Afghanistan
Albania
Algeria
Andorra
Anguilla
Antigua & Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire
Bosnia & Herzegovina
Botswana
Brazil
British Indian Ocean Ter
Brunei
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Canary Islands
Cape Verde
Cayman Islands
Central African Republic
Chad
Channel Islands
Chile
China
Christmas Island
Cocos Island
Colombia
Comoros
Congo
Cook Islands
Costa Rica
Cote D Ivoire
Croatia
Cuba
Curacao
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Ter
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guinea
Guyana
Haiti
Hawaii
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jordan
Kazakhstan
Kenya
Kiribati
Korea North
Korea South
Kuwait
Kyrgyzstan
Laos
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mexico
Midway Islands
Moldova
Monaco
Mongolia
Montserrat
Morocco
Mozambique
Myanmar
Nambia
Nauru
Nepal
Netherland Antilles
Netherlands (Holland, Europe)
Nevis
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Norway
Oman
Pakistan
Palau Island
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn Island
Poland
Portugal
Puerto Rico
Qatar
Republic of Montenegro
Reunion
Romania
Russia
Rwanda
Saipan
Samoa
Samoa American
San Marino
Sao Tome & Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
Spain
Sri Lanka
St Barthelemy
St Eustatius
St Helena
St Kitts-Nevis
St Lucia
St Maarten
St Pierre & Miquelon
St Vincent & Grenadines
Sudan
Suriname
Swaziland
Sweden
Switzerland
Syria
Tahiti
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad & Tobago
Tunisia
Turkey
Turkmenistan
Turks & Caicos Is
Tuvalu
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States of America
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (Brit)
Virgin Islands (USA)
Wake Island
Wallis & Futana Is
Yemen
Zaire
Zambia
Zimbabwe
Course Intro
Grant Hawkins
Course Roadmap
Join Discussion
Keys for Success
Screenshot and Review
Keep a table
Skill: Evaluate privacy of any crypto.
BitCoin Privacy Foundations
Intro
Explorer
BitCoin Basics
BitLaundry
Linking UTXO's
KYC Laws
WhitePaper
Anonymity Set and Trust
ECDSA Basics
Deterministic Wallets
Dusting Attacks
HD Wallets
CoinJoin
DASH
Wasabi and Samourai Wallets
Chainalysis
Quiz.
Intro
Why study BitCoin?
All UTXO-model coins have the same privacy issues.
Many privacy ideas began as BIP's.
To the extent that BitCoin fails in privacy.
Privacy coins will succeed
Most transactions today are still using BitCoin
UTXO Privacy Cunundrum
BitCoin Basics
Public Key
Creates signature scheme
One-way related to private key
Long, random numbers
Private Key
One-direction function.
Hash
Identifiers
Reciever Identity
Sender Identity
Sender IP Address
Transaction Amount
Person Association
Decorrelate.
Shield.
True Fungability
BitCoin Explorer
blockchain.com
History of all addresses is available.
glassnode.com
Macro on-chain analysis
BitCoin White Paper Privacy
Satoshi Nakamoto
Basic Privacy?
Linking if ID's are dox'd.
Why is that weak?
Fresh key-pair per transaction.
What more?
Pseudonymity.
KYC/AML Laws
"Know Your Customer" (KYC)
"Anti-Money Laundering" (AML)
So what?
Who enforces KYC compliance?
What info is collected for compliance?
Why?
Who writes KYC/AML Laws
Capital Control.
Every nation's lawmakers.
All Accounts
Regulators
Limits
Global Banking Cartel.
Regulated Exchanges
Economic Power
Political Power
Linking UTXO's
Why Privacy?
Assembling funds links owners across addresses
Personal Preference
Targeted Attacks
Mass Surveillance
Retroactive Regulations
Political Censorship
BitLaundry
BitLaundry
What's obfuscated
What keeps BitLaundry honest?
What could go wrong?
What could BitLaundry get away with?
Service Reputation
Only 1 hop. Still easy to trace.
Time lag.
Won't get away w/o better anonymity
Total balance until reputation spreads.
Intermediary address
Network Survellance Dox's All Users
Anonymity Set
Set of plausible participants.
In the same ammount
Your Data
Your Coins
Everyone Present
From when sent
To When Recieved
2 type of trust
ECDSA Basics
(k + j)*H = k*H + j*H
- & / are practically impossible.
