top | item 38340889

(no title)

blind signatures are nice and verifiably unlinkable but digital bearer certificates require a trusted central "mint" to issue and reissue them. This central point of failure can and inevitably will... fail, as Chaum's company (Digicash) did. And it can also inflate the currency without anyone knowing.

Bitcoin was the result of cypherpunks going back to the drawing board to create a decentralized solution. Unfortunately bitcoin sacrificed unlinkability for decentralization. Modern "privacy" cryptocurrencies utilizing zero-knowledge proofs are advancing the state-of-the-art in terms of having both properties.

A decentralized DBC "mint" is theoretically possible. However there are two more downsides to blind signature approach: (1) auditing is impossible because there is no history so detecting if mint-node(s) have colluded to cheat or catching an inflation bug is unsolved problem. (2) Arbitrary amounts are not supported so it is necessary to create fixed denomination "notes", which then add size and complexity to every transaction.

source: been there, done that. bought the t-shirt.

discuss

No comments yet.