Hacker News new | ask | show | jobs
by kbody 3481 days ago
Indeed, even though a couple popular cryptographers have vouched, it's still not the classic definition of peer-reviewed for something that ground-breaking.

That aside, the MPC (Multi-Party Computation) setup is more of a security theater than actual security. It completely goes against of what cryptography is all about and I'm puzzled as to why any cryptographer would base their system's security in such a way.
2 comments
moyix 3481 days ago
It actually is the classic definition of peer reviewed! The paper on Zerocash (renamed Zcash) was published at the IEEE Symposium on Security and Privacy:

http://zerocash-project.org/media/pdf/zerocash-oakland2014.p...

It's a peer-reviewed conference and basically the top venue (along with Usenix Security and ACM CCS) for academic computer security.

I'm not sure what you mean by "for something that ground-breaking"?

link
lmeyerov 3481 days ago
Oakland is more of a systems security conference, so peer review here speaks more to the architectural thinking, and says little about the deeper math. Same thing for Usenix. I'd want to see somewhere like Crypto/EuroCrypt, or maybe IACR, to call it peer reviewed. Even then, it may pass largely on novelty & prestige.

(For background, I used to publish at this conference and others, did my share of paper reviewing, and my colleagues were working on e-cash crypto around the time of bitcoin's rise.)

link
ianmiers 3481 days ago
zkSNARKS, the underlying tricky bit of crypto that Zerocash uses to make anonymous transactions, existed before Zerocash/Zcash. There is a bunch of work on them that was published in Eurocrypt/Crypto/TCC etc. For example [0] at Eurocrypt and [1] at Crypto. Page 37 of that last paper [2] has a summary of work on the subject, though it is now dated as the paper is from 2013.

SNARKs have gotten the appropriate peer review from the right parts of academia. To everyone else reading this: Of course, that doesn't make it secure and there are limmits to peer review. Just because 3 to 5 reviewers read the paper and thought it was publishable doesn't mean it's correct. However, those works were high enough profile that others have looked at the papers once they were published, which is the real meaningful part of peer review and that comes after publication.

None the less, snarks are one of the more sophisticated cryptogrphic techniques ever deployed. And peer review also says abosultely nothing about the security of the implimentations of software instantiating the cryptography. But the only way to remidy that is to build software, deploy it, and get people to look at it.

Zerocash itself is a fairly simple protocol built on top of SNARKs, so the fact that it was published at Oakland isn't the biggest worry. It's also gotten a bunch of scrutiny after that.

[0] http://link.springer.com/chapter/10.1007/978-3-642-38348-9_3... [1] http://link.springer.com/chapter/10.1007/978-3-642-40084-1_6... [2] https://eprint.iacr.org/2013/507.pdf

link
moyix 3481 days ago
My impression with Crypto is that people who focus more on the applied side of cryptography have found it difficult to get papers accepted there.

[My own background is firmly in systems security – I've had papers at Oakland and CCS – and I'm not as familiar with the crypto side]

link
petertodd 3481 days ago
Do you mean to say the Zcash trusted setup shouldn't have used MPC? Or do you mean to say Zcash itself is fudnementally flawed due to the trusted setup?
link
kbody 3481 days ago
The second one mainly. There is probably a way to do MPC in a truly trustless manner but that's another big challenge and Zcash investors were probably getting impatient so they pushed for a launch.
link