... I don't get it. LOL. That's okay, I'm not saying it's your explanation or something: my brain isn't exactly firing on all cylinders tonight, frankly. I am familiar with zero-knowledge proofs though; they don't actually prove anything 100%, they prove it to within a specified acceptable rate of certainty.Like say you have a keycode, and you want to prove to somebody that you have this keycode -- but you don't want to have to show it to them, because then they would know the keycode too. You can have the person you want to prove this to keep asking you perform a task that requires you have the keycode. He can ask this of you as many times as he desires to achieve a given confidence (99% chance, 99.9% chance, whatever). If you ever screw up and get it wrong, it can be assumed all prior successes were just dumb luck.I don't really understand how that applies here though... well, anyway, enough rambing.Quote from: lukeuser on April 28, 2013, 02:10 amBasically, when a new Zerocoin is minted, the Zerocoin is generated randomly with an encoded serial number, and the 'minter' know the encryption. At this point the coin isn't accociated with any actual Bitcoin, but a Bitcoin has been left without an address.You've lost me here. A bitcoin is left without an address? Are we talking a standard Bitcoin address, or a Zerocoin address -- because really, coins don't exist at all. I mean there aren't any. They "exist" by virtue of being held by a given address, so... I have no idea what this means, to be honest.QuoteThen, an algorithm uses the transaction data of said Bitcoin, and said random coin, to create a proof. The proof is the central tenet here (it's a zero-proof). the proof is then submitted to the Bitcoin network, which enables the network to agree that the Zerocoin is valid (i.e. has a real attatched Bitcoin), but the proof does not let the network know which Bitcoin that is.I don't get it: how does this allow the network to validate anything at all? Where are they getting the information making this determination possible?QuoteIt is at this point that any available Bitcoin which has proviously been associated with a Zerocoin, to be given to the address of the former Zerocoin owner, the Zerocoin's serial number is also given by the Zerocoin owner to the network at this point.So you can only ever spend a "zerocoin" once? Because otherwise, once you give the serial over... um... why can't anybody spend it?QuoteSimples!Sure. We can call this simple if you really want to :P... damn you. You just posted saying you don't understand it fully either. Well, I just spent this bloody time typing this rubbish out... maybe you can answer some of it. If not, no harm done I guess.