|
|
|
|
|
|
by bduerst
3445 days ago
|
|
|
From the whitepaper: >A powerful attacker could potentially fabricate an additional block solely for a targeted user. Spending any coins with respect to the updated Merkle tree in this “poison-pill” block will uniquely identify the targeted user. If ZCash works with that person or organization, then they're able to deanonymize the inputs on the transaction. As a privately owned U.S. company they can be compelled to do this with authorities. For most people this doesn't matter, but for the type of user that bitcoin attracts, I think they would care, which is why I think Monero is probably better for them. |
|
|
It's saying if an attacker extends the blockchain just for you, and makes only you know about its forked blockchain, they would then know that if someone creates a transaction against the unique part of that chain, it must've been you. That attack appears to have nothing to do with the Zcash company as an insider -- the software is open source and hosted from Debian, etc. Am I misunderstanding? How does Monero stop an analogous attack?
(The paper continues "To mitigate such attacks, users should check with trusted peers their view of the block chain and, for sensitive transactions, only spend coins relative to blocks further back in the ledger (since creating the illusion for multiple blocks is far harder)." I don't know whether current software does this for you -- that paper's from 2014.)