[rhindi]

Homomorphic encryption, which enables you to process data without decrypting it. Would solve privacy / data security issues around sending data to be processed in the cloud

[juancn]

The extra cost is worrying. You're talking at 4 to 6 orders of magnitude increase in resource usage for the same computation.

Unless we figure out some awesome hardware acceleration for it, it's not practical but for a few niche applications.

It also has the problem that you can use computation results to derive the data, if you have enough control over the computation (e.g. a reporting application that allows aggregate reports).

[chc4]

Modern homomorphic encryption schemes only have a ~100x performance hit. That sounds bad, until you remember that computers are really fast and spend the majority of time doing nothing, and that the difference between writing a program in Python or C is already something like 10x.

[segfaultbuserr]

> Modern homomorphic encryption schemes only have a ~100x performance hit.

Really?! Now I'm curious. If I have a simple program for an 8-bit CPU @ 1 MHz, when can I run this program on a virtual machine using homomorphic encryption, under a reasonable runtime? Is it possible yet? If the performance hit is only 100x, the runtime should not be much longer than the actual chip. But the last time I checked, the hypothetical runtime seems to be still impractical.

[rhindi]

8 bit is definitely doable today, fast

There are basically 2 strategies:

- do fast operations, with a limit on how many you can do. This is called Leveled Homomorphic Encryption, with CKKS being the most popular scheme. Microsoft open sourced a lib called Seal for it.

- do unlimited operations, but with extra overhead. This is called Fully Homomorphic Encryption, with TFHE being the fastest implementation. My company Zama has open sourced an library in Rust called Concrete.

Reminds me a lot of deep learning in 2010, just before it took off!

[segfaultbuserr]

Thanks.

[juancn]

Still, 100x is a lot. I would still bet that it depends on the complexity of the workload.

[SavantIdiot]

Zero knowledge proofs for the win! This is one of the things I need to see in a cryptocurrency before I believe it will succeed at scale.

1 Zero-knowledge proofs,

2 shielded ledgers,

3 democratized and energy efficiency mining,

4 inflationary control, and

5 wallet recovery.

No one has all of these yet, but ZKP is a big part of it.

[gautamcgoel]

Can you explain what you mean by shielded ledgers?

[SavantIdiot]

The fact that wallet IDs are visible in the blockchain breaks it completely for me. I do NOT want an immortal record of every penny I spent and to whom I gave it. Fuuuuuuuck that. Today I have a choice, but with many cryptocurrencices (ETH, BTC) that is a "feature" not a "bug".

Monero and Ravencoin have transparent and shielded entries. I believe the node is encrypted with an ECDH shared secret, so the payer and the payee know each other's wallets, but no one else does.

[drexlspivey]

If by inflationary control you mean non limited supply, grin (mimblewimble protocol) has all those attributes.

[SavantIdiot]

yes, i did mean that. also pegging it to a real currency, like USDCoin. I have not heard of Mimblewimble. Thanks for the reference, I'll add it to my list of coins to study.

[b0tzzzzzzman]

I am also curious what you mean.

[SavantIdiot]

See my peer comment.

[iSnow]

zk-SNARKs are a practical application of ZKPs in crypto.

[35mm]

3 - proof of stake (Cardano etc) solves this, no?

[SavantIdiot]

Like I said, lots of coins touch some of these, but I don't know of any that has all of them.

[takoid]

You should look into Monero.

[SavantIdiot]

Yep. I have. RandomX and ECDH ledgers are a big plus.

[devmunchies]

monero is proof of work? is there a proof of stake alternative to monero?