← Back to team overview

mimblewimble team mailing list archive

Fwd: Re: [POLL] Perfectly hiding vs perfectly binding

 



[X] Perfectly binding, one should never be able to break transaction integrity

All privacy concerns about digital currencies will likely make no sense in a world that quantum computers exists. Satoshi, on the other hand, made transactions records public. He/She did not care if you want a strong privacy. Small amount of limited privacy in Bitcoin is after product of ECC.

Secure integrity is the key.

Kimden: Casey Rodarmor
Gönderildi: 4 Mayıs Perşembe 08:38
Konu: Re: [Mimblewimble] [POLL] Perfectly hiding vs perfectly binding
Kime: Ignotus Peverell, mimblewimble@xxxxxxxxxxxxxxxxxxx


Hi All,


In a world where large quantum computers exist, then only perfectly binding chains are of any use of all.


However, if a world where large quantum computers do not exist, then it seems like perfectly hiding chains are preferable.


Barring undisclosed advances in quantum computing, we seem to find ourselves in the first world, although perhaps the second is just around the corner.


In that case, then perhaps a perfectly hiding chain and a perfectly binding chain with cross-chain pegs may be a good solution.


If John's comment is correct, and the perfectly hiding chain might eventually permit theft, but not arbitrary money creation, then perhaps the right arrangement is to have coins come into existence on the perfectly binding chain, but allow users to transfer them to the perfectly hiding chain and back.


Users can then balance their desire for privacy with their belief in the likelihood of large quantum computers already existing or suddenly coming into being.


If quantum computers eventually exist, then the perfectly hiding chain will have had a good run, and hopefully everyone will have gotten out in time!


Unfortunately, my understanding of the cryptography involved is far too weak to propose a an actually mechanism to allow such a cross-chain peg, so I'm not sure this would even be possible at all!


Best,

Casey


On Wed, May 3, 2017 at 10:04 PM Ignotus Peverell <igno.peverell@xxxxxxxxxxxxxx<mailto:igno.peverell@xxxxxxxxxxxxxx>> wrote:



You guys are too shy :-) I'm getting very well reasoned replies off-list that others could benefit from.


- Igno



-------- Original Message --------

Subject: [Mimblewimble] [POLL] Perfectly hiding vs perfectly binding

Local Time: May 3, 2017 5:14 PM

UTC Time: May 4, 2017 12:14 AM

From: igno.peverell@xxxxxxxxxxxxxx<mailto:igno.peverell@xxxxxxxxxxxxxx>

To: mimblewimble@xxxxxxxxxxxxxxxxxxx<mailto:mimblewimble@xxxxxxxxxxxxxxxxxxx> <mimblewimble@xxxxxxxxxxxxxxxxxxx<mailto:mimblewimble@xxxxxxxxxxxxxxxxxxx>>


Hi all,


I thought running a little poll could be fun and it's on a topic that may be more emotional than technical: in the advent of Quantum Computers, or even computers of infinite power, do we prefer transactions that are perfectly hiding (one will never be able to discover their value) or perfectly binding (one will never be able to steal or create money). It's really inconvenient, but it's been proven we can't have both.


To vote, just reply with one of these 2 lines:


[X] Perfectly hiding, privacy guarantees should remain true forever

[X] Perfectly binding, one should never be able to break transaction integrity


Because some arguments may be non-obvious, I'll flesh out a few.


Why we'd really want perfectly binding transactions is straightforward: being able to create money out of thin air or stealing sounds pretty bad for any cryptocurrency. Note that most existing cryptocurrencies are sensitive to this right now: with a working and powerful Quantum Computer, you'd likely be able to steal a fair amount of bitcoins or even zcash. So there's a definite advantage in offering such strong integrity guarantees.


On the other hand, QCs aren't going to happen overnight. We will likely have years (many experts say decades) to prepare. Also if it was to happen right now, we'd likely have very tangible issues in other places we're not anticipating. But *when* it happens, a chain that's not perfectly hiding will become fully clear. So all the transaction history up to the point where we have fully quantum safe algorithms will be analyzed. And while we can adjust algos, data stays forever.


Cast your votes!


- Igno


P.S. I can't promise we'll do what the majority says (on the crypto side we have perfectly hiding, but not perfectly binding yet), but it'll influence the direction!


--
Mailing list: https://launchpad.net/~mimblewimble
Post to     : mimblewimble@xxxxxxxxxxxxxxxxxxx<mailto:mimblewimble@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~mimblewimble
More help   : https://help.launchpad.net/ListHelp



-- 
Mailing list: https://launchpad.net/~mimblewimble
Post to     : mimblewimble@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~mimblewimble
More help   : https://help.launchpad.net/ListHelp

References