+ & * are very easy
j is a 'shared secret'
The number of transformations (k) is my PRIVATE KEY
The final point (k*H) is the PUBLIC KEY.
k*H + j*H is publically known
SIGNATURE is k + j proving I know k.
Deterministic Wallets
gmaxwell
Anonymity set to Dox Reciever Bob?
Can generate new addresses w/o knowing private key.
Is Type 2 better?
Much smaller backups
Why so deterministic?
Cannot predict next address from known address.
Only have to back up once.
Master Public Key
Anonymity set is all active, un-dox'd addresses.
Dusting Attacks
Wasabi?
Really?
Wait, what?
Why?
Vs. Type 2?
vs. Type 1?
Shotgun known addresses with BitCoin "dust".
Extrort dox'd accounts.
Alerts on dust deposits in controlled addresses
Don't recycle addresses.
Still can't predict address series
Track which addresses group together in transactions
Heiarchial Deterministic Wallets
bip 0032
Type 2
Customers can derive new PUBLIC keys from Master PUBLIC key
Seed can derive all PRIVATE keys given shared secrets.
CoinJoin
Uses standard BitCoin syntax
No set matching method.
No set reputation scheme.
Smaller transaction size than other methods
Can be staged to further mix coins
Indistinguishable from large single-user transactions.
Gathered inputs don't need to be from one user.
Better'n ZeroCoin?
Better than CoinLaudry?
Failure Risk?
How is anonymiy increased?
How are transactions small?
Somebody doesn't sign.
Can't assume all inputs are from the same user.
Looks like a single owner transaction.
3rd party never holds keys
Vastly smaller overhead.
No system to exclude failure users.
Possible centralized reputation system.
DASH PrivateSend
What's hidden?
Sender address
More risky than a BitCoin Tx?
How could you link addresses?
Do "Master Nodes" improve CoinJoin?
How?
Reciever Address
Transaction Amount.
Master nodes recieve "no identity"
Separate mixing at each denomination.
Makes change into even amounts.
Automate matching
No failure risk.
Tx signed in advance
Even-changed outputs are a dusting attack.
Log 'em and watch 'em.
Yes, because its obvious you tried.
Yes, because you're trusting master node escrow.
Wasabi and Samurai
Common Ancestor?
WTF is Sybil?
No centralized coordinator
Wasabi
Samurai
Pretending to be multiple users.
Fake pump to Anonymity Set
Samourai vs. Sybil
At what cost?
Lower Tx performance
Possible snitch ID's.
Chainalysis
ATF
Hacks
Attention Getters
ransomware
CIA
Spook users
Dark Net Market
Mixers
terrorist financing
Secret Service
DEA
SEC
GEMINI
UNODC
Square
Recomend using
Monero
But no mobile wallets
Stay safe out there.
Avoid mobile wallets
Wasabi/Coinjoin
Always VPN|TOR
ZeroCoin
Evolved into Zcoin (XZC)
Transactions destroy coins and remint them.
WTF is a "ZeroCoin"?
Different blockchain.
Quiz
A privacy coin hides one or more of...
Sender
Anonymity set recieved in block i with delay d to R
IP Address
Tx Amount
Reciever
Signing a UTxO must use same PRIVATE key from the PUBLIC key that recieved the UTxO
'Linking' was in the BitCoin WhitePaper
Same denomination
from i-1 to i-R
EEC
n-transforms is the private key. Destination is the public key
Is a well proven tech.
HOw can HD wallets improve privacy?
Require a shared secret.
Easy to generate many addresses from single private key.
Main benifit of CoinJoin over Zerocoin for BitCoin?
No fork needed.
Dash's Private Send
Didn't invent CoinJoin
Sybil Attack
Many pseudonymous identities.
CoinJoin is easy for Chainalysis
CryptoNote to Monero
CryptoNote Ecosystem
Pedersen Commitments
CryptoNote/Bytecoin Scam
Monero Announcement
Cryptonote Anonymity Set
Ring Signatures
Stealth Addresses
Confidential Transactions
RingCT
The Monero Explorer
Bulletproofs
CoinHive
Monero History
Dandelion
Tari
Monero CCS
Quiz
CryptoNote Ecosystem
Implementations
Adaptive network limits
Monero
Bitmonero
ByteCoin
Key Features
Stealth Addresses
CryptoNight anti-ASIC consensus
Ring Signatures
Privacy
Scalability
Stealth Addresses
Builds on HD Wallets
Sender knows when reciever spends.
