Hey there,I know zooko has been working on Zerocoin for sometime. How closely are you working with him on this project?
You also mention sidechains, I was under the impression zerocoin requires a Bitcoin fork in some manner, how do you think you would implement this in Bitcoin or would you be using atomic swaps, or what implementation to get zerocoin integrated?
Are you at all worried about maintaining the security of a sidechain e.g. mining or what would be the process to run this in a secure manner?
Right zerocash sorry for the confusion. Can you list the benefits of the project? I visited the web page but it would be great to have a simple list here. I see the anonymity, of course that's key but are there other key benefits this brings?Hey there,I know zooko has been working on Zerocoin for sometime. How closely are you working with him on this project?
You also mention sidechains, I was under the impression zerocoin requires a Bitcoin fork in some manner, how do you think you would implement this in Bitcoin or would you be using atomic swaps, or what implementation to get zerocoin integrated?
Are you at all worried about maintaining the security of a sidechain e.g. mining or what would be the process to run this in a secure manner?
Good question, and it's good that people recognize the value of atomic swaps. We are actually looking to implement atomic swaps at some point ( although no guarantees there ). We mostly just mention sidechains because unless you are very deep in bitcoin, sidechains might be more easy to conceptualize. But we think atomic swaps are just as good, or if not, better.
If sidechains is ever accepted by miners, we would look forward to integrating with that as well. Right now, sidechains is more of an after-thought than anything else.
Our project and Zooko's are two independent projects. I think that Zooko is working on Zerocash, which uses ZK-SNARKS, also a form of zero-knowledge proofs. The more privacy-preserving technologies out there, the better =)
Hey Roger,Hi Gary,
Can you explain just how private your Moneta transactions will be from 3rd parties trying to analyze the Moneta blockchain?
How much will they be able to figure out about who is transacting with who?
What is motivating you to build something like this?
Quite frankly, we should update the website soon as it's a bit out of date. Our first priority happens to be anonymity / privacy, so our initial launch will just feature Zerocoin. We may consider implementing GHOST at some point to allow for much faster transactions ( https://eprint.iacr.org/2013/881.pdf ). It can allow for transactions to be confirmed as fast as Internet latency allows for them to be confirmed. We basically want to implement as many cryptocurrency protocol innovations as possible in the future.Right zerocash sorry for the confusion. Can you list the benefits of the project? I visited the web page but it would be great to have a simple list here. I see the anonymity, of course that's key but are there other key benefits this brings?
Hey there,
Good question, and it's good that people recognize the value of atomic swaps. We are actually looking to implement atomic swaps at some point ( although no guarantees there ). We mostly just mention sidechains because unless you are very deep in bitcoin, sidechains might be more easy to conceptualize. But we think atomic swaps are just as good, or if not, better.
If sidechains is ever accepted by miners, we would look forward to integrating with that as well. Right now, sidechains is more of an after-thought than anything else.
Our project and Zooko's are two independent projects. I think that Zooko is working on Zerocash, which uses ZK-SNARKS, also a form of zero-knowledge proofs. The more privacy-preserving technologies out there, the better =)
We haven't decided on a ticker symbol yet, but we are all up to hear suggestions for that =)I didn't know there was an implementation of Zerocoin in existence. That's amazing.
What will the ticker symbol be for Moneta?
I couldn't find Moneta on any exchanges (except for "Moneta Verde" which seems to NOT be the same thing at all). I also found this other "Moneta" which appears to not be your coin either: https://bitcointalk.org/index.php?topic=737548.0 (There are a quite a few coins called Moneta.)
If not released yet, what is your guesstimate for a release date?
It makes you wonder if they truly understand how a ring signature works in current solutions of crypto that already exist. If you compromise the only party in the ring signature (yourself) then yeah you break privacy lol.For one, a malicious or compromised member of a ring signature can break privacy.
Good question, we are using the values from the RSA-2048 Factoring Challenge, which has been around since 1991. In the end of the day, nothing is actually completely trustless, but it is always possible to reduce the amount we need to rely on trust / minimize the trust required based on game theory.How will you generate the parameters in a transparent and trust-less way?
