-
Notifications
You must be signed in to change notification settings - Fork 53
Frequently asked questions
This FAQ is specific to libzerocoin. For a more general FAQ on the Zerocoin protocol and Bitcoin privacy in general, see our website.
We're Ian Miers, Christina Garman and Matthew Green of the SPAR/HMS lab at the Johns Hopkins University Information Security Institute. We conduct research into privacy-preserving cryptographic protocols and occasionally release software. We'll be the primary maintainers of libzerocoin until a long-term maintainer can be found (or something better comes along to replace it.)
Zerocoin extends existing payment systems like Bitcoin to add a decentralized coin laundry. For a detailed description of the protocol see our website. For the TL;DR version see our short overview of Zerocoin. We also provide a short tutorial on libzerocoin for those who are familiar with the protocol.
The current implementation of Zerocoin has two efficiency problems. First, the 'coin spend' zero knowledge proofs are somewhat large (>25 KB). We intend for these proofs to reside in the block chain, but their large size makes this challenging. As a result it may be necessary to distribute them via some other mechanism such as a Distributed Hash Table.
Additionally, Zerocoin spend proofs are somewhat time consuming to verify, at least as compared to ECDSA signatures (they take a larger fraction of a second). This creates problems with latency when all nodes verify them, though we are hopeful that there are engineering solutions to this problem.
We are currently working on improvements to the Zerocoin cryptography that we hope will bring smaller and faster proofs. At this point we will release a 'Zerocoin v2' protocol and users will have to decide if they want to deploy this protocol in their networks.
All Zerocoin clients in a deployment must all be configured with an RSA-type public parameter. The secret portion (factorization) of this parameter is not required during Zerocoin operation and should be destroyed for security reasons. We recommend that this parameter be generated by a trusted party. See generating Zerocoin parameters.
We implemented Zerocoin in C++ because Bitcoin was originally written in C++. At the moment libzerocoin is the only public implementation we know of. We're hopeful that developers will use this library as a guide to engineer similar implementations in other languages, and we'd be glad to offer advice.
libzerocoin requires the Standard C++ libraries (including the STL), OpenSSL and boost. OpenSSL is used for BigNum operations and SHA256 hashing. boost is used for serialization and related tasks. We have limited the use of these dependencies to a small number of locations in the code.
See our Integrating with Bitcoin clients page for more details. Although this description is Bitcoin centric, the basic techniques should apply to any hash-chain based currency. We'll update this page as clients become available.
libzerocoin is licensed under the MIT license. Do what you like with it.
That's not really a question. But great! We love anonymous protocols. Our goal with this project is to create a privacy infrastructure for anonymous currencies. While libzerocoin is our contribution to this effort, we intend to support other researchers' work and help the Bitcoin/altcoin community get these tools out there.
We mainly devote our attention to provably-secure cryptographic protocols. If you have something that meets our criteria and would like to see it implemented/deployed/used -- let us know!