key (we can compare to the RSA UFO clients).
When all the parts have been created, Gnosis will collect and assemble them to create the final key (we can compare to RSA UFO server).

In this abstract example, you don't have to trust all the 20 persons that created 1/20 of the key. Indeed, even if one of them is not honest, the key can not be compromised because the person need the others 19 parts to recreate the final key.
But you must to trust Gnosis that collected and assembled all the parts to create the final key. If Gnosis is not honest, he can keep for him all the 20 parts to create infinite keys.
Now I take the case, you have a blind trust to Gnosis, what if someone hacked him during the collection and assembly of these parts (RSA UFO clients and servers)? The hacker will have the possibility to create infinite keys.

In conclusion, until today, there is no way to setup the accumulators of zerocoin in a trustless manner. The trustless manner is an illusion used for marketing purposes. The danger is that someone could have the power to issue Anoncoins from nothing.

I don't really understand your argument.  If what you are saying is correct, why did Green et al suggest that using RSA UFOs would allow a group of participants to generate the initial parameters without a trusted third party?  Are you saying that Green is wrong and a trusted third party is always required?  Or are you saying that it is possible to accomplish without a trusted third party but Gnosis/Meeh are not following the correct procedure? 

[CoinHoarder]

Yes, that is my understanding exactly, except I have read over and over that it is only possible to generate trustless parameters with zerocoin, not zerocash.  Do you have a source that states it is possible with zerocash?

I am just going off of what they have stated on Twitter. Along with the following statements, they have mentioned the ability to generate the parameters by using multi party computations.. which is basically what the rsa ufo project is doing with ZeroCoin. If you look through their statements on Twitter it doesn't sound much different than they way Anoncoin is computing the ZeroCoin accumulator.

@CoinHoarder, thanks for your smart intervention.

@Simcom, let me to explain you with the below abstract example:
I want to create a new key/lock for my safe and I ask Gnosis to manage that project.
Then Gnosis ask 20 persons to create 1/20 of this key (we can compare to the RSA UFO clients).
When all the parts have been created, Gnosis will collect and assemble them to create the final key (we can compare to RSA UFO server).

In this abstract example, you don't have to trust all the 20 persons that created 1/20 of the key. Indeed, even if one of them is not honest, the key can not be compromised because the person need the others 19 parts to recreate the final key.
But you must to trust Gnosis that collected and assembled all the parts to create the final key. If Gnosis is not honest, he can keep for him all the 20 parts to create infinite keys.
Now I take the case, you have a blind trust to Gnosis, what if someone hacked him during the collection and assembly of these parts (RSA UFO clients and servers)? The hacker will have the possibility to create infinite keys.

In conclusion, until today, there is no way to setup the accumulators of zerocoin in a trustless manner. The trustless manner is an illusion used for marketing purposes. The danger is that someone could have the power to issue Anoncoins from nothing.

From my understanding of RSA UFOs, that is not true as Gnosis only received N and there is no way for him to figure out the factorization of N, which is two large unfactorable numbers P and Q. By combining multiple RSA UFOs, I think Anoncoin is using 13, it ensures that the person that solved one of the UFOs in the distributed computing project cannot know the final accumulator, and Gnosis can't either since he doesn't know the factorization of the 13 RSA UFOs. It makes sense to me how it works and you are incorrect in saying Gnosis knows the factorization of N, as without a LOT of computing power it is impossible for him to know that.

The only worry I have about the RSA UFO project is that possibly someone already knows the factorization of N (IE. The government), or someone will later find it out with faster processors in the future. I am not sure if this is a realistic thing to be worried about though, as the only thing I know about this stuff is from doing research on ZeroCoin/Zerocash/Anoncoin. I will try to reach out to the Zerocash Devs to get their opinion on the RSA UFO project, as I would trust their opinion over a random poster on these forums (no offense).

[Simcom]

From my understanding of RSA UFOs, that is not true as Gnosis only received N and there is no way for him to figure out the factorization of N, which is two large unfactorable numbers P and Q. By combining multiple RSA UFOs, I think Anoncoin is using 13, it ensures that the person that solved one of the UFOs in the distributed computing project cannot know the final accumulator, and Gnosis can't either since he doesn't know the factorization of the 13 RSA UFOs. It makes sense to me how it works and you are incorrect in saying Gnosis knows the factorization of N, as without a LOT of computing power it is impossible for him to know that.

