[More address typos, its contagious!, so resending] This below post didnt elicit any response, but the poster references an interesting though novel (and therefore possibly risky) alternative accumulator without the need for a centrally trusted RSA key generator (which is an anathema to a distributed trust system), or alternatively zero-trust but very inefficient RSA UFO mentioned in Green's paper. Lipmaa is a well known researcher, and Lipmaa's proposed novel accumulator scheme does appear to offer a simultaneously efficient and zero trust alternative to the optimized Benaloh accumulator used by zerocoin; and Sander and Ta-Shma's auditable ecash, that zerocoin is based on, also used the Benaloh accumulator.
Adam Sat, Apr 27, 2013 at 05:25:02PM +0400
[...] I have recently read the Zerocoin paper which describes a very interesting enhanced anonymity solution for bitcoin-like "blockchain based" cryptocurrencies ( those unfamiliar can check it out here http://spar.isi.jhu.edu/~mgreen/ZerocoinOakland.pdf ) The paper specifically states that "While we were not able to find an analogue of our scheme using alternative components, it is possible that further research will lead to other solutions. Ideally such an improvement could produce a drop-in replacement for our existing implementation" However, I've come across an alternative cryptographic accumulator that does not require trusted setup, the Lipmaa Euclidean Rings based design. ( http://www.cs.ut.ee/~lipmaa/papers/lip12b/cl-accum.pdf ) From my superficial assessment, it appears fitting for a zerocoin like design, but I find it quite likely that I am missing the obvious. The question thus is: what exactly prevents Lipmaa accumulator from being used as aforementioned drop-in replacement ? Thank you very much in advance.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography