> The centralised entity would need to have some sort of way to verify that
a user is indeed a human - most entities that do this require information
from you that would compromise anonymity.

That's correct, the centralized entity would know exactly who you are in
realspace when handing out the PSC. It's the zerocoin/mixers after that
that provide the anonymity.

But there is still a real problem with centralization - PSCs would
necessarily have a market value, giving the central authority great
incentive to be corrupt and hand out tokens for a fee or to friends, and
the authority would also be subject to a government that may want to censor
specific individuals or take for themselves backdoor access. One solution
might be to federate it. Basically, you have N (imagine N ~= 50)
authorities hopefully in N countries, and you need to prove your identity
to K > N/2 of them in order to get a PSC. This would require some kind of
signature scheme based on Shamir's Secret Sharing so that the PSC can be
signed by the threshold without revealing which of the authorities signed
it (as that would differentiate the PSCs and compromise privacy).

The obvious convenience upgrade is making K < N/2, but this is problematic
as an individual might then be able to get 2+ PSC from 2+ disjoint quora.
Thus, you would need some algorithm for sharing the list of "used" names
between the authorities, or perhaps some kind of cool mathematical setup
similar to Chaum's offline ecash protocol so that any two PSCs created with
the same name can be recombined to (with very high probability) reveal your
name and invalidate both PSCs.

The best solution would be to set it up so that sufficiently recognized
individuals themselves become authorities, so you could be verified by
employers, friends, etc, but the challenge there is ensuring that a small
number of attackers can't create fake people who add an exponentially
growing number of people and start a sybil attack (this is VERY hard, since
the legitimate network itself needs to add an exponentially growing number
of users).

On Fri, Jul 12, 2013 at 3:00 PM, Mark Lamb <markdavidlamb@???> wrote:

> Vitalik, the problem with this idea is the centralised entity/authority.
> The centralised entity would need to have some sort of way to verify that a
> user is indeed a human - most entities that do this require information
> from you that would compromise anonymity.
>
> If you have no way to verify that someone is indeed a human, then one
> person can have thousands of PSCs and do a sybil attack, or they can just
> obtain a new PSC when the identity behind one of their PSCs is compromised
> and seen to be behind criminal actions.
>
> Pirateat40 for example, or many other people behind bitcoin scams, if they
> have the ability to just obtain a new username or pseudonym or in this
> case, PSC - then there's no way to ensure they won't scam people again -
> and there's also no way to ensure that they suffer the consequences of such
> scams (one ancap way to do justice is through exclusion, which does not
> work if the person can hide behind multiple identities).
>
> Let me know what you think though, I'd love to flesh out of these ideas a
> bit more :)
>
>
> On Fri, Jul 12, 2013 at 1:11 PM, Vitalik Buterin <vbuterin@???>wrote:
>
>> It is theoretically (ie. cryptographically) possible to limit quantity
>> without compromising anonymity. The centralized solution would be to create
>> a specialized currency, call it person-coin (PSC), and have a central
>> authority give everyone 1 PSC. People can then use decentralized mixers,
>> Zerocoin, etc, to mix up their PSC, and then to use your unique identity
>> you sign a message with the address owning the PSC. You can recover a
>> public key from a signature, so any kind of online service would simply
>> maintain a list of all public keys to check for duplicates.
>> _______________________________________________
>> unSYSTEM mailing list: http://unsystem.net
>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
>>
>>
>
> _______________________________________________
> unSYSTEM mailing list: http://unsystem.net
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
>
>