If you don't believe that a general purpose one-size-fits-all blockchain technology can be easily and safely created, but you would prefer more privacy and security, Zcash is a frankly compelling idea, and deserves a look.
Monero uses a different scheme (ring signatures, essentially mixing in fake and real digital signatures) for privacy. To my knowledge, they don't duplicate the 'blinding' type of hiding about bucket recipients and ownership that zcash does.
Note also that BIP47 and the like are trying to add some of these privacy features into Bitcoin core, so there's lots of angles on improved privacy.
- my laptop is stolen in a compromised state (eg logged on, nothing left encrypted); can anyone trace my transactions?
- I've read suggestions that Zcash themselves can deanonymize every transaction, thanks to generating the initial "Genesis" block. Is that roughly right? (Ignoring obfuscation techniques like getting many other people to create separate signatures)
I'm definitely concerned that this comes with a lot of asterisks next to its claims.
-laptop being stolen:
An attacker will get how much money you have, and if you have kept around the private keys for all your addresses, when and how much you were paid, but not who paid you or who you paid. The attacker can use those keys to go back and decrypt the notifications that get posted to the blockchain that allow you to access a transaction. This gets them how much funds you have been sent and when. It doesn't tell them who sent it unless someone put identifying info in the memo field(e.g.'For Homer Simpson's bar tab'), because senders are anonymous even to recipients. It also doesn't tell them anything directly about who you paid or how much. It does let them identify when you made payments though.
If you move your funds to a new address and delete those keys, then all an attacker gets is your current balance.
- deanonymize every transaction.
We can't. The zero-knowledge proofs(zkSNARKS) we use to hide transaction data are zero-knowledge no matter what. The information simply isn't there.
The confusion is there is an issue with setting things up to ensure we can't forge coins. The zkSNARKs that ZCash uses need to be generated correctly to ensure the proofs are sound (i.e. actually prove what they claim) and someone therefore cannot forge coins. We plan on doing a multiparty computation setup where if at least one party is honest, the parameters are correct. But zkSNARKs provide statistical zero-knowledge without trusted setup. So assuming the software correctly does the protocol, no one can ever deanonymize transactions (see my other comment on post quantum security for the caveats) unless they get your keys.
- laptop being stolen: cutting out potential ifs and buts, would it be drastically unfair of me to take that as: if you laptop's compromised, all bets are off?
- deanonymize every transaction: genuinely interesting, thanks for taking the time to educate me :)
I think it's important to distinguish between "deleting" and "securely erasing" here. The former often provides only a layer of obscurity, while the latter takes expertise to perform reliably.
Ideally the wallet's key deletion functionality would include ensuring the private data doesn't remain on disk (and warn if the media makes this impossible), but I think this is more or less impossible; a secure erase facility really needs to be implemented at the OS level, since it requires knowledge of the workings of the filesystems in use as well as its interactions with the physical media. And it gets worse; in the case of any solid state devices that perform their own write balancing, even the operating system can't know what data has actually been lost.
Of course, if someone has your (unencrypted) hard drive digging around for old ZCash key data is probably low on the list of privacy-compromising information available to them anyway.
Heh, thanks, I appreciate your honesty! :)
I guess it's a bit like the problems with trying to get mass adoption of PGP; the tech's there, but trying to get Joe Public to use it without missing any of the vital steps and not messing any of them up is difficult at best.
For me, it's one of those "last, great"-levels of problem to solve: creating privacy tech that regular people who don't know or care about the specifics can use reliably and not mess up because they don't know and/or care.
2) The creation of the genesis block involves a trust 'game' of sorts, in which many participants are asked to pick a number. The statement from zcash, which a better cryptographer than me could verify, is that only one of the participants need be trustworthy in order to make this step safe.
I think anyone can participate in the genesis block creation, so you may be just who they need to get the genesis block in good shape. :)
On a different note, it would take a juvenile and short-sighted thinker to want to be able to deanonymize the transactions; not that those people don't exist, but most rational adults would not wish to be emotionally and personally liable in some way for knowing the identities of the money launderers, child pornographers and others who will undoubtedly be drawn to a technology like this.