Adds Tx Key to Tx record
Use Reciever's Public key to encrypt shared secret
New TxKey field. New blockchain.
Hides Recipiant
Amount still public.
Ring Signatures
Hashes UTxO really being spent
Adds it to list of spent UTxO "key images"
Validate if "one signature in ring is valid" AND key image is unique.
Signs UTxO, AND fake signs n UTxO's.
Same amount.
CryptoNote Anonymity Set
Decoys limited by ammount.
Decoy quality degrades with time
Ring signatures
As big as the decoy set + 1
Infinite possible addresses.
Stealth Addresses
Monero Anouncement
Announcement post
Better'n CoinJoin?
Better'n ZKP-based approaches?
Better'n ZeroCon?
How many core devs?
How many eyeballs?
When did this drop?
Mixes outputs, not transactions.
April 25, 2014, 12:38:50 AM
4,623,499 reads.
Seven there were.
More mature cryptography
Can't stealth mine/spend
No accumulator trust.
No operator trust
Cryptonote/ByteCoin Scam
The Open Letter
When was ByteCoin Released?
The community saved it.
How many tips in the hat?
Why does Bitmonero/Monero rock?
No really.
April, 2012
March, 2014
Identifyable devs.
1.23348604 BTC.
Pedersen Commitments
EC obfuscate the ammounts
Add a blinding factor.
v1*H + v2*H = v3*H
v1 + v2 = v3
Input1 + Input2 = Output1
(v1 + v2)*H + (r1 + r2)*G = (v1*H + r1*G) + (v2*H + r2*G)
(v1*H + r1*G) + (v2*H + r2*G) = (v3*H + r3*G)
Tx amounts just need to balance.
Convert to EC keypairs. Still balances.
But amounts as n are too small. Easy to chart.
New generator point G
(v*H + r*G) is "Pedersen Commitment"
Preserves addition and commutative property applies.
To spend UTxO must know v3 and r3 to balance Tx.
Confidential Transactions
The Ledgend Speaks.
How's it help?
What's "commutative property"?
What's hidden?
Why are they here?
What's a "range proof"
What's a "scanning key"?
Tx Ammounts
Establishes the shared secret
What's it unlock?
Prove the [min, max] range of the data
Bigger or smaller Tx's?
Bigger, but recoverable to haul more data.
Ability to separate & re-combine terms across addition and multiplication.
Separates data EC from blinding key EC
Rewindable range proofs.
Prevent over|under- flow in multiplie I|O Tx's
Elements source code.
Ring Confidental Transactions
Combines
RIng Signatures to obfuscate reciever.
Basis for modern Monero
Stealth addresses to hide sender
Validator must check all 3.
Confidential Transactions to hide amount.
CT Blinding factor stuffed into stealth address index.
The Monero Explorer
Monero Explorer
Don't bother. Smeg off.
Monero Wallets
Simple, awesome.
Bulletproofs
Article
Blockstream
Bulletproof is more time consuming.
vs. zk-SNARKs?
Source project network?
What's a "Bulletproof" do?
How do Bulletproofs improve multi-TxOs on Monero?
Reduces Tx storage size.
Greg Maxwell
Peiter Wuille
Andrew Poelstra
Miniscript
No trusted setup for parameter generation.
BitCoin Core
Aggregates CT-ring signatures
Mimble Wimble
Schnorr-based multisignature scheme
CoinHive
XMR fork.
2018's most wanted malware?
JavaScript code embedded in websites
WTF is "Cryptojacking"?
50% hashrate drop
What crashed CoinHive?
Mines cryptocurrency with user's computers
Does not ask user permission
Credit's author's wallet.
No longer profitable
Typically Monero because privacy.
Monero History
BitChain
WanaCry Ransomware converts BTC to Monero
0.10.0 Wolfram Warptangent addst Ring CT. Performance boosts.
AlphaBay, Darknet market accepts Monero
0.9.0 Hydrogen Helix. Bug fixes. Got serious.
BitMonero
0.11.0 Helium Hydra increase min ring size to 5
External audit passes...mostly.
