[cryptography] an untraceability extension to Bitcoin using a combination of digital commitments, one-way accumulators and zero-knowledge proofs,
iang at iang.org
Fri Apr 12 18:40:36 EDT 2013
Steve Bellovin posted this on another list, hattip to him.
For those following Bitcoin this is news. Matthew Green writes:
For those who just want the TL;DR, here it is:
Zerocoin is a new cryptographic extension to Bitcoin that (if
adopted) would bring true cryptographic anonymity to Bitcoin. It works
at the protocol level and doesn't require new trusted parties or
services. With some engineering, it might (someday) turn Bitcoin into a
completely untraceable, anonymous electronic currency.
Bitcoin is psuedonymous but traceable, which is to say that all
transactions are traceable from identity to identity, but those
identities are psuedonyms, being (hashes of) public keys. This is
pretty weak. In contrast, Chaumian blinding was untraceable but
typically identified according to an issuer's regime. Because Chaumian
mathematics required a mint, this devolved to trusted/identified, so
again not as strong as some hoped.
Bitcoin fixed this 'flaw' by decorporating the mint into an algorithm.
This suggests a new axis of distributed. But Bitcoin lost the
untraceability in the process, thus rendering it a rather ridiculous
attempt at privacy, as the entire graph was on display. Bitcoin is more
or less worse at privacy than Chaumian cash ever was.
The holy grail in Chaumian times was untraceable & unidentifiable, to
which Bitcoin added distributed. This paper by Miers, Garman, Green &
Rubin suggests untraceable & psuedonymous & distributed is possible:
(I haven't as yet read the paper so there may be killer details in there.)
More information about the cryptography