The "alt" zk-L1 vs zk-L2 debate misses a key point: many zk l2s are an optimistic rollup with a zk proof attached; All state is public on chain. Re-execution is replaced with proof verification. In contrast,in private L2s or L1s, tx data is hidden with commitments and zk proofs. Designing around privacy in an L1 or L2 is harder than a "rollup" style L2 where zk only avoids re-execution. Upgrading to new proof systems in private L1/2's is doable, but requires clean designs. It's an interesting discussion but can easily become misconstrued into FUD.

In the name of stopping child porn, cryptographers are building systems for the detection of certain images in chat apps. These schemes can also ban images for get-out-the-vote campaigns or trace whistleblowers. We can debate risk tradeoffs, but we're missing a key point. 1/4 Abuses of power don't start from positions of absolute power. It's gradual. Facebook/Signal won't be forced to build systems to suppress get-out-the-vote memes. But they can be forced to remove technical or political safeguards in systems they willingly made for other reasons 2/4

Forward secrecy and metadata privacy are two of my favorite crypto topics. A KGB training manual contains a good story of why:
1) The GRU detects a new CIA radio transmitter in Frankfurt
2) The KGB sees activity at CIA's Moscow station
It's all encrypted, so thats all they know. From this metadata, the KGB infers the CIA will soon have an asset in Moscow. So:
3) The KGB monitors all international mail
4) They intercept a message from an "english tourist" with hidden writing on it. It's encrypted of course, but clearly a spy.
Now the game is a-foot.

RingCT will likely be killed by coinjoin. Either 1) coinjoin is good enough and BTC's better liquidity makes other privacy coins moot 2) btc/coinjoins use in darkmarkets drives R&D in analytic techniques that break decoy based privacy in BTC and it spills over to other chains RingCT and coinjoin are both decoy based approaches. We know they're theoretically flawed (see ), but practical exploits are so far rare. There's not enough usage for coin analytic companies to try. Monero, Dash, etc aren't really used on DNMs. Coinjoin is

Prediction: Zoom will eventually face immense pressure to backdoor their enterprise E2E communications precisely because they refuse to let individuals have E2E over fears of them distributing child porn (aka CSAM). Why? First, CASM distributers will use the free unencrypted tier. If zoom ever gets effective monitoring (which they don’t have and is really hard) abusers will move to other platforms and some will buy E2E Enterprise Zoom with stolen cards.

A summary of the apple/google contact tracing protocol below. TLDR: Like DP3T,PACT, TCN pseudonyms derived from a key broadcast over bluetooth. Keys change every 24 hours. Broadcasts can have metadata encrypted under key. On a positive test, users upload their key.

https://twitter.com/durumcrustulum/status/1253731222821486594

Some limitations. 1) they don't expose which pseudonym you had contact with. So tracing apps that have you talk to a contact tracer will need to have put IDs in the metadata 2) Looks like it's impossible to see when you were exposed. This will lead to worse privacy. Why ....

Privacy preserving contact tracing without cryptography in O(n) tweets. 1) In contact tracing, someone learns a list of people with close contact with some infected person. There's little notion of privacy for positive contacts here, you need to follow up in person. But... You must preserve privacy prior to tracing and ensure accountability/transparency on all traces. Accountability, not privacy, is crucial. If abused, you can track dissidents and blackmail people. This is a legal/political problem. It needs tech support but negligible crypto. How?

Financial privacy is not just a personal issue, but a national security one. China allegedly was behind the Equifax Credit report hack. Whats the connection? Money, Ideology, Compromise, Ego, (MICE) is the shorthand for recruiting spies. Those in debt are prime targets.... Post Kim Philby, most spys in the west were motivated by money. Aldrich Ames betrayed several CIA assets to the Russians to avoid bankruptcy. The Walker spy ring sold US Navy Crypto equipment to the KGB for spending money. if you're in debt, you're a prime target for requirement.

