[cryptography] an untraceability extension to Bitcoin using a combination of digital commitments, one-way accumulators and zero-knowledge proofs,

ianG iang at iang.org
Fri Apr 12 18:40:36 EDT 2013

Steve Bellovin posted this on another list, hattip to him.


For those following Bitcoin this is news.  Matthew Green writes:

     For those who just want the TL;DR, here it is:

     Zerocoin is a new cryptographic extension to Bitcoin that (if 
adopted) would bring true cryptographic anonymity to Bitcoin. It works 
at the protocol level and doesn't require new trusted parties or 
services. With some engineering, it might (someday) turn Bitcoin into a 
completely untraceable, anonymous electronic currency.


(iang adds:)

Bitcoin is psuedonymous but traceable, which is to say that all 
transactions are traceable from identity to identity, but those 
identities are psuedonyms, being (hashes of) public keys.  This is 
pretty weak.  In contrast, Chaumian blinding was untraceable but 
typically identified according to an issuer's regime.  Because Chaumian 
mathematics required a mint, this devolved to trusted/identified, so 
again not as strong as some hoped.

Bitcoin fixed this 'flaw' by decorporating the mint into an algorithm. 
This suggests a new axis of distributed.  But  Bitcoin lost the 
untraceability in the process, thus rendering it a rather ridiculous 
attempt at privacy, as the entire graph was on display.  Bitcoin is more 
or less worse at privacy than Chaumian cash ever was.

The holy grail in Chaumian times was untraceable & unidentifiable, to 
which Bitcoin added distributed.  This paper by Miers, Garman, Green & 
Rubin suggests untraceable & psuedonymous & distributed is possible:


(I haven't as yet read the paper so there may be killer details in there.)


More information about the cryptography mailing list