8.3.4. "How will privacy and anonymity be attacked?"
like so many other "computer hacker" items, as a tool for the "Four Horsemen": drug-dealers, money-launderers, terrorists, and pedophiles.
I spent 2012 and 2013 vigorously parrying journalists who only wanted to write about Bitcoin and the four horsemen. I was wrong to do that. Most Bitcoin transactions of substance in 2012 were related to one of the four.
While I'm pissed off that I spent time taking shots in the public limelight on behalf of asshole drug dealers, that was not actually the point I was raising above. I presume that the zcash folks are aware their inventions will be used for bad things, and have weighed the moral calculus, and are fine with the outcome. And, I wouldn't necessarily disagree with that calculus.
What I was saying is that a clear-headed individual needs to go into launching a cryptocurrency like this with the certain knowledge that their tool will be used, very rapidly, and perhaps very aggressively, to forward the agendas of the four horsemen. In fact, those will likely be the earliest adopters, or the earliest adopters with real money.
That has some implications for how you design your own responsibility / rights / powers in a cryptocurrency. To think otherwise is terribly avoidant behavior.
- They already have anonymous, secure payment systems (cash, drugs, jewels, shell companies, etc)
- The cat is out of the bag, so they're going to have it anyway
- These proverbial Horsement do more than just move money around; there's still plenty of room for detective work.
Splitting the atom gave us nuclear power, viable cancer treatment, smoke detectors, and also Hiroshima, Nagasaki, and the threat of radiological terrorism. The proverbial sword is always double-edged.
To make an actual point: I think we'd do well as a community to acknowledge the degree of truth these moral panics hold, because I suspect we frustrate a lot of people by being dismissive of what they perceive to be an apocalyptic problem.
This is binary thinking but crime isn't binary. There are varying levels of crime. New technologies can make criminal behavior easier or more difficult. Just giving up on money laundering isn't something most people are willing to think about, particular for an experimental payment system that they don't care about and probably won't use.
For someone who doesn't understand the benefits of a new technology and is rounding it to zero, the cost/benefit tradeoff isn't hard to decide, and making an analogy to splitting the atom is unlikely to be persuasive.
But nobody is actually advocating this, least of all me. The argument is that tracking every financial transaction is no longer viable, whether we like it or not.
Moreover, digging your heels into the sand and saying "but it's not right to give up on money-laundering" doesn't change the reality: there exists technology that makes arbitrary, anonymous payments trivial to perform. What do you propose we do?
This. Taking away everyone's privacy because somebody might use privacy to break the law is dumb. You want to bust drug dealers? Bust them for selling drugs.
- We have driver's licenses, passports and all manner of ID's
- The IRS can audit banking records to ensure there's no tax fraud, sans warrant.
- You can be filmed and photographed in public places for security purposes
The list goes on, and the argument will be that new technologies require new compromises. Yours is hardly a constructive (or even correct) approach to the problem, because it (a) dismisses valid concerns and (b) implies a warped interpretation of privacy law. There is no absolute right to privacy; there cannot be!
That said, we're largely in agreement -- restricting privacy is probably the wrong approach in this particular case, but I think the counter argument should instead be made as I previously described, rather than by a knee-jerk opposition to restricted privacy.
Cash transactions carry substantial risk: both parties must be physically present in some place to make the deal. They can be tailed, the meeting place can be under surveillance, they can be raided, they can murder each other and run, etc. It's also impractical to deal with large amounts of cash due to the risk of robbery/theft (including civil forfeiture), and legitimate entities won't take suitcases full of cash for large purchases. Infiltrating and exfiltrating large amounts of money from the legitimate banking system is also very likely to leave traces that can be understood by sufficiently skilled/motivated forensic accountants.
Whereas flipping some bytes in the firehose of cryptographically secure bytes already coming in and out of every home is undetectable and basically risk-free.
Some much more concrete human rights are ensured through taxation: food, shelter, water, health care, police, education, national defense, etc. If you make taxation effectively optional by running a perfect, free money-laundering system, some of them may have to go.
