I'm not sure what you mean by "there is no proof". Proving you own the private key that can spend a UTXO without revealing that private key (asymetric cryptography) is also complex math, but pretty much everyone is trusting this math and has likely never tried to do it by hand. That's also a mathematical proof, although the assumption being made that it cannot be faked are vastly different.
Maybe I should have mentioned, "bulletproof" is a proving scheme that comes from academic cryptographers, just like SHA256, ECDSA and Schnorr signatures used by Bitcoin, it's not a Monero-specific protocol, although it's likely its biggest user. It follows the same scrutiny from bright and smart people.
At best we could argue zero knowledge proofs are younger than the other cryptographic primitives I mentioned, and we might want to wait to see if new schemes can offer different speed or proof size. But I believe the fear against them is largely unfounded now.
Anyway, as I said, I'm not a zero-knowledge maximalist, they are a means to an end, and the end is large anonymity sets, make multiple users indistinguishable from one another. Maybe we could manage to reach that end differently. But in our search for solutions, it would be a shame to not take into consideration the track record that some of them already have.
plebymous /
npub1hx…n08dj
2024-06-23 09:04:45
in reply to nevent1q…kzfn
Author Public Key
npub1hx8pdmwdqyw7dt2k42ja39y6qmryd8aqt0swpnq0x2p98ru5zcxqvn08djPublished at
2024-06-23 09:04:45Event JSON
{
"id": "17994bf5055e86ff2299e8bdd75ee138e16b45ad5b42912ba63d2932a014a1fa",
"pubkey": "b98e16edcd011de6ad56aaa5d8949a06c6469fa05be0e0cc0f3282538f94160c",
"created_at": 1719133485,
"kind": 1,
"tags": [
[
"e",
"c44f6f0424a28d8826098331d0db5a08e50927a86caaf920cd6ef4f884bfcb7f",
"",
"root"
],
[
"e",
"6686e3a225f8d784258da471a267737b084a7e2947881c5267c93855e019d8e9"
],
[
"e",
"779b86dbf265e6380be8a83f3e78c461014fd3a6d2d774f1a0a07d591eed9ad3",
"",
"reply"
],
[
"p",
"4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d"
],
[
"p",
"45f195cffcb8c9724efc248f0507a2fb65b579dfabe7cd35398598163cab7627"
],
[
"p",
"b98e16edcd011de6ad56aaa5d8949a06c6469fa05be0e0cc0f3282538f94160c"
],
[
"p",
"7776c32d4b1d1e8bf2a96babeb43ad9ade157bd363d89b87fb63e6f145558888"
]
],
"content": "I'm not sure what you mean by \"there is no proof\". Proving you own the private key that can spend a UTXO without revealing that private key (asymetric cryptography) is also complex math, but pretty much everyone is trusting this math and has likely never tried to do it by hand. That's also a mathematical proof, although the assumption being made that it cannot be faked are vastly different.\n\nMaybe I should have mentioned, \"bulletproof\" is a proving scheme that comes from academic cryptographers, just like SHA256, ECDSA and Schnorr signatures used by Bitcoin, it's not a Monero-specific protocol, although it's likely its biggest user. It follows the same scrutiny from bright and smart people.\n\nAt best we could argue zero knowledge proofs are younger than the other cryptographic primitives I mentioned, and we might want to wait to see if new schemes can offer different speed or proof size. But I believe the fear against them is largely unfounded now.\n\nAnyway, as I said, I'm not a zero-knowledge maximalist, they are a means to an end, and the end is large anonymity sets, make multiple users indistinguishable from one another. Maybe we could manage to reach that end differently. But in our search for solutions, it would be a shame to not take into consideration the track record that some of them already have.",
"sig": "bab6135f84fd419141119851c1b53db177c981405bb56087206fd330281e46e0efd27c4ad6271eab603400136338143f571f2038109e9f5d15b1e8357f0cf297"
}