[–] criddell link

Very well told story, but it was a little frustrating to not hear why the reporter's iPhone was feeding back into the hangout.

reply

[–] justusthane link

Android, but yes, I agree.

reply

[–] soneca link

Actually I heard about it at Radiolab first, but thought it was better to share here one of the linked written article.

reply

[–] eternauta3k link

The article is better in that it has no Robert Krulwich.

reply

[–] johns link

Neither does this episode.

reply

[–] evanb link

Related recent radiolab episode: http://www.radiolab.org/story/ceremony/

reply

[–] petertodd link

> I think given the people involved, and that they are all essentially security zealots with provable records. messing this up doesn't seem likely.

Speaking as one of those people, even with driving ~2000km across Canada with the compute laptop in a faraday cage, I can assure you there's a lot of ways we could have screwed it up... See https://petertodd.org/2016/cypherpunk-desert-bus-zcash-trust... for some of them.

reply

[–] Freak_NL link

I wonder if there isn't a more ethically sound way of rewarding the founders of cryptocurrency initiatives. A percentage of the total value of the whole currency seems disproportionally large if you consider the value of the total coin offering possible if they ever attained a status akin to the Euro, Dollar, Yen, or Pound Sterling. While that may or may not ever happen, it certainly seems to be a goal for many of these initiatives.

To me it makes all cryptocurrencies seem like Ponzi schemes designed to profit its founders first and foremost; regardless of any merits.

> […] are the founder's supposed to just eat that cost?

Ideally, some philanthropist driven by idealism would work with a bright bunch of crypto enthusiasts like them to fund development, precisely to prevent the ethical problem of a founder's reward. Alternatively, perhaps a capped value that is based on a fair estimate of the initial costs of development with a fair profit margin (to compensate for the risk) would encounter less resistance than the current trend of an open-ended percentage.

reply

[–] abecedarius link

Agreed. As a programmer who's worked with Zooko and other Zcash developers (on unrelated projects before it) I'll add that I was impressed by their security-engineering skill and integrity. (I'm unqualified to judge their crypto.)

reply

[–] buttershakes link

Regardless of the secure computation done during the ceremony at the end of the day there is a degree of trust in the founding participants of Zcash. I think given the people involved, and that they are all essentially security zealots with provable records. messing this up doesn't seem likely. There is no monetary incentive to make a mistake in the trusted setup, and there is significant personal reputation damage to the participants if it was provably hijacked.

Further, the founder's reward despite having a slight smell is really not an unfair way to structure something like this. Significant resources were put into Zcash well before it was deployed, are the founder's supposed to just eat that cost? Why shouldn't their success be tied to the success of the coin they created over a period of time? Would a Satoshi style pre-mine be more fair? These questions are complicated, but without an ICO driving the development, this doesn't seem like the worse case scenario for a commercial entity.

reply

[–] justinjlynn link

Indeed. Secure multiparty computation with large numbers assumed malicious participants to do the initial setup would've been enough. As it was, I just can't trust it - even if all the parties are honest and completely trustworthy. I may be paranoid but, in my opinion, if you have to do the same rigmarole that the CA system does then you're still fundamentally broken.

reply

[–] ianmiers link

The problem was the existing MPC protocol for generating the paramaters didn't scale that well. 1) It required participants to stay secure during the entire computation. With 6 people we still had problems because it took long enough people had to sleep.

2) If anyone aborted, the protocol had to restart

The next version of the protocol will resolve both of these issues.

reply

[–] ewillbefull link

At the time, the multi-party computation protocol could not scale to a large number of participants.

reply

[–] justinjlynn link

Define large. In any case, I would rather have a protocol in which only one of the participants need successfully discard their local state for total security than n participants.

reply

[–] ianmiers link

That was the case. If one of the 6 people completed the computation and discarded the results, the paramaters are secure.

Ideally it would have been more than 6 people, but that protocol really didn't scale to more than a handful of people.

reply

[–] kbody link

You still would need just 1 participant, it's the computation part that would be open to any number participants in order to reduce the possibility of collusion.

reply

[–] kbody link

I appreciate the research of zcash, but trusted-setup is still just a very sophisticated security theater. The least they should have done is have constructed an open participation.

reply

[–] GhotiFish link

isn't it 10%? Main site says 10%, but I hear people complaining about 20%. I'm not sure what's going on here.

reply

[–] saurik link

I don't know what website you are reading, but the Zcash website says it is 20% now but after 4 years drops to nothing, and when you account for the dropping rewards given to minors, after ten years (when mining will end) the result will be 10% went to the founders: so people saying "a 20% tax" are correct today even if the tax rate will amortize a long time from now to only be 10%.

> At first, 50 ZEC will be created every ten minutes. 80% of the newly created ZEC will go to the miners, and 20% ZEC to the founders.

https://z.cash/blog/funding.html

> Every four years, the rate of ZEC being created will halve (again, just like in Bitcoin). After the first four years the ZEC created per ten minutes will drop to 25ⓩ, but after the first four years, 100% of it goes to the miners.