Doing a significant volume of cash transactions with any financial institution also causes it to send a Suspicious Activity Report  to the federal government, which greatly increases your chance of being selected for an audit.
It's true that you don't need records to explain your personal spending, but you will need to produce records justifying any deductions/benefits claimed, and if your lifestyle appears to be large for your reported taxable income, you'll need to account for that too. Recently the IRS has started using public social media posts indicating lavish spending against people who are only paying taxes on meagre incomes.
Laundromats are actually classic tax fraud vehicles. There was an article on HN recently about how the government will pull their water/electric bills to see if the volume of business they claim their doing is in line with their actual resource usage.
In reality we sorted a lot of the problems out as we went along. We have muddled through somehow. The process I think was hardly linear or deterministic. And I think it never will be. Look at InfoSec where it is a constant game of catching up. Yet somehow our ancient technology stacks (DNS, SMTP, HTTP, ...) still seem to work and our world has not yet imploded. Society not yet collapsed. Our children who grew up with the Internet have turned out pretty well (people today seem a lot smarter than most of the guys I grew up with in the 70ies/80ies mainly because of the Internet)
Seems that every time we're on the verge to discovering something totally radical (crypto currencies, big-data, IoT, ...) fear is strong. The only place (people) I have seen where the mainstream approaches technologies with an open mind is Japan. There even old people think robots are cute and innovation is ultimately good. In the rest of the world technology is something potentially evil that must be regulated at all cost before it is even invented.
What if we succeed in creating a decentralized autonomous organizations (DAO) or an economy that doesn't answer to the state. We are pretty close to having the tools for it, and I'm sure this is scary as hell for a lot of nation states. See also the latest news about UK government creating their own version of a blockchain by removing the best feature (decentralization ). I doubt though that any of this will lead to anarchy (unless our system/society is already so broken that it was due to be replaced with a healthier model anyway).
People profiting off the illegality of drugs who are drawn to high-risk/high-reward work.
People who want to keep ANY of their income sources private. Also see: Anyone who uses cash.
"There is neither an academic nor an accurate legal consensus regarding the definition of terrorism." https://en.wikipedia.org/wiki/Definitions_of_terrorism
This makes it a "weasel word" (or "appeal to anonymous authority" fallacy) pure and simple, like "treason" from back in the day.
Most aren't active and suffer in silence. The rest can be managed. As the grain of truth of Louis CK's infamous "Most Offensive Joke Ever," if pedophilia wasn't as demonized as it is now, then most people would get their kids back after being abused, instead of them ending up dead in a ditch. The former being arguably not as bad as the latter.
> People who want to keep ANY of their income sources private. Also see: Anyone who uses cash.
That's not what money laundering is, I really wish people would stop perpetuating this misinformation. Money laundering is when somebody takes illegal income and "cleans" it by creating fake clients that pay a front business. You obviously have to pay taxes, etc but at the end of the day you have a completely clean cut of your illegal income.
Anonymous payment methods only solve one (very small part) of the money-laundring problem: getting the money to someone who will clean it. After that, you still need to create fake clients and do your tax returns (which require believable income figures). So you're still stuck with trying to convince the IRS (or tax office of your choice) that the money you gained was legitimate.
I found the problem. I don't think money has an intrinsic morality. It might be the result of (what some may deem) immoral action, but the money itself should not be illegal. There is nothing about "suddenly" having a lot of money which should be automatically illegal or prevented, and people should not have to explain every detail about how they obtained the money they did.
This kind of thinking leads to things like asset forfeiture abuse, where merely having a bunch of money on your person is apparently grounds for confiscation.
You may disagree, but I'm entitled to my opinion.
I think he's saying the exact opposite - that it'd be short-sighted to _want_ to deanonymize people and to have to deal with those identities.
digital signatures are somehow non-interactive zero knowledge proofs. So what's the novelty here?
