(no title)
ewillbefull | 8 years ago
Ring signatures with small anonymity sets have very serious privacy drawbacks, but they have more sensible assumptions for protecting the monetary base integrity.
zk-SNARKs are the opposite: they don't compromise on privacy at all, but require stronger assumptions to protect the monetary base.
steeleduncan|8 years ago
zk-SNARKS have no privacy issues, but to trust ZCash you require absolute trust in the zcash ceremony. This is an issue for many, including me. This ceremony has happened, there is no way for me to prove to myself that the private keys were not stored somewhere. Although I can prove to myself it is decentralised and private, I can't see how I could ever prove to myself that noone can cheat and generate coins with minimal effort, thus devaluing mine. I just have to trust the founders.
Monero's Ring signatures require no trust, but they have privacy problems in the case of small rings. This is solveable by restricting to large rings (as a hard fork will enforce this September[1]), and at that point, I can see how to convince myself that the system is decentralised, private, and noone can generate coins without appropriate mining effort.
[1] https://getmonero.org/2017/09/13/september-15-2017-protocol-...