[tptacek]

The thing that I think should really worry you is that the reaction among the professional cryptographers to this (or at least the dozens I talk to on Slack and Twitter) is "well, that's cryptocurrency for you".

If you have the impression that serious cryptographers are knee deep in the problem space of trying to make sure cryptocurrencies are actually secure, revise your expectations.

[pbsd]

This curl function actually came up in conversation with someone about a month ago. We figured that there was no way the core transformation was secure, and that was about the extent of our interest in it.

[tptacek]

Right! I think people have a misapprehension that working cryptographers feel a kind of moral urgency to ensure that popular software is cryptographically sound. When confronted with insane stuff like IOTA, most cryptographers just drink.

[baby]

Dan Boneh has a course on the subject https://crypto.stanford.edu/cs251/

Lots of cryptographers hate cryptocurrencies, lots of them don't. Alessandro Chiesa is being Zcash for example.

[tptacek]

I'm not trying to say cryptographers hate all cryptocurrencies, but I get why it sounded like that.

[DennisP]

The ZCash team is pretty serious: https://z.cash/team.html

[josephagoss]

The ZCash team are one of the most academic teams out there (for cryptocurrencies), which is a very good thing. The more serious cryptographers that get involved in cryptocurrency the better.

[jameskegel]

To a higher degree, one should note the Monero Research Lab is leaps and bounds ahead of ZCash.

[DennisP]

I'm not competent to compare the work, but there don't appear to be any professional academic cryptographers on either the core or research lab teams.

https://getmonero.org/resources/people.html

Whereas the ZCash team includes several people who were well-known cryptographers before ZCash came along.

[blueprint]

Of course there are. All members of MRL are professional academic cryptographers. There's Surae, Sarang, Shen, etc. Meanwhile the background and "academic" activities of most of the academics behind Zcash are quite sketchy despite their fame. People will come to see this before long.

[DennisP]

The bios of those three say they have degrees in mathematical sciences, physics, and algebraic geometry, respectively. None of those are cryptography. On top of that, they're pseudonymous, so we can't even verify these claims.

ZCash has well-known people, employed at places like Johns Hopkins and Berkeley, who specialize in cryptography and have long lists of publications to their names. If anyone is going to be called "sketchy" it should be the people hiding behind pseudonyms.

I don't own ZCash or Monero, so I don't have a dog in this fight except that I get annoyed at the Monero community's strident insistence of their intellectual superiority over ZCash.

[otheotheothe]

They are not hiding behind pseudonyms and attend meetups regularly, stuff like RingCt was peer revieewed by legder journal...

And yes i call zcash skechy too, creating a currency with a trusted setup and stuffing 10% off all mining rewards in your pockets its an outright scam.

[baby]

How? Honest question. I'm more familiar with the cryptographers behind Zcash.

[Ar-Curunir]

If you're going to make a bold claim, maybe back it up with some evidence?

[josephagoss]

> If you have the impression that serious cryptographers are knee deep in the problem space of trying to make sure cryptocurrencies are actually secure, revise your expectations.

I'd say the teams behind Bitcoin core, Ethereum and especially Zcash can hold their weight to a certain extent.

It's still very early days though and there is a lot more serious research that needs to be done.

I'm not saying that they are perfect, some of those teams have made mistakes, but it's still a cutting edge field so it will take time for more experts to get involved.

[ringaroundthetx]

> If you have the impression that serious cryptographers are knee deep in the problem space of trying to make sure cryptocurrencies are actually secure, revise your expectations.

Confidence in cryptocurrencies come from their ability to be patched.

Every death knell observation merely makes them stronger. People understood that in 2011 and acquired cryptocurrency, they understand that in 2017 and acquire cryptocurrency, they would prefer widespread self perpetuating ignorance continues while they acquire cryptocurrency.

[vertex-four]

The fact that people are buying cryptocurrency is not in itself evidence that cryptocurrency is cryptographically secure. Paying actual cryptographers to help create your cryptocurrency is evidence that it's cryptographically secure.

People use software that lies about how secure it is all the time - even when money is on the line - because they're not qualified to understand security, and additionally don't have the understanding of how to delegate that job of understanding. I'm interested in IOTA, but I've yet to see a respected security company put out a document that explains why it's secure and where potential weaknesses that we might be able to exploit in 5, 10, 20 years might be hiding, so I'm not touching it with a bargepole.

Put it this way: would you use a bank that didn't employ any security engineers and yet made grand statements about how secure its processes are?