Team
The Zerovert team is dedicated to offering you the new gold standard in cryptocurrency privacy.
The founding team includes:
Poramin, who was also the designer and lead developer of Vertcoin - one of the top 5 most valuable cryptocurrencies by market-cap this February.
Gary, who invented the world's first cryptographic protocol to conduct Bitcoin-denominated peer-to-peer atomic cross chain option contracts for alternative cryptocurrencies.
So this is a topic that's brought up a lot. Ring signatures actually relies on the assumption that most participants in the ring signature are not malicious adversaries. If you have enough adversarial power (for example, you account for 95% of the ring signature ), you can significantly reduce the effective randomness of the ring signature. Once you attack for long enough, there are heuristics you can use to assess which addresses are most likely associated with which other addresses. In a sense, any public blockchain can be thought of as a "financial social network". For prior cryptocurrencies, the public blockchain essentially forms an open graph for analysis, and there have been many studies that attack privacy of anonymous social networks / graphs ( here's an example to get the idea: http://arstechnica.com/tech-policy/2009 ... witterers/ ). These types of attacks happen because there can be hundreds of edges (e.g. transactions showing interaction) that end up linking to a vertex or group of vertices (e.g. Bitcoin Addresses ) through various heuristics. With Moneta, these attacks don't apply because the maximum possible link is one edge per node as long as you use Zerocoin proofs ( and this link only happens between the sender and receiver, who presumably know that they are sending money to each other ). So there is a significant jump between limited anonymity set of several hundred within ring protocol ( limited by size of block to several hundred transactions mixed ) versus virtually infinite anonymity set via an efficient accumulator, and also between possible analysis of hundreds of edges versus just a single edge in a graph.I support their goal of privacy but when they say stuff like this:
It makes you wonder if they truly understand how a ring signature works in current solutions of crypto that already exist. If you compromise the only party in the ring signature (yourself) then yeah you break privacy lol.For one, a malicious or compromised member of a ring signature can break privacy.
When you mix with other outputs in Monero you are the only person who knows what is really going on especially if you are using a high mixin number.
This is also based on new cryptography (not tested for a long period of time). But if you want to risk using it that's up to you.
They also do not address the drawbacks of using a zerocoin system as described by Dr. Adam Back:
(they fail to point out the cons of using zerocoin in its current form)
https://www.youtube.com/watch?v=3dAdI3Gzodo&t=32m46s
Zerocoin still has a trap door (i.e. in the RSA accumulator)
We understand where you are coming from. We have already been running a private testnet for some time now. Just stay tuned as it's coming soon.No offense, but how can you claim the first implementation of zerocoin without running a successful test network? These claims have been public for 9 months now and your testnet is still coming soon(tm).
Unless I'm mistaken, Ring signatures in cryptocurrencies like Monero and ShadowCash only have single participant (the sender). Are you confusing them with masternode coinjoin protocols?So this is a topic that's brought up a lot. Ring signatures actually relies on the assumption that most participants in the ring signature are not malicious adversaries. If you have enough adversarial power (for example, you account for 95% of the ring signature ), you can significantly reduce the effective randomness of the ring signature. Once you attack for long enough, there are heuristics you can use to assess which addresses are most likely associated with which other addresses. In a sense, any public blockchain can be thought of as a "financial social network". For prior cryptocurrencies, the public blockchain essentially forms an open graph for analysis, and there have been many studies that attack privacy of anonymous social networks / graphs ( here's an example to get the idea: http://arstechnica.com/tech-policy/2009 ... witterers/ ). These types of attacks happen because there can be hundreds of edges (e.g. transactions showing interaction) that end up linking to a vertex or group of vertices (e.g. Bitcoin Addresses ) through various heuristics. With Moneta, these attacks don't apply because the maximum possible link is one edge per node as long as you use Zerocoin proofs ( and this link only happens between the sender and receiver, who presumably know that they are sending money to each other ). So there is a significant jump between limited anonymity set of several hundred within ring protocol ( limited by size of block to several hundred transactions mixed ) versus virtually infinite anonymity set via an efficient accumulator, and also between possible analysis of hundreds of edges versus just a single edge in a graph.I support their goal of privacy but when they say stuff like this:
It makes you wonder if they truly understand how a ring signature works in current solutions of crypto that already exist. If you compromise the only party in the ring signature (yourself) then yeah you break privacy lol.
