This proposal from @daira looks really neat!
Problem statement:
●
A protocol is “horizontally scalable” if by adding compute power in
parallel, it is possible to support high (not unlimited) transaction
throughput that scales roughly with the number of nodes, and a large
number of users.
We don’t demand perfection – in any practical protocol there will be
bottlenecks. I still consider a protocol to be horizontally scalable “in
practice” if those bottlenecks only manifest at scales much higher than
anticipated usage.
Deploy a version of Zcash that is horizontally scalable in practice
without compromising on privacy:
– Amounts, senders, and receivers remain private (i.e. the transaction graph
is private).
– The note traceability set of any input is “all” previous outputs (that the
adversary cannot rule out by information independent of the block chain).Secondary goals
●
Allow light clients with weak trust requirements.
●
Improve privacy by use of network-layer privacy mechanisms.
●
Current Zcash has excellent on-chain privacy but sends transactions
in the clear.
Reduce cryptographic assumptions.
●
A light client can fully verify the block chain with low bandwidth and
storage.
The fact that the zk-SNARK parameter setup requires trust, is a big
issue for confidence.
Solve transaction malleability.
A good payment protocol should be able to provide certainty to payer
and payee that a transaction occurred; malleability interferes with
this.
@daira proposes A mix-net, to replace broadcast of transactions to miners
and all potential token receivers, while maintaining privacy.
Zcashd can already be used over Tor. Should we be doing more until mixnets are ready?