|
No reason to be sorry. well, the title was supposed to be longer :P. I was going to write the same as the github title but it didn't fit. It is clearly a toy---ahermmg---semi-serious theoretical exercise, and not a real competitor to bitcoin or zerocoin, you are right in that respect. This (as far as I know) does make it impossible to trace the history of a coin, because there is no recorded transaction history, assuming you don't send the transaction details directly from your ip (and valid coin transfers are mathematically impossible to spoof from e.g. an exit node). You also don't need a centralized tracker, you just need a public record of all known coins which is kept in sync across several mirrors. I should clarify that in the readme; the only reason why I mention assuming a centralized tracker is for the performance estimate, because syncing trackers would induce overhead. Unless you see something I am missing... The reason why this uses zero-knowledge proofs is twofold; first, to allow anonymization of individual transaction ids by ensuring it is impossible to spoof transactions without knowing the secret key of the corresponding coin, and second to avoid the use of a blockchain which further degrades anonymity. Again, it may be that you have discovered a reason why this does not hold, in which case I would be interested to hear it! Regarding the matter of coin transfer, this was a design decision because of the project scope. I could have spent many days implementing a transaction system which did not depend on the secrecy of keys, but I have other commitments. That being said, there are a subset of transactions (involving money, but also authentication of physical goods in transit, for example) which can potentially be treated this way. For instance, I can use it to verify the user is in possession of a particular hardware (a physical "coin") which stores the secret key in encrypted form. Which could be useful in e.g. shipping applications, who knows. |