(WIP!!!) Privacy at Altitude

# (WIP!!!) Privacy at Altitude How might privacy work? It would work by having a traditional TX and SpentTX nullifier tree (maybe an indexed Merkle tree). You would have the choice of either using a deterministic nullifier from the key like PLUME (probably too immature), or you'd generate random nullifiers on your device. When making a transaction you'd put the hash of the nullifier in the tree. You have to prove a nullifier isn't in the tree to send a tx. We don't want to make knowledge of the nullifier the only condition for getting the money back, because then you're in danger of losing your money. You must sign and show the nullifier. This way the nullifier can be sent to parties who you trust with your privacy, and they can't actually spend your money. Now, the operator uses a proves that the users' proofs are correct. The problem is, you don't want to get the ownership proof from them, as they'd know that you own certain coins. You could just get a merkle proof for the existence of your (private) UTXO from the operator, and you could require that the sender gives you the list of coins involved in that UTXO. What is the effect on UX? Extra communication to get the escape hatch info? How bad is the extra computation on the user in order to make a ZKP? What is change in margins for the operator? Now that the prover has to verify proofs not just signatures, which will cost more, can we still undercut Visa etc? What is the engineering overhead for proof composition? Do we need cryptographers on the team, or can we still find an off the shelf proof system that will do that job? To what extent is privacy actually maintained? Will you have to reveal the particular coins that are being sent to the recipient? Is this important? Are there additional regulatory challenges of running a private version while being centralised? Given all these potential problems, it's probably worth introducing privacy in a second version once there is some adoption and ossification of the first version - there are already enough untested concepts in a non-private version!