I think Keybase is making a mistake in choosing Zcash over Monero - especially so soon after Zcash's launch. But that's okay - they'll come around soon enough. Zcash has been fantastic advertising for Monero.
If you are interested in anonymous blockchains, I highly encourage you to look into Monero. It meets or exceeds that of ZCash. And Monero's RingCT is currently implemented and in use on TestNet with a target "go-live" this January.
8GB of RAM is only required when you want to transact; if you're not making transactions but are simply another node in the network (perhaps mining, or something), then I don't think the work required is any different from Bitcoin.
> The cypherpunk, anarchist future wasn’t supposed to be about stronger banking guarantees and wealth redistribution among Reddit users.
I think your interests may fall more closely in line with what the Monero folks are doing. I'm not aware of any other cryptocurrency project with better privacy features. And they're working directly with the I2P developers to get better privacy at the network level(Kovri).
If you're referring to Monero, can you explain how it's "designed" to provide massive increases in wealth for early adopters? Is it the volunteer contributions? Lack of ICO? Perhaps it's the fact that the current market price is lower than when the coin was released two years ago. That surely gives the early adopters an advantage....
There are plenty of early adopters who purchased Monero for several dollars each. And it languished at 30-50 cents for well over a year. And is now only ~$1.
So there's been plenty of time for anyone to be an early adopter....continuing through today and easily for months to come.
Or skip Monero altogether. Aeon, a related project is available right now for less than 1 penny. And has been for quite some time.
So, as to your question, Done. You can be an "early adopter" right now.
This technology already exists today in the form of the Cryptonote based coins - of which Monero is the leading example.
Cryptonote, by default, is an opaque blockchain - your transactions are not visible to the world. But, let's say you're a non-profit organization and you do wish for your donations to be public. Cryptonote allows for that using a "view key".
In this way, you get the best of both worlds - privacy by default, and openness when you need it.
The cryptonote wallets are still in their early stages, but the various coins are available and trading on exchanges today. And you can even use them to pay bitcoin based merchants using a service like ShapeShift or xmr.to .
All anonymity is not created equal: you're better off if we can only figure out that one out of 6 billion people bought a Nickelback album, then if we know it was either you or one guy in Tristan da Cunha. The size of you're anonymity set matters and Cryptonote provides a rather small one in comparison to Zerocash. This is not to say Cryptonote is worthless, there are tradeoffs between the two, but Zerocash has a distinct advantage in terms of anonymity and I think it matters.
Cryptonote's ring signatures scale linearly in the number of people your transactions are mixed with. As a result, you can't mix an individual transaction with that many people without it getting too big and too computationally costly(chaining transactions doesn't solve this). In contrast, Zerocash mixes every transaction with every other transaction ever[1].
If you are worried about maintaining privacy given repeated interactions with merchants or others who already have some partial information about you, the size of the anonymity set matters considerably. Longterm intersectional attacks are a major problem with anonymity systems. The smaller the set you mix with on any given transaction, the easier it is for some third party to use outside information to eliminate everyone else in the mixing set (e.g because she knows no one else in the set was online at the time of the transaction or was in your approximate geographic area), and determine the true spender. One of the few effective defenses we have for this is to simply include as many people as possible in the anonymity set. If you want to avoid companies building financial profiles of users from the blockchain, this is precisely the type of attack you need to thwart.
[1] Technically, up to 2^64 transactions and the networks ability to handle the spent serial number list. So there is a limit, but it's rather large.
The point you're actually trying to make is "every privacy scheme has trade-offs".
Zerocoin's trade-offs are massive: untested / unreviewed cryptography, a trusted initial accumulator that can ruin the anonymity for everyone forever, a significantly larger transaction size, and a blockchain so opaque that double-spends and false coin creation cannot be seen.
Those are the issues that matter, and Monero suffers from none of those problems.
> a trusted initial accumulator that can ruin the anonymity for everyone forever
This is false: even if somebody compromises the initial setup (which, if implemented using the proposed MPC protocol, would require compromising every single participant; compromising n-1 parties doesn't do anything), the system continues to enjoy the same zero-knowledge guarantees. Compromised setup or not, in Zerocash the anonymity set is all participants of the system.
On further consideration I agree with you. Knowledge of the accumulator would merely allow for the arbitrary creation of forged spends that appear valid, but the rest of the system would still remain opaque (much to its detriment in this instance).
Also there is nothing so suggest that a clever MPC will solve the collusion problem. Of course the participants will make claims about their honesty, but if ZeroCoin is worth massive amounts of money the temptation to seek collusion will be there.
