Hats off to the cryptographers at John Hopkins University. However, I am afraid Zerocoin is not going to be plugged in to Bitcoin. Ever.
Firstly, while I have no reason to doubt that Zerocoin is sound, it is more heavy-weight cryptographically -- more difficult to understand than Bitcoin. I suspect that even the Bitcoin community will have a knee-jerk disgust of things they don't understand.
Secondly, Zerocoin requires a trusted set-up procedure. If the participants are corrupt (or corrupted), then the anonymity is lost forever. The requirement of trust, even for a once-in-the-lifetime-of-Bitcoin event, runs counter to the very philosophy of Bitcoin.
Thirdly, the incorporation of Zerocoin with Bitcoin would require larger blocks that take longer to verify. This is going to get a lot of pushback from the miners because they prefer shorter, easily verified blocks. Over time, this will even out because the cost of a larger block is offset by the transaction fees. However, as long as miners mine for the block reward and not for the fees, they do not stand to lose anything by rejecting blocks or specific transactions if that gives them an edge in finding the next block first.
My guess is the following will happen: the researchers publish their code and launch an alternate Bitcoin to "prove" it works. The ongoing efforts to incorporate Zerocoin in Bitcoin will fail. The stand-alone Zerocoin will thrive. However, it will never overtake Bitcoin in popularity as Bitcoin enjoys the network effect. Moreover, most people believe Bitcoin is anonymous already or at least sufficiently anonymous. They will not understand the advantages Zerocoin has over Bitcoin, and will be discouraged from learning as the mechanics are much more complicated than those of Bitcoin.
Monday, April 29, 2013
Will ZeroCoin Be the Anonymity Lifesaver that Protects Bitcon Holders from Snooping Governments?
alan.szepieniec comments with regard to my earlier post: