Author: Gregory Maxwell 2013-05-16 02:45:34
Published on: 2013-05-16T02:45:34+00:00
In an email exchange on May 15, 2013, Mike Hearn asked about Adamcoin and whether it was similar to Zerocoin in concept. The key difference between the two coins is that Zerocoin completely conceals the connection from everyone forever, whereas Adamcoin only conceals transactions from people who aren't involved in them. However, as time goes on, everyone eventually becomes a party to a sufficiently old coin, which creates quadratic costs in evaluating a private clique's claims. Therefore, an implementation would make the identities public but only once they're buried a bit.One extreme version of the idea involves everyone creating txouts paying P2SH addresses that have an OP_PUSH nonce in them and telling the recipient the nonce out of band. When the recipients spend those coins, they provide the script but not the nonce. The recipient knows what coins they're spending, but the public does not. However, there wouldn't be much privacy once a transaction was sufficiently split up, so instead, the unblindings are published once transactions are sufficiently buried, thus bounding the growth of the proofs.
Updated on: 2023-05-19T16:58:54.791088+00:00