> The end result (as shown in the diagram) is that there will ultimately be 21 million ⓩ, and 10% of it, or 2.1 million ⓩ, will have been initially distributed to the founders.

reply

[–] gojomo link

It's 10% of all ZEC over planned mining-distribution, but front-loaded: 20% of mining-rewards for the 1st four years, then 0% thereafter.

reply

[–] anon4728 link

Everything but the actual private key/parameters should be open-source, vetted and approved before going forward on a cryptocurrency... no magic obscurity when it comes to money. Otherwise, scams and/or vulns lead to amateur-hour fail.

reply

[–] RichardHeart link

I do not like 20% founders tax. I do not like "trusted" setup. I do like Zooko trying to make fungibility stronger. I do like zero knowledge proofs making their way into the wild.

reply

[–] mrb link

Zooko was talking about doing KYC/AML at the exchange level. He did not suggest to weaken the Zcash protocol:

https://mobile.twitter.com/zooko/status/863506504518914050

reply

[–] erpellan link

Just like _actual_ cash!

The bank doesn't scan the serial numbers on the money I deposit and yet they somehow correctly credit my account.

reply

[–] Mcphja link

Cash counting machines in banks scan and record numbers to find bills that have already been flagged (such as those stolen from banks/ATMs), but that process is unrelated to the crediting of money to your account. General cash tracking is hypothetically possible, but it would not be trivial to implement.

reply

[–] valarauca1 link

They actually do.

Well not _you_ but bills do get flagged if they're involved in crimes (like kidnapping or robbery). So when they're deposited in a bank the FBI can track the _relative_ location of criminals.

reply

[–] kbody link

Just like on the tweets mentions but zooko didn't reply to; what about just having a zaddr cleaning those coins? KYC/AML already exists on (most) exchanges.

reply

[–] wslh link

I don't think so, you can exchange your money through services like ShapeShift where it remains anonymous at the other end and you can make the exchange to fiat money via Localbitcoins. There are many other alternatives we can think of.

I think it would be good to have an optional KYC/AML attached to cryptocurrency transactions. In this way they can be more popular and more connected to the regulated world.

reply

[–] JumpCrisscross link

> it would be good to have an optional KYC/AML attached to cryptocurrency transactions

This is already the case, minus the optional part [1]. Broadly, I'd guess anyone involved with an unregulated money transmission operation is one pissed-off D.A. away from serious jail time.

[1] http://www.coindesk.com/bitcoin-law-what-us-businesses-need-...

reply

[–] wslh link

That article applies to US law.

reply

[–] JumpCrisscross link

If you do anything with U.S. dollars, the United States claims jurisdiction.

reply

[–] wslh link

You don't need to use dollars in exchanges.

reply

[–] erpellan link

KYC/AML applies to the person, not to the serial numbers printed on the bills they hand over.

reply

[–] wslh link

I am not sure if you understood what I said. You can connect transactions with people.

reply

[–] jameskegel link

That about seals the deal for me.

reply

[–] formula1 link

Seals what? People talking about big ideas that are hard to solve?

reply

[–] mmel link

Too many of these alt-coins are premined cashgrabs.

reply

[–] Casseres link

Okay, that doesn't have anything to do with Monero though as it's fairly mined (no premine or dev tax).

Monero has very good and active dev team that has fixed and disclosed bugs instead of exploiting them for free coins like other alt-coins.

reply

[–] mmel link

Apologies, I should have clarified that Monero was a rare exception to the pre-mining get rich quick schemes.

reply

[–] jameskegel link

Monero is not premined.

reply

[–] Casseres link

It's interesting and definitely worth the read, but if anyone is interested in a cryptocurrency with privacy, Monero is a better choice.

(Monero doesn't require a trusted setup, doesn't have a founder's tax, isn't run by a US company, and address balances are private.)

reply

[–] asymmetric link

FYI, this is from December 2016.

reply

[–] n3x10e8 link

Curious to know the complete story of the phone after this article. Does someone know about it?

reply

[–] j_s link

BitCoin developer Peter Todd's part in this story:

https://petertodd.org/2016/cypherpunk-desert-bus-zcash-trust...

reply

[–] undefined link
[deleted]

reply

[–] pmarreck link

ok why does the URL change after it's loaded in such a way that I can't reload, it seems like it cuts off the last part of the path

reply

[–] anon4728 link

If you put almost any HP RPN calculator right up to your ear, you can hear computation via capacitors.

reply

[–] arthurcolle link

It sounds like zookoo is kookoo

reply

[–] goldenkey link

The math behind Zcoin is shoddy at best. Homomorphic encryption isn't proven impenetrable. I wouldn't use this for anything more than storing cat litter dingleberry coins.

reply

[–] fiatjaf link

Wait, but what about block sizes, mining costs and all that? Zcash will suffer as much as Bitcoin and everything will be lost forever.

reply