The only worry I have about the RSA UFO project is that possibly someone already knows the factorization of N (IE. The government), or someone will later find it out with faster processors in the future. I am not sure if this is a realistic thing to be worried about though, as the only thing I know about this stuff is from doing research on ZeroCoin/Zerocash/Anoncoin. I will try to reach out to the Zerocash Devs to get their opinion on the RSA UFO project, as I would trust their opinion over a random poster on these forums (no offense).

I was also concerned about this but Gnosis assured me that at any point in the future we can generate a larger set of RSA UFOs and upgrade the network with a hard fork if we had to.

[CoinHoarder]

From my understanding of RSA UFOs, that is not true as Gnosis only received N and there is no way for him to figure out the factorization of N, which is two large unfactorable numbers P and Q. By combining multiple RSA UFOs, I think Anoncoin is using 13, it ensures that the person that solved one of the UFOs in the distributed computing project cannot know the final accumulator, and Gnosis can't either since he doesn't know the factorization of the 13 RSA UFOs. It makes sense to me how it works and you are incorrect in saying Gnosis knows the factorization of N, as without a LOT of computing power it is impossible for him to know that.

The only worry I have about the RSA UFO project is that possibly someone already knows the factorization of N (IE. The government), or someone will later find it out with faster processors in the future. I am not sure if this is a realistic thing to be worried about though, as the only thing I know about this stuff is from doing research on ZeroCoin/Zerocash/Anoncoin. I will try to reach out to the Zerocash Devs to get their opinion on the RSA UFO project, as I would trust their opinion over a random poster on these forums (no offense).

I was also concerned about this but Gnosis assured me that at any point in the future we can generate a larger set of RSA UFOs and upgrade the network with a hard fork if we had to.

That is good to know, so that alleviates one of my worries. I think it would go a long ways, as to my other concern of the government already knowing the factorization, to extend the RSA UFO project indefinitely. That way the security of the accumulator can be upgraded via a hard fork when bigger UFOS are found at a later date. That way over time the chance the NSA has already cracked the UFOs gets smaller and smaller.

[Simcom]

From my understanding of RSA UFOs, that is not true as Gnosis only received N and there is no way for him to figure out the factorization of N, which is two large unfactorable numbers P and Q. By combining multiple RSA UFOs, I think Anoncoin is using 13, it ensures that the person that solved one of the UFOs in the distributed computing project cannot know the final accumulator, and Gnosis can't either since he doesn't know the factorization of the 13 RSA UFOs. It makes sense to me how it works and you are incorrect in saying Gnosis knows the factorization of N, as without a LOT of computing power it is impossible for him to know that.

The only worry I have about the RSA UFO project is that possibly someone already knows the factorization of N (IE. The government), or someone will later find it out with faster processors in the future. I am not sure if this is a realistic thing to be worried about though, as the only thing I know about this stuff is from doing research on ZeroCoin/Zerocash/Anoncoin. I will try to reach out to the Zerocash Devs to get their opinion on the RSA UFO project, as I would trust their opinion over a random poster on these forums (no offense).

I was also concerned about this but Gnosis assured me that at any point in the future we can generate a larger set of RSA UFOs and upgrade the network with a hard fork if we had to.

That is good to know, so that alleviates one of my worries. I think it would go a long ways, as to my other concern of the government already knowing the factorization, to extend the RSA UFO project indefinitely. That way the security of the accumulator can be upgraded via a hard fork when bigger UFOS are found at a later date. That way over time the chance the NSA has already cracked the UFOs gets smaller and smaller.

Yes I think its a good idea.  Hell, maybe we can build the RSA UFO generator right into the wallet, have everyone churning RSA UFOs all day if they want to, then do yearly hardforks to incorporate the new juicy UFOs.

[CoinHoarder]

From my understanding of RSA UFOs, that is not true as Gnosis only received N and there is no way for him to figure out the factorization of N, which is two large unfactorable numbers P and Q. By combining multiple RSA UFOs, I think Anoncoin is using 13, it ensures that the person that solved one of the UFOs in the distributed computing project cannot know the final accumulator, and Gnosis can't either since he doesn't know the factorization of the 13 RSA UFOs. It makes sense to me how it works and you are incorrect in saying Gnosis knows the factorization of N, as without a LOT of computing power it is impossible for him to know that.