Of course, whilst it's true that some participants might stick to their proverbial guns, what is going to prevent a motivated state-level attacker from monitoring as many participants as they can during the computation? Then they only need to compromise the handful that they couldn't monitor, and for that they have rubberhose cryptanalysis.
The way you phrase it makes it seem like the parties involved are perpetually at risk of being compromised, as though they must retain and store the secrets necessary for parameter generation forever. When in fact it will be done once, and well in advance of any significant value in the currency which would incentivize crazy government yatta yatta.
What would happen to transactions on Monero in a post-quantum world? Would all of the transactions become transparent to the 3/4 letter agencies?
Does the 'mixing' of coins happen on a server (so you trust the server not to log anything) or does it happen p2p so said agencies can analyze the network?
I'm not sure that anyone can speak to what happens to crypto in a post quantum world.
Mixing does not happen on a server - that would be an atrocious violation of privacy. Monero (and other cryptonote coins ) use ring signatures - https://lab.getmonero.org/pubs/MRL-0004.pdf
No thank you. With regards to my government, I would like to see more privacy rather than less. This seems to give me less.
I do like the idea of complete transactional privacy between end users and/or merchants. But we already have this today with CryptoNote based cryptocurrencies like Monero - with optional transparency through "view keys".
As far as I understand it, Taler seems to be great for privacy and society (ensuring income is taxable). Governments can't see how you spend your money, but they can see who receives payments.
Bitcoin and others will never succeed because they are too friendly towards illicit behaviour. Taler seems to strike a genuinely interesting and ethical balance here.
The underlying assumption is that governments don't care about how you spend money. This is patently untrue, because "liberal" governments explicitly use taxation as global social modification schemes, for all sorts of things beyond income redistribution - from minimizing percieved vices (alcohol, tobacco) to minimizing environmental footprint, etc.
The idea that this sort of activity is able to be decoupled from surveillance is one of the more unfortunate delusions in politics.
Those schemes don't usually depend on knowing what each particular citizen bought; the tax is imposed on the product, not on the person, so you'll pay it even if you use a perfectly anonymous currency.
That said, I do agree that governments care about the contents of the purchase; around here, all sales must be invoiced with certified software, and a copy of all invoices issued must be delivered monthly to the IRS by businesses. As the buyer, you can opt to remain anonymous, but they're trying to push people into not doing so.
Other less liberal governments will simply ban something they consider sinful instead of try to make money off it while letting their populace (who they are supposed to care about) slide into hell (if the thing is truly sinful). Historically this doesn't work so well in the US, but in other places like Singapore it works better.
Not true at all. Conservative governments often desire things like trade protection tariffs. They may ban 'immoral' things rather than merely tax them differently, but they are still very interested in controlling the flow of money.
I find it fascinating that you think taxation can be generally described as "ethical" without serious qualication; what about taxation by an unethical government, like a dictatorship or a government that uses the money to murder people?
Is cash also unethical because the government doesn't have absolute surveillance on cash spending?
What the project claims is a "liberal" tool can very easily become a very unethical tool of oppression.
I'd like you to define "succeed" and, indeed, "it", so that you're making a testable claim here. Do you mean the present Bitcoin blockchain, or something else?
Bitcoin will never succeed in its current form because its capabilities are limited in a number of ways by design, even if the problem of public's level of expertise goes away. One of such limitations is, even if there are subdivisions down to a "satoshi", "satoshi" level of payments are not currently (and I believe that will not ever be) possible. That is because of another limitation, that is the centralized nature of the ledger which acts as a bottleneck.
I think they're referring to the scalability problem where the number of transactions and size of the blockchain grow to a point where running a full node is prohibitively expensive and leads to a smaller number of miners verifying transactions.
> When you pay with Taler, your identity does not have to be revealed to the merchant. The bank, government and mint will also never learn how you spent your electronic money. However, you can prove that you paid in court if necessary.
Again, existing technologies already provide this. And they further empower the user to expressly define how much anonymity they want...down to the transactional level.
Empowering governments with additional taxation tools is about the only thing this brings to the table over existing technologies.
>"No thank you. With regards to my government, I would like to see more privacy rather than less. This seems to give me less."
I'm of the complete opposite opinion, and am also completely against government due to my ideology.
Basically, while we have a government, I expect them to do their job and to employ any means necessary to do so. We currently task them with keeping us safe, to solving crimes when they do happen, and to enforce the laws we have supposedly all agreed on.
Obviously we have to keep government from doing bad things while in the service of the tasks assigned to it. E.g. unjustified violence of any form.
