Regardless of the secure computation done during the ceremony at the end of the day there is a degree of trust in the founding participants of Zcash. I think given the people involved, and that they are all essentially security zealots with provable records. messing this up doesn't seem likely. There is no monetary incentive to make a mistake in the trusted setup, and there is significant personal reputation damage to the participants if it was provably hijacked.
Further, the founder's reward despite having a slight smell is really not an unfair way to structure something like this. Significant resources were put into Zcash well before it was deployed, are the founder's supposed to just eat that cost? Why shouldn't their success be tied to the success of the coin they created over a period of time? Would a Satoshi style pre-mine be more fair? These questions are complicated, but without an ICO driving the development, this doesn't seem like the worse case scenario for a commercial entity.
> I think given the people involved, and that they are all essentially security zealots with provable records. messing this up doesn't seem likely.
Speaking as one of those people, even with driving ~2000km across Canada with the compute laptop in a faraday cage, I can assure you there's a lot of ways we could have screwed it up... See https://petertodd.org/2016/cypherpunk-desert-bus-zcash-trust... for some of them.
I wonder if there isn't a more ethically sound way of rewarding the founders of cryptocurrency initiatives. A percentage of the total value of the whole currency seems disproportionally large if you consider the value of the total coin offering possible if they ever attained a status akin to the Euro, Dollar, Yen, or Pound Sterling. While that may or may not ever happen, it certainly seems to be a goal for many of these initiatives.
To me it makes all cryptocurrencies seem like Ponzi schemes designed to profit its founders first and foremost; regardless of any merits.
> […] are the founder's supposed to just eat that cost?
Ideally, some philanthropist driven by idealism would work with a bright bunch of crypto enthusiasts like them to fund development, precisely to prevent the ethical problem of a founder's reward. Alternatively, perhaps a capped value that is based on a fair estimate of the initial costs of development with a fair profit margin (to compensate for the risk) would encounter less resistance than the current trend of an open-ended percentage.
Agreed. As a programmer who's worked with Zooko and other Zcash developers (on unrelated projects before it) I'll add that I was impressed by their security-engineering skill and integrity. (I'm unqualified to judge their crypto.)
I appreciate the research of zcash, but trusted-setup is still just a very sophisticated security theater. The least they should have done is have constructed an open participation.
Indeed. Secure multiparty computation with large numbers assumed malicious participants to do the initial setup would've been enough. As it was, I just can't trust it - even if all the parties are honest and completely trustworthy. I may be paranoid but, in my opinion, if you have to do the same rigmarole that the CA system does then you're still fundamentally broken.
The problem was the existing MPC protocol for generating the paramaters didn't scale that well.
1) It required participants to stay secure during the entire computation. With 6 people we still had problems because it took long enough people had to sleep.
2) If anyone aborted, the protocol had to restart
The next version of the protocol will resolve both of these issues.
Define large. In any case, I would rather have a protocol in which only one of the participants need successfully discard their local state for total security than n participants.
You still would need just 1 participant, it's the computation part that would be open to any number participants in order to reduce the possibility of collusion.
I do not like 20% founders tax. I do not like "trusted" setup. I do like Zooko trying to make fungibility stronger. I do like zero knowledge proofs making their way into the wild.
I don't know what website you are reading, but the Zcash website says it is 20% now but after 4 years drops to nothing, and when you account for the dropping rewards given to minors, after ten years (when mining will end) the result will be 10% went to the founders: so people saying "a 20% tax" are correct today even if the tax rate will amortize a long time from now to only be 10%.
> At first, 50 ZEC will be created every ten minutes. 80% of the newly created ZEC will go to the miners, and 20% ZEC to the founders.
> Every four years, the rate of ZEC being created will halve (again, just like in Bitcoin). After the first four years the ZEC created per ten minutes will drop to 25ⓩ, but after the first four years, 100% of it goes to the miners.
> The end result (as shown in the diagram) is that there will ultimately be 21 million ⓩ, and 10% of it, or 2.1 million ⓩ, will have been initially distributed to the founders.
Everything but the actual private key/parameters should be open-source, vetted and approved before going forward on a cryptocurrency... no magic obscurity when it comes to money. Otherwise, scams and/or vulns lead to amateur-hour fail.
Cash counting machines in banks scan and record numbers to find bills that have already been flagged (such as those stolen from banks/ATMs), but that process is unrelated to the crediting of money to your account. General cash tracking is hypothetically possible, but it would not be trivial to implement.
Well not _you_ but bills do get flagged if they're involved in crimes (like kidnapping or robbery). So when they're deposited in a bank the FBI can track the _relative_ location of criminals.
Just like on the tweets mentions but zooko didn't reply to; what about just having a zaddr cleaning those coins? KYC/AML already exists on (most) exchanges.
I don't think so, you can exchange your money through services like ShapeShift where it remains anonymous at the other end and you can make the exchange to fiat money via Localbitcoins. There are many other alternatives we can think of.
I think it would be good to have an optional KYC/AML attached to cryptocurrency transactions. In this way they can be more popular and more connected to the regulated world.
> it would be good to have an optional KYC/AML attached to cryptocurrency transactions
This is already the case, minus the optional part [1]. Broadly, I'd guess anyone involved with an unregulated money transmission operation is one pissed-off D.A. away from serious jail time.