Bitcoin requires each user to verify the entire blockchain, whereas the SNARK-technique means a single user can verify the blockchain, and produce a piece of data which essentially proves that 1. the verification has taken place and that 2. the claimed result of the verification (valid/non-valid) is the actual result of running the verification.
If it sounds too good to be true, that's because it is fairly revolutionary (if it works). Here's the paper: https://eprint.iacr.org/2013/507.pdf
There are a lot of good questions in here, some of which I answered in an AMA a few days ago: https://forum.bitcoin.com/ama-ask-me-anything/i-m-zooko-wilc...
I can't wait to release the next iteration of the Zcash software, in — fingers crossed — just a couple of weeks. We'll continue to have lots of blog posts and technical discussions from us along the way. This is only the beginning!
There have been some concerns raised about your ability to do a pump-and-dump scheme. You mention on your funding page that you are incentivized to support it for at least 4 years due to the payout scheme. My question is, how can that statement be audited, since the transactions are anonymous. Is it built into the client then?
Why are you opposed to premining? (I had to look up the term, so I'm not baiting you! I don't see the problem, so I'd like to hear your thoughts).
The most famous case of premining I can think of is https://en.wikipedia.org/wiki/Coinye (ltc clone), where people started mining it after dogecoin began. Dogecoin was in its first few weeks of release and had an extremely active number of miners; and was even more profitable to be mining than bitcoin at the time. There was speculation that having a celeb figure attached to a currency could bring the cryptocurrency movement mainstream; but when the block explorer for kanyecoin was released it was found that a very large number were premined by the developers, and few people considered it was worth dedicating mining time towards. The devs basically dumped all of their coins onto an exchange and abandoned the currency soon after. Premining is bad for building up a community of miners towards which an altcoin can be established for both trust and future earnings.
If Zcash ends up worthless, then they won't have captured any value.
Since it's not a pre-mine it's not subject to the pump-and-dump dynamics of a pre-mine... it will take 4 years and the coins will have to be valuable over those four years for them to net anything.
It's a reasonable approach to aligning the companies interests with those of the users.
I'd love to hear a better one though, if you know of one.
Here's hoping we see much better means of facilitating polycentric currency systems that render individual currencies no more than "dumb pipes" for anyone who wants to use more than one.
Has there been any serious discussion about incorporating the results of PQCRYPTO in your protocol so Zcash is still secure and viable (at >= 2^128 security level) after the development of practical quantum computers?
The zero-knowledge proof itself offers statistical privacy in the face of unbounded (so more powerful than quantum) attackers. So surprisingly, you are mostly fine. But you would need to take two steps to protect yourself. First, you have to use each zcash address only once.
Second, you need to use a post quantum secure means of notifying the recipient they got a transaction and of the coin commitment openings. The built in mechanism in ZCash, which posts a ciphertext to the blockchain encrypted under the recipients public key is standard off the shelf public key cryptography. It's efficient, but is of course not post quantum secure. Nothing requires that you use this mechanism, however. You can always post a garbage ciphertext and inform the recipient some other way.
It's time to have a serious conversation about whether this is actually true when it comes to financial privacy.
Our society is governed by money. Money governs our production directly, and it governs our regulations indirectly since votes can be purchased. Governments derive their power from the consent of the governed, but we use money that doesn't allow us to withdraw our consent without opting out of the economy entirely. Your complaints about money in politics or unstoppable violent cartels around the world are complaints about tyranny, and we should be fighting that tyranny.
Anonymous currencies go in the other direction. I'm glad people are building them, but we need to start talking about the implications of using them. Everything about our society will be decided by the people with the most money if people accept anonymous currencies. Democracy isn't possible when you can't hope to detect when influence is being purchased.
We're already most of the way there: dollars are anonymous to everyone except the governments that regulate banks. Since those governments have been purchased, those regulations can only really be used against those who haven't already purchased strong representation in the government already.
I think we need to go in the opposite direction. We need currencies that everyone can track so individuals can decide whose power they'd like to submit to. If I know someone is buying influence and I want to reject their power to do so, I can stop accepting any money they've used in that way. People accept money to influence politics because other people will accept that money. If other people stop accepting that money, it won't be possible to buy influence anymore. The people who sell their goods, services, and labor will set the rules by their decisions about what money to accept. Wealth won't govern our society, production will.
