To sign up for writing on the forum, you need to prove current ownership of one utxo (which you do not reveal; zkp) of taproot type of value 500K sats or more.
Instructions on how to do it linked from that main page. It's a bit fiddly but not difficult if you have tech experience. You can use Sparrow for accessing the coins after creating the ZKP of ownership, or you can use Core.
(Also it *should* be easy, not 'fiddly' but wallets don't support accessing private keys).
Despite the 'hodl' name, the coins are not locked after you make the proof, you can spend them immediately.
General background reading, first half of https://reyify.com/riddle
The anonymity set is about 200-300K utxos, but the server can verify your proof ~immediately!
The proving tool is at https://github.com/AdamISZ/aut-ct ; follow installation instructions on readme or choose binary release for macos or linux.
Still a WIP. Keep a copy of the private key until you spend it! Bear in mind the keyset updates once per 24 hours. Make sure your utxo was confirmed before the blockheight of the current keyset in /keysets.
Any way to improve privacy of transaction with curve trees
Thank you waxwing, I added your correction and gave a response in some follow up tweets. https://twitter.com/super_testnet/status/1788287748618723651
I copy/paste my response here:
Joinmarket's coordination model is unique and awesome because the coordinator is just one of the people in the coinjoin (the "taker"), changes in ~every round, and does not take a fee -- rather, they pay fees to the makers.
I do not like that the coordinator in joinmarket can map everyone's inputs to their outputs. This could be fixed with blind signatures and I am happy to help make this happen if it would be a welcome change in joinmarket. I also do not like that there *is* a coordinator.
If it's possible to do this stuff without a coordinator, why have one? A deterministic protocol like emessbee removes variables introduced through the coordination mechanism. And it also might keep some people out of jail til the feds criminalize mere participation too.
Can you give a comparison of supernet, joinmarket, samourai whirlpool, wabisabi of wasabi
And whether your protocol is decentralised enough with no toxic changes
https://github.com/kayabaNerve/fcmp-ringct/blob/develop/fcmp%2B%2B.pdf
New paper from some Monero researchers (really new it seems - update date is last week!), in which they're proposing to use CurveTrees (the same construct I put into aut-ct as per my recent work) to get much larger anonymity sets (and I do mean *much larger*, from like 10ish to 100000000!).
One very notable thing (to me) is that the very easy and natural secp/secq 2-cycle (you realistically need a 2 cycle of curves for CurveTrees), has to be replaced with something more complex, because their DJB ed25519 curve has a cofactor of 8 (yet again non prime order curve biting them on the ass, lol).
Another interesting tidbit is that they propose to use Liam Eagan's recent work https://eprint.iacr.org/2022/596 (posted almost contemporaneously with Curve Trees); I remember Andrew Poelstra pointing me at this work in '22 and I said to him "I don't understand this" and he responded "yeah it was difficult so I got Liam to come round to my house and explain it" 😁 .. so yeah i'm sure some people can follow the ideas there but I am alas not yet one of them :)
They've also done a review of the generalized bulletproofs construction that Kamp et al used in their CurveTrees implementation: https://github.com/cypherstack/generalized-bulletproofs
Also interesting is that they talk about acheiving a "forward secrecy" property here, which linkable ring signatures can't have, by design: if a future ECDL breaker is found, it can always see the trace of payments in prior Monero because the linking tag reveals the private key if you can crack ECDLP. I'm not sure how this works but I believe it's to do with the Liam Eagan research just mentioned.
Finally, the extremely esoteric and dense mathematical concepts aside, it's worth mention a 1000 ft view: this proposal ditches ring signatures (and somehow they get backwards compatibility for the historical chain, though I absolutely don't understand that yet), and goes to a full ZKP proving system (bulletproofs arithmetic circuits) for full anon set. I can't help wondering if this direction makes sense - if we look at Zcash, they do the same thing, but using bilinear pairings they can get far more performant proof, proof size and verification stats, I believe (but, curvetrees can be very efficient so I'm not 100% sure about the details here). Ring sigs, as I've observed elsewhere, even with the fanciest algorithms, never quite cut it at the verification step to be able to support huge anonymity sets. If you're going to ditch them, you may just as well go with a Zcash style design, no?
What's your thoughts on fcmp++
Yep
What are your thoughts of whether blind signature will ever get more decentralised compare to #fedimints in the future ?
Do you ever see a day when blind signature is used in a decentralised system compare to federation &/or custodian
Welcome to the surveillance coins world
OFAC blocks sanction & empty blocks attacks are very popular attact surface for sure on surveillance coins like btc
Too lazy to even search lol you sure are in btc land special case lol 🤣😂
If u still can't search after this then you are in btc land special case lol 🤣