The only worry I have about the RSA UFO project is that possibly someone already knows the factorization of N (IE. The government), or someone will later find it out with faster processors in the future. I am not sure if this is a realistic thing to be worried about though, as the only thing I know about this stuff is from doing research on ZeroCoin/Zerocash/Anoncoin. I will try to reach out to the Zerocash Devs to get their opinion on the RSA UFO project, as I would trust their opinion over a random poster on these forums (no offense).

I was also concerned about this but Gnosis assured me that at any point in the future we can generate a larger set of RSA UFOs and upgrade the network with a hard fork if we had to.

That is good to know, so that alleviates one of my worries. I think it would go a long ways, as to my other concern of the government already knowing the factorization, to extend the RSA UFO project indefinitely. That way the security of the accumulator can be upgraded via a hard fork when bigger UFOS are found at a later date. That way over time the chance the NSA has already cracked the UFOs gets smaller and smaller.

Yes I think its a good idea.  Hell, maybe we can build the RSA UFO generator right into the wallet, have everyone churning RSA UFOs all day if they want to, then do yearly hardforks to incorporate the new juicy UFOs.

That is a good idea, and I think it would go a long ways towards instilling trust in the RSA UFOs used to create the accumulator. Building it into the client would make it more likely that people would partake in the generation of the UFOs.

Even better, if we could figure out a way to incentivize people to do it they would be more likely to do so. If this could be figured out I think Anoncoin would have something really special here. By changing the PoW to RSA UFO generation it would incentivize them by rewarding them block rewards. I'm not sure what Anoncoin's block time is, but you could take the largest UFO generated per block and reward the finder with some Anoncoins. I would suggest switching from PoW to a form of PoS so it costs much less to secure the block chain. That would free up some Anoncoins in each block reward to be awarded to the person that generates the biggest UFO.

I don't have enough technical knowledge to figure out if this is plausible or not, but if it is possible then it could really help the long term sustainability and security of the project. There are already talks of switching to auxPoW, why not switch to something like ufoPoW if it is possible. Hopefully Gnosis or Meeh can comment as to if this would be possible to do in some way or another. Perhaps it could be done in another way and the way I stated is impossible... either way if it can be done I think it would be a great thing to do.

[niteglider]

From my understanding of RSA UFOs, that is not true as Gnosis only received N and there is no way for him to figure out the factorization of N, which is two large unfactorable numbers P and Q. By combining multiple RSA UFOs, I think Anoncoin is using 13, it ensures that the person that solved one of the UFOs in the distributed computing project cannot know the final accumulator, and Gnosis can't either since he doesn't know the factorization of the 13 RSA UFOs. It makes sense to me how it works and you are incorrect in saying Gnosis knows the factorization of N, as without a LOT of computing power it is impossible for him to know that.

The only worry I have about the RSA UFO project is that possibly someone already knows the factorization of N (IE. The government), or someone will later find it out with faster processors in the future. I am not sure if this is a realistic thing to be worried about though, as the only thing I know about this stuff is from doing research on ZeroCoin/Zerocash/Anoncoin. I will try to reach out to the Zerocash Devs to get their opinion on the RSA UFO project, as I would trust their opinion over a random poster on these forums (no offense).

I was also concerned about this but Gnosis assured me that at any point in the future we can generate a larger set of RSA UFOs and upgrade the network with a hard fork if we had to.

That is good to know, so that alleviates one of my worries. I think it would go a long ways, as to my other concern of the government already knowing the factorization, to extend the RSA UFO project indefinitely. That way the security of the accumulator can be upgraded via a hard fork when bigger UFOS are found at a later date. That way over time the chance the NSA has already cracked the UFOs gets smaller and smaller.

Yes I think its a good idea.  Hell, maybe we can build the RSA UFO generator right into the wallet, have everyone churning RSA UFOs all day if they want to, then do yearly hardforks to incorporate the new juicy UFOs.

That is a good idea, and I think it would go a long ways towards instilling trust in the RSA UFOs used to create the accumulator. Building it into the client would make it more likely that people would partake in the generation of the UFOs.