This is merit capitalism. I think it's closer to the world we want to live in. I hope you'll join me in reconsidering whether financial privacy is actually a good thing.
However, an unbeatable and untraceable cryptographic money scheme effectively would make bribery of power brokers undetectable, or at the very least, untraceable to it's source.
What we gain in personal privacy, we will trade off for increased government corruption, and it is corruption and its abuses I'd argue are a greater danger than government snooping. If you look at many nations that are struggling, even those with ample revenues, the failure to improve the standard of living can often be traced to corruption and just blatant theft and embezzling.
Government or large organizational snooping is a serious problem in countries without adequate protection of individuals and where discrimination goes unpunished. If I live in North Korea, I want maximum privacy. The threat model in OECD countries is different. While having say, the government of Sweden read my emails is disconcerting, the repercussions and threat from that are far smaller.
The world is full of corruption and cronyism at all levels, both in government, and in large organizations. To what extent are we increasing their power to harm by assuming that maximum privacy effectively disarms their power against us?
This is a truism accepted in the cypherpunks movement that's never really been tested, and it is deeply intertwined with libertarian thinking, that cryptoanarchy or laissez-faire regulation, imposed by technology, leads to a situation where big power brokers can do less damage. But we've also seen that when such organizations are opaque and unwatched, they often become more dangerous.
Traceable currency doesn't solve that problem. People don't have to use literal money to buy influence. The politician does what you want and you make sure their kid gets into the right college. Or you hire their son in law at $250K/year. Or you run advertising that isn't officially part of their campaign but helps them stay in office. Or refrain from running critical advertising.
The problem is not proving that each transaction took place. It's proving that one was a quid pro quo for another. Which the currency tells you nothing about.
> If I know someone is buying influence and I want to reject their power to do so, I can stop accepting any money they've used in that way.
And if you're one person or ten people then nothing happens. But if you have a sufficiently powerful coalition with an organizational structure capable of causing the coalition to act in unison then you become the tyranny of the majority and it is the minority who needs protecting from you.
There is a principle, that I think has basically been proven at this point, if not academically:
A: In any non-optional system used by n people, the bad actors using that system are < n/2 (read: not a majority)
B: It is impossible to prevent bad actors from misusing any system.
C: Trying too hard means the system necessarily damages good actors.
D: Any system that punishes bad participants more than it helps non-bad participants is degenerate.
Bitcoin can be seen as a rejection of a system suffering from C. For perfectly legitimate businesses and people, sending money is an unmitigated pain in the ass, substantial bites taken by middlemen, arbitrary negative action (c.f. civil forfeiture, paypal freezes) and so on. Bitcoin solves almost all of those problems, but makes lives easier for the bad actors too (but not enough that it substantially increases corruption in the world - bad actors gonna bad act)
Now, if your hypothetical system is strictly opt-in, perhaps with social pressure for politicians and such to use it, then I'd have no trouble with it. Were it to become the de facto currency, on the other hand, the problems we have with government overreach and data mining just become a lot worse.
If we accept B as true, then it makes more sense to design for the case of innocent, law abiding people first, out of fear of harming them due to C.
Put another way, I'm a lot more worried about government misusing things under color of law, than I am worried about government corruption. At least regular people can oppose the second one in good faith, while the first one always comes with the "it's legal, so?" baggage.
Governments are people. People who use this system nefariously can be sanctioned by refusing to accept money they've touched. We're so afraid of governments misusing their power because our checks and balances have failed miserably, but it's not so bad that anyone wants to use the ultimate fallback of revolution. Merit capitalism is a check that the people control directly. People don't need to revolt to reclaim power anymore.
From a purely selfish standpoint, I would not want to use this system, because I don't want advertisers, insurance companies, malcontents, stalkers, debt collectors, busybodies, three-letter-agencies, data brokers, or any other random with an internet connection to know that I spent money at a hypothetical STD clinic or received money for participating in a scientific study.
