[cloudjacker]

What do you think about Cryptonote projects? Such as Monero, Boolberry, a variety of other similar networks

Some advantages Cryptonote has that come to mind:

- They are private by default. Zcash requires two states, a state analogous to bitcoin, and the anonymous zcash state which has to be explicitely opted into. Shadowcash also has this, but opted for ring signatures for the anonymous state (like cryptonote coins use by default) instead of the zkSNARKs. The market hasn't focused much attention on Shadowcash.

- Cryptonote projects have proof of work algorithms that are durable and so far ASIC-proof. Cryptonite, Wild Keccak still are CPU and GPU friendly. But I'd have to read their respective papers before I say "ASIC Proof because memory hard"

- Cryptonote are also auditable if a user wants to reveal information about a transaction. But even then the information is limited, it will show that payments came in and out of specific amounts, but it won't show the sending/receiving address along with those transaction IDs.

- Cryptonote projects have nonthreatening names. Many privacy centric projects have names like Dark- Shadow- Anon- whereas noteworthy cryptonote projects have names that at worst simply wouldn't be taken seriously by a "powerful establishment" until so much capital and infrastructure is already built. I think ZCash or "Zerocash" isn't going to get smiles and congratulations from FinCEN. Hyperbole, but I don't think it is an advantage for the project.

Its one thing to be optimistic about the founders and their company, but for you to say "long" something that doesn't seem like a better investment, makes me wonder what you see in comparison to some other existing technologies.

Looking forward to your thoughts

[ewillbefull]

> Zcash requires two states, a state analogous to bitcoin, and the anonymous zcash state which has to be explicitely opted into.

It does not require two states, this is a misconception that originates from the paper which refers to "basecoins" and other obsolete terminology. The protocol was anticipated to be a sidechain of some kind, but due to technical limitations that never panned out. Our system does use two states, but I personally advocate for removing the "transparent" system in the future when we have things like private multi-sig.

> Cryptonote are also auditable if a user wants to reveal information about a transaction. But even then the information is limited, it will show that payments came in and out of specific amounts, but it won't show the sending/receiving address along with those transaction IDs.

You can do all of this with our system as well, it was one of our design goals!

[cloudjacker]

I get that the protocol in theory doesn't need two states, Zcash the product will have two states. The harder second state likely won't be used that much. There are several cryptocurrencies that had multiple states to promote privacy. Darkcoin's darksend was an option in an otherwise bitcoin clone. Shadowcash has two states where the default state is an otherwise bitcoin clone. Zcash doesn't differentiate there.

As regard to your second point, I know, thats why I said "also".

Aside from the marketing budget and evangelists, Zcash isn't really standing out to me. What do you see? Your idea and possibility of removing the transparent system? From my understanding this means every transaction will have the high system requirements, it still seems like a worse execution of this technology than other existing cryptocurrencies who will be even further ahead by the time these growing pains are even considered on the Zcash network.

[Ar-Curunir]

CryptoNote doesn't look very scalable; if you want a large anonymity set, your transaction size grows linearly with the size of the set.

[cloudjacker]

Scaling is a valid criticism of cryptonote

Have you talked with the monero team on how they plan to address it?

They might not have a good answer (cheaper storage, computers faster in the future), maybe they do have some solutions in mind

This seems to be an issue with zcash too? Can you explain why it isn't?

Given current information if seems like these problems won't become apparent till the year 2021

[Ar-Curunir]

In ZCash each transaction is the same size, regardless of how large your anonymity set is.

[cloudjacker]

Okay, that is an interesting perk, where could I read about that and come to the same conclusion? For some reason I don't recall the white paper explicitly saying that but it wasn't comparing itself to cryptonote to begin with.

[Ar-Curunir]

It's a property of the zero knowledge proofs in question; they're called Succint Non-interactive Arguments of Knowledge because their size grows sublinearly with the size of the statement being proved. In the case of ZCash, the statement consists of proving things about the blockchain, and things are set up in such a way that the size of the proof used is 288 bytes, ALWAYS.

[cloudjacker]

is this proof the one that also cannot be formed in a trustless way?