mimblewimble team mailing list archive

[Ignotus Peverell <igno.peverell@xxxxxxxxxxxxxx>]

Hi all,

I thought running a little poll could be fun and it's on a topic that may be more emotional than technical: in the advent of Quantum Computers, or even computers of infinite power, do we prefer transactions that are perfectly hiding (one will never be able to discover their value) or perfectly binding (one will never be able to steal or create money). It's really inconvenient, but it's been proven we can't have both.

To vote, just reply with one of these 2 lines:

[X] Perfectly hiding, privacy guarantees should remain true forever
[X] Perfectly binding, one should never be able to break transaction integrity

Because some arguments may be non-obvious, I'll flesh out a few.

Why we'd really want perfectly binding transactions is straightforward: being able to create money out of thin air or stealing sounds pretty bad for any cryptocurrency. Note that most existing cryptocurrencies are sensitive to this right now: with a working and powerful Quantum Computer, you'd likely be able to steal a fair amount of bitcoins or even zcash. So there's a definite advantage in offering such strong integrity guarantees.

On the other hand, QCs aren't going to happen overnight. We will likely have years (many experts say decades) to prepare. Also if it was to happen right now, we'd likely have very tangible issues in other places we're not anticipating. But *when* it happens, a chain that's not perfectly hiding will become fully clear. So all the transaction history up to the point where we have fully quantum safe algorithms will be analyzed. And while we can adjust algos, data stays forever.

Cast your votes!

- Igno

P.S. I can't promise we'll do what the majority says (on the crypto side we have perfectly hiding, but not perfectly binding yet), but it'll influence the direction!