[ianmiers]

It really doesn't help with that unless you use a completely different protocol and assume trusted setup. At which point, just use zcash, it will have smaller and faster to verify transactions. Trust me, I've been working with RSA accumulators for privacy in Bitcoin since 2011.

[rdl]

Ah, I didn't see how the blinding factor was being used (the code is actually easier to understand than the paper). This has approximately the same linkability as monero, inferior to zcash (complex) or chaumian tokens (hyper-efficient, but centralized per-currency, although currencies can be permissionless).