dear Igno, This is a tough decision! If scalable quantum computers are our only worry, then there's a lot to be said for Pedersen. I love its simplicity and efficiency. And it seems likely that such quantum computers will make their presence known in some way or other.
But we still cannot take classical hardness of ECDL or factoring for granted either. Or even, for that matter, of P != NP (or BPP != NP). Where QC development is spearheaded by big publicly visible research projects, it's more likely that discovery of a classical breakthrough remains hidden from public. And that for me swings the balance against Pedersen: [X] Perfectly binding, one should never be able to break transaction integrity > Why we'd really want perfectly binding transactions is straightforward: > being able to create money out of thin air or stealing sounds pretty bad > for any cryptocurrency. Note that most existing cryptocurrencies are sensitive > to this right now: Sensitive to stealing, yes. But not so much for creating money out of thin air. Only Zcash (and its clones like Komodo), Zcoin, and Monero are at this particular risk, as far as i can tell. -John -- Mailing list: https://launchpad.net/~mimblewimble Post to : mimblewimble@lists.launchpad.net Unsubscribe : https://launchpad.net/~mimblewimble More help : https://help.launchpad.net/ListHelp