When you mix with other outputs in Monero you are the only person who knows what is really going on especially if you are using a high mixin number.
This is also based on new cryptography (not tested for a long period of time). But if you want to risk using it that's up to you.
They also do not address the drawbacks of using a zerocoin system as described by Dr. Adam Back:
(they fail to point out the cons of using zerocoin in its current form)
https://www.youtube.com/watch?v=3dAdI3Gzodo&t=32m46s
Zerocoin still has a trap door (i.e. in the RSA accumulator)
The cryptography is actually quite well established, and is based on the Schnorr Protocol ( https://en.wikipedia.org/wiki/Proof_of_ ... r_protocol ). As long as you know some basic cryptography, you can verify for yourself that it works. If you are referring to storage though, storage is a relatively cheap resource and also spend-proofs can easily be pruned off the blockchain.
As far as efficiency goes, compared to a normal Bitcoin proof it takes more space, but in usability terms it's actually barely noticeable. Transactions can be verified within 10 minutes, just as with Bitcoin. Also, the effective workaround for the RSA Accumulator trapdoor issue in the picture is that the RSA-2048 factoring challenge is used ( established in 1991 )
Obviously not everything you reads on the internet is true, or the whole story. Anyone can write a blog post about anyone. I don't want to go into too many details, but you can see an article here about the author here and make your own judgements about his credibility ( apparently someone was about to sue the author of that blog ). http://chicagomaroon.com/2015/04/10/uch ... ompetitor/So, you apparently impersonate people and harass them by sending lewd emails on they're behalf (see web.archive.org links above), you launch closed-source, pre-mined coins that you abandon several weeks after they get on an exchange (Zerovert), and now you've apparently launched a for-profit venture based around the launch of this new/first(?) implementation of the Zerocoin protocol (http://moneta.cash/investors.html). You say yourself that the launch requires a measure of trust, "In the end of the day, nothing is actually completely trustless, but..."
I guess my question is, why should you or your company be trusted to launch this new protocol? Wouldn't the launch (which apparently requires trust in the person who launches it) require someone who is reputable, credible, and free from associations with criminal or scammy activity, which, no offense, you don't seem to be at this point?
Also, if I may suggest a slogan for your new coin/protocol/business venture: Moneta, your privacy is our business.
Yes, Zerovert was a more alpha testnet for MonetaAre these the same guys as zerovert?
https://bitcointalk.org/index.php?topic=846471.0
https://bitcointalk.org/index.php?action=trust;u=391031
Team
The Zerovert team is dedicated to offering you the new gold standard in cryptocurrency privacy.
The founding team includes:
Poramin, who was also the designer and lead developer of Vertcoin - one of the top 5 most valuable cryptocurrencies by market-cap this February.
Gary, who invented the world's first cryptographic protocol to conduct Bitcoin-denominated peer-to-peer atomic cross chain option contracts for alternative cryptocurrencies.
Yes, someone posted that blog post about me. Someone is accusing the author of that blog post of criminal activity, and is also considering suing the author of that blog post: http://chicagomaroon.com/2015/04/10/uch ... ompetitor/Is this you? Someone posted the links on bitcointalk. Looks like your picture is on those archived links:
https://web.archive.org/web/20141016190 ... te-me.html
https://web.archive.org/web/20141016203 ... ncore.html
Those 2 questions were answered, I'm happy to answer any other questions you haveI've made two posts above that you have not responded to...
Isn't this an ASK ME ANYTHING?
Then please address the posts if you are so willing to be a part of an AMA...
Or is this an AMABNCT = Ask me anything but not certain things?
^ I'm not sure what you are referring to, as I answered the question that you asked. As I said, I'm here to answer any questions, the purpose of an AMA
Return to “AMA - Ask Me Anything”
Users browsing this forum: No registered users and 6 guests