0.12.0 Lithium Luna increase ringsize to 7
0.13.0 Beryllium Bullet enable bulletproofs. Increase ringsize to 11
0.14.0 Boron Butterfly more features run faster
0.15.0 Carbon Camaelon new PoW, RandomX
Dandilion
Dandilion 4 Monero
Two ways to bloom?
What's Dandelion++ about?
"Fluff": flood from stem endpoint node.
2 Phases of broadcast
Stem: single path, anonymous
What is "Flooding"?
Stem node fails to hear echo and blooms.
Stem data hits a diffusion node.
All nodes transmit all known transactions at once.
All information spreads in echo-location waves
vs. Chanalysis listening bot armies.
Makes everything random and redundant.
Tari
Tari
"Privacy Trojan Horse"?
What's a "Digital Asset"?
What's a "DRM"?
How's it Monero?
WTF is "Tari"
Why switch from copyright?
Runs as a merge-mined sidechain
Digital Assets management
"Digital Rights Management"
Marketing and tax privacy
Stealth on-board users to Monero
Anything created that exists as data
Monero CCS
Community Crowdfunding Service
Intro
Why's Monero care?
Book report a project
How much cash is in play?
How big's the leader?
Who's got the keys?
The "core team" manages escrow.
RandomX Audit, $118kUSD, 40 contribs.
3,188 XMR, $210.5kUSD
Figure new atomic swap protocol Monero <--> BitCoin
Last attempt used deprecated BTC Op-Code.
Estimate 1 week research
Increase Monero liquidity with BitCoin
From Zerocoin to Zcash
Intro to Zero Knowlege Proofs
Zcash Genesis Ceremony
Zerocash
Zcon Explorer
ZeroCoin Protocol Flaws
Zcoin
ZeroCoin
Zcash Sapling
Zcash Gemini
Zcash Funding
Zcoin Comparison
A Conversation about Lelantus
The Zcash Explorer
Zcash and Monero Comparison
Quiz
Intro to Zero Knowledge Proofs
Everything 'Z'
zk-SNARKs
ZeroCoin paper
Prove you know something, without giving it away.
Zcash
Zcoin
Zerocash paper
ZeroCoin
Need proof of committment to spend
Pass serial along to blockchain
Take one down, mint it to the accumulator...
Fixed inventory of possible coins.
Network key is to the acumulator.
Must also be in the accumulator.
Zcoin
Poramin Insom
Wanted to tie Zerocoin with Vertcoin via merged mining.
Why jump from Zerovert?
How Zerocoin is Zcoin?
How'd Poramin fix 'trusted setup'?
What'd he do?
Matthew Green
One of the inventors of the Zerocoin protocol
Had some recommendations on RSA UFOs
Used RSA-UFOs
Zcoin Uses Zerocoin protocol
Couldn't sell it to Vertcoin community
Was re-seeded with RSA-UFO's
Improved code performance.
RSA
RSA
RSA-UFO's
RSA modulus Of Unknown Factorization (UFO)
Adi Shamir
Ron Rivest
Leonard Adleman
MIT
Rivest Cipher "RC" RC2, RC4, RC5, RC6
Differenctial cryptanalysis
DNA computing
Berkley
Public/private key scheme
Named after it's authors
Published in 1977
Equivalent system developed by British GCHQ
Clifford Cocks
Declassified in 1977
Invented in 1973
Zerocoin Protocol Flaws
Oops.
Reactions vs. 2019 attack
How'd they 'fake spend' in 2017?
8 forks replaced ZeroCoin in 2019 by...?
Worse'n ZeroCoin.
ZeroCash
Better'n ZeroCoin.
smaller proof size
Can't audit total supply.
Zcoin
PIVX
Veil
Enhanced Privacy
Faster verification.
Weaker combat history.
Private transactions are slow.
Sigma
H-Forked to v2
Resurrected "ZeroCoin spends".
Otherwise abandoned ZeroCoin
Been de-anonymized.
Staking rewards still paid in ZeroCoin.
PoS Time Protocol v2.
Looking to replace ZeroCoin protocol.
GravityCoin
\
Noir
NavCoin
SmartCash
Zcoin Explorer
15,730.79580894 ZCoin still exist.
ZeroMint
Alice
Bob
ZeroSpend
100 ZCoin
Shield 11.26 XCZ
10 ZeroCoin
1 ZeroCoin
0.15 XZC (after 0.1 Tx fee)
I know Alice. And what else?
