[26cf805ae26f]

It's a consequence of the fact that the general ledger (aka the blockchain) is public information. It has to be, otherwise the system would not work; what I mean is that you cannot design a crypto currency whose ledger is not public information.

[nullc]

> It has to be, otherwise the system would not work; what I mean is that you cannot design a crypto currency whose ledger is not public information.

I specifically addressed this misunderstanding in this talk: https://www.youtube.com/watch?v=Twynh6xIKUcat 38:48 while explaining this work: https://people.xiph.org/~greg/confidential_values.txt

You can think of it this way: When you sign a message you prove knoweldge of a private key (discrete log of a particular public key). Everyone can verify the signature, and yet they do not learn anything about the private key they didn't know before seeing the signature.

There is no conflict between verifyability and privacy.

[kragen]

It depends on what you mean by "cryptocurrency". None of the Chaum-based Digital Cash system designs of the 80s and 90s featured a public ledger, but they weren't decentralized. The public ledger was an innovation of Bitcoin (as far as I know, even Szabo's property title system didn't propose to make the ledger actually public), and many people at the time felt that it was a bad idea, since it gave up anonymity.

It seems plausible that fully homomorphic encryption will eventually enable a practical and fully anonymous cryptocurrency, but nobody has figured out how yet. Also, even without FHE, maybe someone will figure out how to make a Bitcoin-style public-ledger system that somehow uses Chaumian blinded keys instead of ditching anonymity entirely.

[26cf805ae26f]

Um... I stand corrected. Thanks !

[Natanael_L]

Look at Zerocoin / Zerocash