Even better, if we could figure out a way to incentivize people to do it they would be more likely to do so. If this could be figured out I think Anoncoin would have something really special here. By changing the PoW to RSA UFO generation it would incentivize them by rewarding them block rewards. I'm not sure what Anoncoin's block time is, but you could take the largest UFO generated per block and reward the finder with some Anoncoins. I would suggest switching from PoW to a form of PoS so it costs much less to secure the block chain. That would free up some Anoncoins in each block reward to be awarded to the person that generates the biggest UFO.

I don't have enough technical knowledge to figure out if this is plausible or not, but if it is possible then it could really help the long term sustainability and security of the project. There are already talks of switching to auxPoW, why not switch to something like ufoPoW if it is possible. Hopefully Gnosis or Meeh can comment as to if this would be possible to do in some way or another. Perhaps it could be done in another way and the way I stated is impossible... either way if it can be done I think it would be a great thing to do.

This is a great idea, if it can be done.  It has already been demonstrated that there will not be generated as many ANCs as was initially anticipated.  Thus, blocks could be awarded to the producers of new UFOs without creating inflation of the ANC's value.

Thoughts, Dev team?

[gunzeon]

why would it be impossible for 2 accumulators to co-exist ? ie: the old 13 legacy UFOs and the Newer stronger ones for all new zerocoins; One's zerocoin is in either one of the accumulators when you go to swap it.

[SmokingSkull]

Why are we even talking Hard-Forks now?  

That's years away. (after the HardFork in 1 month)

[varun555]

What about the 158 GH of network hashrate !!!! Is it clear whether or not is there an attack going on. Is there any credible  info ?

[gunzeon]

wow - our difficulty has hit 4792 !!! We are under "Attack" :-)

at least somebody loves us

[varun555]

wow - our difficulty has hit 4792 !!! We are under "Attack" :-)

at least somebody loves us

Are the devs aware?

[gunzeon]

last time it happened there was there was talk of a more adaptable difficulty calc, but nothing's actually broken, everything's working as it should:
 - the intense hash rate increases the difficulty
 - when it's taken away the difficulty is still high so blocks take a lot of time until the difficulty subsides

[SmokingSkull]

last time it happened there was there was talk of a more adaptable difficulty calc, but nothing's actually broken, everything's working as it should:
 - the intense hash rate increases the difficulty
 - when it's taken away the difficulty is still high so blocks take a lot of time until the difficulty subsides

Well yeah, though last time it wasn't so much GHs added ... the patch day is still far away

[varun555]

last time it happened there was there was talk of a more adaptable difficulty calc, but nothing's actually broken, everything's working as it should:
 - the intense hash rate increases the difficulty
 - when it's taken away the difficulty is still high so blocks take a lot of time until the difficulty subsides

Well yeah, though last time it wasn't so much GHs added ... the patch day is still far away

What is this "patch" and how far is it?

Sorry, I don't know anything about it.

[SmokingSkull]

last time it happened there was there was talk of a more adaptable difficulty calc, but nothing's actually broken, everything's working as it should:
 - the intense hash rate increases the difficulty
 - when it's taken away the difficulty is still high so blocks take a lot of time until the difficulty subsides

Well yeah, though last time it wasn't so much GHs added ... the patch day is still far away

What is this "patch" and how far is it?

Sorry, I don't know anything about it.

The different mining algos it's about ... 1 month away I guess.

[varun555]

last time it happened there was there was talk of a more adaptable difficulty calc, but nothing's actually broken, everything's working as it should:
 - the intense hash rate increases the difficulty
 - when it's taken away the difficulty is still high so blocks take a lot of time until the difficulty subsides

Well yeah, though last time it wasn't so much GHs added ... the patch day is still far away

What is this "patch" and how far is it?

Sorry, I don't know anything about it.

The different mining algos it's about ... 1 month away I guess.

Is it about AUXPOW ?

[niteglider]

Ever notice that when most people say, 'no offense,' they are totally being offensive?

So, Gnosis has already addressed the idea.  In the future, if/when we need to expand security, there can simply be a message added to wallets, wiki, forums, websites, etc. which warns zANC holders that they must redeem their coins before a specified date.

And with certain agencies already crowing about the increased security of apple and android, it's sure that wise persons will want to protect their privacy.

A nice solution.

Keep up the good work, gentlemen.  You are actually helping to make the world a better place.