<Angad Mutha> If zcash was forked to make all transactions shielded by default, would that give us a strong privacy protocol (neglecting the short-coming of a trusted setup)

Hey guys. Am curious to unpack something Adam Back said on Twitter. Essentially he said Bitcoin needs more fungibility. And then went on to say that there's a need to crack the 'discrete log accumulator design issue' - because a 'more efficient ring signature (aka discrete log accumulator) could be used to improve fungibility, and compact confidential transactions of the inflation-proof

elgamal type maybe also'. Source here: twitter.com/adam3us/status/1375241481041149953

With the latter, does that already exist (the type of compact CT he's referring to)? With the former, putting aside the whole "if only we crack x maths problem we can do fungibility" - what would that actually achieve/look like?

<Angad Mutha> While I am not technically versed with Bitcoin/Monero's technology ... 1. It would be similar to upgrading the engine of a car while its being driven, 2. Retrofitting solutions don't work out 3. Even if privacy tech is ready for bitcoin, the culture of bitcoin is too divided for it upgrade unanimously

Fair enough. But putting aside those issues - I'm more more interested in how the cryptography might actually look/work.

if he has a protocol idea, then he should describe it clearly...

weren't the original ringCT elgamal-type? i remember seeing that term...

inflation-proof confidential transactions sounds like ... magic

also, good luck adding confidential transactions to bitcoin - even IF you could convince everyone it is "safe" from hidden inflation bugs

It's probably refering to the computationally/perfect binding/hiding tradeoff.

Grepping those terms should find details.

It's not "proof", it's just making one facet more armour plated.