I know Bob. And what else?
What is Bob's anonymity set?
XCZ balance.
nTx's
Total XCZ Recieved
Total XCZ Sent
nZeroCoin in reserve.
Existing unspent ZeroCoin pool.
Ablative. Each transaction reduces anonymity set.
Zerocash
Industrial-Grade WTF.
Spending
Separate proofs for spender and reciever
Inputs stored in a Merkle Tree
Block noise
Recieving
Lots of keys in the blockchain.
New paper. Now using Zero-Knowlege Proofs
zk-SNARKs
ZCash Genesis Ceremony
Hush Hush
How many stations must be hacked to break ZCoin?
How many stations in the teddybear picnic?
Yeah. I'll buy it.
Uh...is this helping?
What's a "side-channel attack"?
Why keep it a secret?
Six.
All Six.
One key to rule them all.
(and in the darkness bind them?)
The one key must be destroyed before it can be used.
Touchless survellance
Seems to still be working
ZCash Sapling
Sapling
Most Tx's use BitCoin-like addresses.
Why are most ZCash Tx's transparent?
Can now see outgoing Tx's: value, memo, and target address.
How do viewing keys change?
Connected computers can construct proof w/o exposing the spending key
Why does Sapling enable the use of hardware wallets?
ZCash Gemini
"BitCoin is digital gold, and ZCash is digital cash"
Toes Gemini support shielded addresses?
What other currencies does Gemini support?
BitCoin
What does the NYDFS approval entail?
KYC
Ethereum
Yes from deposits.
No for withdraws.
At launch
AML
Improved institutional trust.
Regulators nosed-over ZCash
ZCash Funding
Board Meeting
Who gets to vote?
How's the money dealt out?
Why fix it?
What was Plan A?
Why reject the upper bound?
Why?
ZCash Community forum + 72-person advisory panel.
Now 80/20 Miners, community fund.
Bag holders included.
Poor market track record.
20% block rewards went to founders/investors
Limits positive thinking.
ZCoin Comparison
ZCoin vs.
How's ZCash
Worse.
WTF is a "Lelantus
Sigma Protocol.
Monero weaknesses
Better
Camoflauges, but does not break spender:reciever link
RingCT can be probabilitied to 1:2 at 45%
Timing Attacks
How to?
What's exposed?
Stop it.
How's it fix Sigma?
Look for coins spent as they're minted.
Sender-Reciever relationship
Pre-mint coins well ahead of spending them.
Removes fixed ammounts.
Upgrade to Sigma
"Completely breaks" sender:reciever link
Computationally intensive.
Why?
If its not anon... just use BitCoin.
Anyone could be their own "Fed go brrr"
Is this article fair?
No supply auditability
Mostly.
Tx Ammount
No longer need to mint ZeroCoins
Huge anonymity set
Utterly destroys older algorithms.
Has some hope for future developments.
Some.
Lelantus
The ZCoin Explorer
Splits between
75 second blocks
ZCash Explorer
Blocks are all different sizes
Shielded S-address
ZCoin wallet
Transparent T-address
ZCash vs. Monero
Released on site
0.68 kb ~4 Tx/min
ZCash
Shielded Tx's ~15% of all Tx's.
Released on GitHub
Monero
2.92 kb ~7 Tx/min
The Best of the Rest
A Tale of 2 Coins
MimbleWimble 1 OWAS
Beam Unique Features
Grin Transactions
MimbleWimble 4
MimbleWimble 3 Cut Through
MimbleWimble2 Excess Values
Breaking MimbleWimble
Breaking Beam
Verge
Aztec
Incognito
Quiz
A Tale of 2 Coins
Article
Volunteer research project
VC Funded
Beam
Corperate structure w/ dev foundation.
Open-source community-driven
Grin
Mass Adoption
Hackers Only
Store of Value Limited issuance
Currency Uncapped Issuance
Both try to defer ASIC mining.
Both may be vulnerable to AI de-anon.
One-Way Aggregated Signatures
Result is one signature for all senders
Signatures are additive
But each input signs in series
It's CoinJoin
Excess Values
Eliptic Curve
Bob creates an extra output where v4 = 0 and (r1 + r2) = (r3 + r4)
Alice sends (v1 + v2) and (r1 + r2) to Bob
Pedersen Committment
r4 is the spending key
r4*G is the 'public key' for the output,
Cut Through
Mining rewards = UTxO's + All Excess
Subs terms across senders in chains
Bricks together.
Breaks link between sender/reciever outputs
Confirming
Improves scaleability
All transactions in each block are sender-joined.
Arithmetic of CT removes centralization from CoinJoin
Still requires a shared secret between A & B
Removes sender's UTxO from the blockchain
What's known
IP is unshielded at node, but dandilion.
Amount is shielded
Reciever is the creator/signer of kB
Sender is the creator/signer of kA
A node could link kA to kB
Grin Transactions
Article
What's in the transaction kernel?
Why can't Bob broadcast the transaction after choosing blinding factor and nonce?
Bob
Alice
Why can't Alice choose Bob's blinding factor (rr) and nonce(kr) for him?
What gets broadcast?
Constructs a partial transaction and sends it to Bob.
Then only Alice could spend.
Doesn't have Alice's keys to concatinate
Signature of the transaction
Public key of excess binding factor
Transaction fee
No agreement of value.
Inputs used
New Outputs
Transaction Kernel
Would leave Bob's keys exposed
An EEC Primer
No confirmation that Bob has the keys
lock height
Kernel Offset
Beam Unique Features
Article
How's BEAM do asynchronous Tx's?
Tx Fee Refunds
Incentivize me.
How's BEAM recycle transaction kernels?
Relative forward time ranges.
What's new in BEAM's timelock?
Validate later transactions with old kernels.
How'bout one-sided?
Secure Bullitin-Board System running on BEAM nodes.
Allow reverse-order Tx construction
Breaking MimbleWimble
Article
What % of live nodes were polled?
Fix it!
Does not know.
Supernode
Knows
WTF's a "sniffer node"?
No, YOU fix it.
Single node connected to a good chunk of the network.
Recording adversarial node
Unbound sender|reciever committments
Tx Amounts
200/3,000 nodes or 6%.
Layer it with ZCash to unlink sender|reciever
Randomize Dandilion stem transmissions across larger link set.
Map Dandilion and prove stem links are unique. Disallow collisions.
Rebuttal
Anything else?
Ivan Bogatyy smells? Yeesh.
Breaking Beam
About this guy again...
Lelantus
When does the anonymity set break 100k?
How does BEAM prevent dummy Tx's from clogging the chain?
What's the minimum nOut to re-broadcast a Tx from a BEAM node?
What's BEAM's solution to linkability?
WTF is a "one-kernel Tx"?
An unmerged transaction.
Decoy Tx's. Lots of decoys.
Five outputs there always are.
Mixes them into Tx's later (they're zero value).
Verge
KeyTech
Stealth addresses hide recipiant
What's shielded?
IP addresses via Tor.
Sender
What's not shielded?
Tx Amount
Alice
Bob
Sending 15 XVG to Bob
But Alice's address is known.
Transaction ammount is clear.
Watch chain to spot Bob spending the 15 XVG
Aztec
Article
WTF is a "note"
Why ZKP don't work on ETH
Protocol
What's shielded so far?
What's Aztec Crypto Engine Do?
Why use notes?
What'll be shielded next?
Validation is too much math while paying GAS.
Big gas payments betray Tx participants.
Aztec centralizes and subs out Sigma math to partner "trusted contracts"
Cointainer for a De-Fi asset.
Homoginizes all entities under Aztec protection.
Allows for a common Aztec functional interface.
Manages Notes
Join|Split (Transfer)
Bilateral Swap (Trade)
Dividend Proof
Mint
Burn
Public Range
Amounts.
Everything.
Incognito
Incognito
BTC -> "shielded BTC"
Alice
What's under the hood?
How does "sheilding" work?
Anonymity Set?
Bob
Linkable ring signature scheme
Trade other crypto for "PVT" on Incognito network.
Atomic swaps?
Homomorphic commitment scheme
ZK Range Proofs
Sharding for scalability
Alice sends BTC to the incognito BTC liquidity pool.
Incognito Network Releases BTC-flavored PVT to Alice
PVT Tx'd to Bob
Bob trades BTC-flavored PVT on Incognito network
Incognito BTC liquidity pool unlocks BTC to Bob.
All BTC-Incognito users.