Zero Knowledge Proofs for the Layman is here.

Regrettably, it appears development on this project has more-or-less stalled. ShadowCoin claims to have cribbed a bit of the work, but I see no evidence of it being used to obscure transaction amounts, etc.

Zerocoin has one weakness, though. The issuer must be trusted. This works out if you are the one creating your private coins from previously public ones; however that is probably enough to get you put on the 'naughty list' in certain regulatory climes.

That said, I believe a Homomorphic Encryption Scheme could be used to overcome this difficulty. This sort of scheme allows for modifications to some block of ciphertext (say, a blockchain?) without actually having to know the contents. As such, you could have a blockchain that is fully obscured to it's users.

The only weakness there would be the original setup of the blockchain itself. This could be overcome by witnessed/notarized creation of the private key, and it's subsequent destruction (as it would not be needed to read/write new transactions).

Effectively the blockchain becomes a large binary blob that is written to via a homomorphic encryption scheme, and that can only be read by inference through a zero-knowledge proof scheme. And then only enough to know the amount of coins in your account has changed (did I come out from the $50 or $100 branch, as in the Ali-Baba example).

So the mathematics are finally ready to be put together to create Eris' golden apple. I pray somebody gets the time to put it together soon.

Zero Knowledge Proofs for the Layman is here.

Regrettably, it appears development on this project has more-or-less stalled. ShadowCoin claims to have cribbed a bit of the work, but I see no evidence of it being used to obscure transaction amounts, etc.

Zerocoin has one weakness, though. The issuer must be trusted. This works out if you are the one creating your private coins from previously public ones; however that is probably enough to get you put on the 'naughty list' in certain regulatory climes.

That said, I believe a Homomorphic Encryption Scheme could be used to overcome this difficulty. This sort of scheme allows for modifications to some block of ciphertext (say, a blockchain?) without actually having to know the contents. As such, you could have a blockchain that is fully obscured to it's users.

The only weakness there would be the original setup of the blockchain itself. This could be overcome by witnessed/notarized creation of the private key, and it's subsequent destruction (as it would not be needed to read/write new transactions).

Effectively the blockchain becomes a large binary blob that is written to via a homomorphic encryption scheme, and that can only be read by inference through a zero-knowledge proof scheme. And then only enough to know the amount of coins in your account has changed (did I come out from the $50 or $100 branch, as in the Ali-Baba example).

So the mathematics are finally ready to be put together to create Eris' golden apple. I pray somebody gets the time to put it together soon.