RT @PhABCD: ERC-1724 - zkERC20: Confidential Token Standard
A common interface for fungible tokens that want to implement confidential transaction functionalities via zero-knowledge proofs and a corresponding Cryptography Engine (see ERC-1732).
RT @aztecprotocol: On Friday we released the Confidential Token Standard, backed by the AZTEC cryptography engine. This is the equivalent of the ERC20 token standard but in zero knowledge. 🎉
think Monero inside Ethereum, but many tokens can work that way, untraceable, or at least, very very hard to trace. Money launderers and people under tyranical regimes with strict banking controls rejoice.
It's not just for people under tyrannical regimes or wanting to commit crime. It's for anyone wanting to use Ethereum for actual business purposes. In almost every business case, you cannot publish your private financial data to the world every time you execute a transaction. Without privacy, that's what it means to use Ethereum right now, making it more of a technological curiosity than a real financial/business tool.
it's true, I was just trying to give an eli5. I guess we've just gotten used to having our affairs rather publicly after blockchains came about, I remember being outraged at the possibility of anyone being able to see my balances and thought it'd be very dangerous in countries where you get robbed just for having a nice pair of shoes.
For example, if I had one of these zkERC20 addresses and transferred an ERC20 token to my address, wouldn't there be some trail of non-encrypted addresses that showed the token initially moving into the address? If so, wouldn't it be possible to infer there is a token value there?
I haven't looked at the details of zkERC20 specifically, but with some reasonable assumptions about its implementation:
Like you're saying, there would be proof of the token initially moving into the address like (i.e., the balance is known at t=0). At t>0 (just one block later), any or all of the balance could've been moved to a different masked address, so it's not safe to make any assumptions about the balance anymore.
It's good technology, despite its well known limitations. It's like saying most cryptocurrencies are useless because you can see what's on the blockchain. This is absolutely progress in the right direction. This team isn't selling anything either, this is just a token standard so any number of people can spin up their own zktokens. Then people can choose for themselves which tokens they trust.
Hey /u/SpacePip, can you explain your position in more detail?
The trusted setup ceremony we will be running will be a multi-party computation. In order for this part of the protocol to contain any sort of back door, there would either need to be collusion from every single participant (100+), or someone would need to break the discrete log assumption, which is pretty key to most of the field of elliptic curve crypto.
If you want to be sure, you can participate in our MPC and destroy your chunk of toxic waste. Even if every other participant colludes, the system will still be secure.
Let me know if you have further questions about cryptography or multi-party computation!
Are you referring to this part? "Creating a clear separation between the transaction sender and the economic beneficiary allows *third party service layers* to be tasked with the responsibility to sign transactions."
Couldn't a third party take the form of a smart contract that can accept ETH deposits and transmit them as gas fees? Sort of like how Tor bundles all browsing data and tosses it out of random nodes?
This analogy may not be perfect and I admit I am not a technical person.
Hey /u/DboVilakati! This feature is indeed mainly to allow for meta-transaction style setups. The trusted setup is a distinct computation which needs to happen only once (right now scheduled for April), and isn't linked to transferFrom.
Let me know if you have other questions, happy to clarify anything :)
Well, that is up to these promoters and shillers to explain.
Because everybody knows that trusted setup is synonymous with a backdoor, hence being unsuitable for trustless and private applications as far as this movement and censorship resistance is concerned
Well he's wrong, the multiparty computation scheme was explicitly designed to make that impossible. It's possible for zksnarks in general if proving key is generated by a hostile party
There's a lecture from a cryptography professor about that somewhere, if I have a link on my pc I'll post it later
I understand your position and am skeptical for the same reasons, but let's give them a chance before labeling them one thing or another. The team is developing something useful and whether or not it is perfect has yet to be determined.
You cannot just promote a trusted setup without explaining why it is useful and to whom. And why it is okay.
You dont understand. We do not need to do anything. They are trying to convince us to use technology with a backdoor. Is that not disgusting?
Imagine edward snowden recommending everybody to use facebook messaging and gmail...
Downvote this guy all you want but it doesn't make his point invalid. The "trusted setup" is a major weak point with this tech and provides such a massive backdoor if exploited. I remain skeptical although I do think ETH will benefit from private txs. It's just a question of whether they are actually private or not. I also think that Edward Snowden may just be an NSA asset (whereas Assange is the real deal).