This plan introduces a huge number of of unknown unknowns, where right now, we've got a pretty good idea of how widespread the corruption is, the forms it generally takes, and what, if anything, we can do about it. And since past behavior is the best predictor of future behavior, I can look backwards to see how behavioral data is abused right now, and say with complete certainty that it would be abused more under this system.
Change is inevitable. Zcash is here, so regulation is dead. Conservatism isn't an option: we have to choose how to adapt to change. I think merit capitalism is the right choice.
Thanks for your questions! Good talk.
ZCash is very impressive. Brilliant even. But for those who want better privacy... elect leaders who share the concern. Donate to the EFF and ACLU. Advocate for a 'privacy czar' as a cabinet/ministerial level position.
On the other hand, the more people use encryption, the less useful mass surveillance will be to the government. When the government no longer gets much worthwhile information from eavesdropping, it may be easier to get politicians to put a halt to eavesdropping.
So it could be that the best way to protect privacy is to use both technical and political approaches.
> With this approach, the founders are incentivized to support Zcash for the long haul (at least for four years), and they have limited ability to pump-and-dump.
I don't see how anyone can audit that statement since the transactions are encrypted .
Couldn't one audit the code? Provided zcash itself doesn't have 51% or more of the mining network post launch the open source code should be verifiable and needs to have some special case to route the "founder reward". Though I admit I haven't looked through the source code so I may be missing something.
Zerocash: Decentralized anonymous payments from Bitcoin: http://diyhpl.us/~bryan/papers2/bitcoin/Zerocash:%20Decentra...
Zerocoin: anonymous, distributed e-cash from bitcoin: http://diyhpl.us/~bryan/papers2/bitcoin/Zerocoin:%20anonymou...
How to explain zero knowledge protocols to other people's children: http://diyhpl.us/~bryan/papers2/bitcoin/snarks/How%20to%20ex...
GGPR paper, NIZKs without PCPs: http://diyhpl.us/~bryan/papers2/bitcoin/snarks/Quadratic%20s...
Snarks for C: Verifying program execution succinctly and in zero knowledge: http://diyhpl.us/~bryan/papers2/bitcoin/snarks/SNARKs%20for%...
Secure sampling of public parameters for succinct zero knowledge proofs: http://diyhpl.us/~bryan/papers2/bitcoin/snarks/Secure%20samp...
FWIW I think that confidential transactions and even SNARKs will eventually make their way into Bitcoin.
Reusing an old comment about Cryptonote (which is what monero uses IIRC). Similar analysis applies to Dash, which I believe uses some (no doubt "improved") version of CoinJoin. :
All anonymity is not created equal: you're better off if we can only figure out that one out of 6 billion people bought a Nickelback album, then if we know it was either you or one guy in Tristan da Cunha. The size of your anonymity set matters and Cryptonote provides a rather small one in comparison to Zerocash. This is not to say Cryptonote is worthless, there are tradeoffs between the two, but Zerocash has a distinct advantage in terms of anonymity and I think it matters.
Cryptonote's ring signatures scale linearly in the number of people your transactions are mixed with. As a result, you can't mix an individual transaction with that many people without it getting too big and too computationally costly(chaining transactions doesn't solve this). In contrast, Zerocash mixes every transaction with every other transaction ever.
If you are worried about maintaining privacy given repeated interactions with merchants or others who already have some partial information about you, the size of the anonymity set matters considerably. Longterm intersectional attacks are a major problem with anonymity systems. The smaller the set you mix with on any given transaction, the easier it is for some third party to use outside information to eliminate everyone else in the mixing set (e.g because she knows no one else in the set was online at the time of the transaction or was in your approximate geographic area), and determine the true spender. One of the few effective defenses we have for this is to simply include as many people as possible in the anonymity set. If you want to avoid companies building financial profiles of users from the blockchain, this is precisely the type of attack you need to thwart.
 Technically, up to 2^64 transactions and the networks ability to handle the spent serial number list. So there is a limit, but it's rather large.