Have a fancy credit card? Wondering what the hell points are, what they're worth, and how best to use them? Me too. Points are an "arbitrage" opportunity on the discounts airline/hotel loyalty programs use to fill (premium) seats/beds they can't sell at market rates. Confused?... Credit card companies skim ~3% off every transaction. You get ~1 point per $ spent. They let you spend them on say amazon at 1 point = 1 cent. Surprise! you only got a 3rd of the fee you indirectly paid back via inflated prices.:( So why are the traveling dicks excited by this?

Important work showing Mimblewimble's privacy is very limited. I've been saying decoy based systems don't work for years. @IvanBoden worked out a concrete attack on Grin and implemented it. For $60 a week, you can, in real time, monitor who is paying who for 96% of Grin TXs.

https://twitter.com/IvanBogatyy/status/1196441051814223880

@IvanBoden Some Grin devs understood this. The privacy write up makes no claims about hiding who pays who, though it seriously downplays the issue (github.com/mimblewimble/d…). But the general belief that Grin provided privacy persisted (e.g. github.com/mimblewimble/g…). This should dispel that.

So, a Korean exchange is delisting privacy coins because they allegedly "violate the travel rule." This is wrong and long term, really dangerous. Why?
Well, the travel rule says that info about who's making a payment needs to travel with it. (1/5)
theblockcrypto.com/post/39724/oke… Banks are sent this data privately via ftp/fax/etc. Helps fight money laundering. Some exchanges can't do that. What do they do? Well, remember cryptocurrency is twitter for your bank account. Every transaction, its amount and the "usernames" it's between are public. So...(2/5)

.@lessig's piece defending the Ito/MIT media lab/Epstein scandal is accidentally its best indictment. Lessig says publicly accepting money from evil people launders their reputation, but this was secret so it's fine. But it wasn't secret to the billionaires Epstein cared about By taking Epstein's money, the media lab laundered his reputation to the very elites he depended on for his crimes. While anonymous to us plebs, the billionaires Epstein solicited lab donations from knew. That's the irony of @lessig's defense of it, it identifies the exact harm.

People who mention that zkSNARKs use "non-falsifiable assumptions" are the used car salesmen of blockchain crypto. Nearly all non-interactive proof tech out there (bullet proofs, STARKs, Schnorr) uses such assumptions. And non-falsifiable doesn't even mean what you think it does. zkSNARKs use the knowledge-of-exponent assumption. The rest assume the random-oracle model. While there are differences, both are non-falsifiable. Bringing it up only for SNARKs is like a used car salesmen pointing out the safety hazards of rubber tires on a particular car.

Common Crypto fallacy: Zcash is evil because of the risk of undetectable inflation. The catch: hiding payment value is necessary (but not nearly sufficient) for on-chain privacy. Hidden values hide inflation. So you either get twitter for your bank account or run that risk Bitcoin has staked its identity on being a super secure store of value after long ago giving up on building a private Layer 1. That’s fine, but we should be honest that there are other paths forward. I for one want useful payments that disrupt Visa & the banks. That needs privacy

Standalone network layer privacy for cryptocurrency is useless. No matter how good your network privacy is, cryptocurrencies are like Twitter for your bank account... every transaction leaks an amount, source and destination to everyone. Hiding your IP doesn't fix this. For any real privacy, you must hide the transaction graph (from, to, amount). Do that and your payment is an opaque blob + an IP address. All the world learns is that your IP made a payment, but not to who or for how much. No big deal. So no network privacy, no problem? Not quite

New paper. ZEXE: Zero-knowledge Execution.Think of it like a private OS for the blockchain. Can build private tokens, smart contracts, and maybe even a DEX. Joint work with @matthew_d_green @ebfull @1HowardWu @zkproofs and Alessandro Chiesa eprint.iacr.org/2018/962.pdf Because everything is private, the model isn't exactly Ethereum. Better to think of it as a fully private state channel where each transition can be checkpointed/validated on chain

Cryptocurrency talks try to convey both the abstract ideas and all the technical guts. Instead, they convey neither. Talks should be an intuitive summary of the techniques which are in a paper/blog/ somewhere else. This needs to be fixed. Its a major impediment to progress, collaboration and rapid iteration. I cannot build on your ideas if I don't understand them. We need to give people a better venue for going into the deep technical guts of ideas and train them to give better talks