I went back to this old post where Satoshi mentioned Zero Knowledge Proofs. I understand since making this post we obviously now have discovered how to get around the issue of spend verification using zero knowledge proofs. Could this same idea be used to verify supply of coin? or something similar…? so we can have verification the supply is not being inflated? even if all transactions are shielded? …not sure if this makes much sense to anyone what I am saying right now. just thought Id post it here to get some input.

"This is a very interesting topic. If a solution was found, a much better, easier, more convenient implementation of Bitcoin would be possible.

Originally, a coin can be just a chain of signatures. With a timestamp service, the old ones could be dropped eventually before there’s too much backtrace fan-out, or coins could be kept individually or in denominations. It’s the need to check for the absence of double-spends that requires global knowledge of all transactions.

The challenge is, how do you prove that no other spends exist? It seems a node must know about all transactions to be able to verify that. If it only knows the hash of the in/outpoints, it can’t check the signatures to see if an outpoint has been spent before. Do you have any ideas on this?

It’s hard to think of how to apply zero-knowledge-proofs in this case.

We’re trying to prove the absence of something, which seems to require knowing about all and checking that the something isn’t included."