That is to say, Zcash isn't a hobbyist effort, it's the result of serious crypto engineering. It's not clown-shoes privacy.
Sounds to me like a product that is only designed for really smart people...
No, I'm not making an appeal to authority. Sorry if it sounded like that.
The team behind Zcash has serious technical chops, and it's worth pointing out that some of the most competent cryptographers and engineers in the world are working on this project.
They've openly published the paper behind their protocol and their code base is open source. They aren't going the "trust us, we're kind of a big deal" route.
If you want to understand, read the paper: http://zerocash-project.org/paper
...and the source code: https://github.com/Electric-Coin-Company/zcash
If you don't want to bother to understand (e.g. if you don't consider yourself a subset of "really smart people"), then you have to find some other metric to decide whether or not to trust it. I offered the backgrounds and reputations of the people involved as one possible heuristic, but feel free to choose another if you prefer.
The original zerocash team approached the bitcoin developers over a year ago asking to integrate some of their ideas into the bitcoin blockchain and were turned down entirely. So they went underground and developed zcash.
Zcash still seems to share quite a bit in common with bitcoin, however. For example, they are sticking with the 21,000,000 coin market cap.
Ie how can we build roads and schools in a Zcash economy?
Builds from source, pulling from Github.
How about I just stick to actual money?
That's just not true. The core developers do control it. Look at the problems its having with the blockchain limit. Yes in theory anyone can fork it and people can run the fork, but that theory has now been tested and it failed.
Similarly, if ZeroCash took off, the "official" devs would be the ones to control it. And they're a for profit company on top of it. I can't think of a worse idea than that. A commodity "currency" that is controlled entirely by a for profit company.
What happens if it takes off? There's one or two founders and a couple investors that essentially control the flow of money in the system. Bitcoin was appealing precisely because it lacked a center control.
Is there something I'm missing here?
Why is this here? Feels like the pump-and-dump world of altcoins is being done here to pump up this post.
Actually there's a precise answer to that. In yesterday's popular Keybase.io thread, the submitter (rdl) said "Along with Zcash, it is the most amazing crypto-engineering project I've seen in years." https://news.ycombinator.com/item?id=11037297
That was evidence the community might find it interesting, and the project hadn't had discussion on HN yet, so we invited an earlier submitter (malgorithms) to repost it. From there it received significant community interest.
> Nothing new here. Add it to the pile
Whoa, this is exactly what we ask commenters not to do when discussing new work on Hacker News. The ratio of dismissiveness to substance in your post is too high. Substantive criticism is fine, of course, but not this; it degrades the discussion.
If you know something or have a genuine insight—including a critical one—you're more than welcome to share it. But "nothing new here", "add it to the pile", and "feels like" is far too weak to justify a dismissive swipe. A comment like this would be better phrased as the question, "What is new here?", in a spirit of curiosity not snark.
Thanks for everything you do, dang.
In the end, though, blockchain tech needs SIGNIFICANTLY more technology development than it has had so far to develop its latent potential.
I'm sure blockchain enthusiasts would be interested in your suggestions as to how to get development funded.
Look at the founder's stake noted here: https://z.cash/blog/funding.html
They get 20% of the mined coins off the top for the first 4 years, without doing any actual mining.
Citation: https://z.cash/blog/funding.html (Check the "Founder's reward" section)
I suppose when you see so many scams, you rely on instinct. But had I read more of the site, I would have realized that Zcash really is something different.
So what did I do? I relied on Cunningham's Law: "the best way to get the right answer on the Internet is not to ask a question, it's to post the wrong answer." I rarely notice my karma score going up, but I certainly notice it when it goes down. That caused me to look at the comments and figure out why.
So I learned something :)
It sounds to me like you don't understand the technology involved. To be fair, it's probably Greek to most people outside of crypto.
How many of the other altcoins were based on zero-knowledge proofs or allowed for private transfers (with respect to the blockchain)?
I'm not aware of any. I think that's something new and worth talking about.
(EDIT: Snark was removed. Sorry dang.)