|
|
|
|
|
|
by polarized
3348 days ago
|
|
|
The comment to which I replied (not by you) claimed that the anonymity set is all shielded transactions. It is, in the same sense that the first order anonymity set of Monero transactions is all outputs included in the ring signature which can't be proven implausible (e.g. using the methods in Section 3 of the paper). However, Section 4 of the paper points out that a non-uniform distribution means this is reduced, in practice, to a smaller effective degree. The same method can be used with Zcash to estimate a smaller effective degree since many previous shielded transactions are probabilistically unlikely. This is certainly not 'deanonymization' or 'tracing' or any such thing, but it isn't that in the Monero case either. |
|
|