[geofft]

I want to rely on a cryptosystem which means that at a protocol level, the designers can't build in backdoors for police even if they want to. Then I don't have to worry about their public statements. Maybe they're firmly ideologically opposed today and get a court order tomorrow. (This is exactly what happened with well-intentioned scam artist Ladar Levison: he built a system that didn't have the cryptographic properties he promised, and the government called his bluff. He didn't particularly desire to help the government, but he had no choice.)

The question is, do we believe that there's room in the Zcash protocol for a cryptographic back door?

[the_stc]

I am unable to judge zcash and must rely on other cues. So when the founders seem to be saying they're OK with backdoors, it makes me think hey, given the chance maybe there's something they could do.

Anyways once they get mandatory shielded transactions I'll look at it in more depth and see if I can get comfortable.

[neuro_imager]

A couple questions:

- Aren't zerocoin and zerocash two different currencies? Did you mean to say zerocash in your previous comment?

- If what Matt Green is saying is true, is there a way to create a backdoor in Monero or any other new crypto that comes along?

- One of the reservations that I have around z-cash is the "don't roll your own crypto" mantra even if you are an experienced, academic cryptographer? Is z-cash inherently more risky because its using newer crypto?

[the_stc]

I know, but it's the history of the person I'm looking at. Monero could well have weaknesses. That's why I don't rely on it. In fact, I know it has weaknesses. Monero's problem is they do not adequately tell people how to use it safely. The marketing is all about how Monero is safe, not about its limitation. Dangerous game for them to play.

It's not about rolling own crypto. My understanding is that zcash is more risky due to the newer concepts involved.

This is all theoretical right now anyways. Without more support for shielded transactions, it isn't feasible to use zcash to clean Bitcoin or other cryptocurrencies. Exchange volumes of XMR-ZEC are also too small from what I can see to make stacking them useful.

That said, we are reconsidering things. We will probably add zcash as a payment method sometime this week.

[neuro_imager]

I'm curious about your roll-out strategy:

Why start up world wide? Why not start only in jurisdictions where what you're doing is legal? Wouldn't that give yourselves an opportunity to build and test all the layers of your company in a relatively safe environment before moving into markets like the US?

[the_stc]

Not starting worldwide. Launch city Toronto. There are essentially no jurisdictions where we'd be legal. Places that have legal sex work usually make surrounding activities legal. Places where it's fully legal have regulatory issues we wouldn't pass.

US targeted for mid-2018 after we have a few cities smoothly operating.

[geofft]

> I am unable to judge zcash and must rely on other cues. So when the founders seem to be saying they're OK with backdoors, it makes me think hey, given the chance maybe there's something they could do.

This approach is vulnerable to an easy attack: get government funding, design a cryptosystem with lots of backdoors, and proudly proclaim that you will never add one and you will absolutely stand up to the government.

I think you should find a better way to evaluate cryptosystems.

[the_stc]

agree