Hi, I'm the speaker.

The presentations motivation and conclusions are indeed very high level. The body of the presentation presented several different applications, including Zcash and several applications of Proof-Carrying Data (the extensions of SNARKs), to exemplify this. Unfortunately not could be described in detail, but they all have corresponding technical detailed papers (see http://www.cs.tau.ac.il/~tromer/publications.html).

Regarding the conclusion, patcon's interpretation is accurate, and more generally: There are numerous situation where parties cannot cooperate due to mistrust, and modern cryptography, SNARK included, allows them to use digital cryptographic schemes instread of certifications, accountants etc.

About the hash functions: collision resistance is discussed in the paper, but note that such algebraic/combinatoric/geometric hash functions are a totally different animal from SHA etc. The latter are much more efficient, but completely heuristic, whereas the former often have security proofs that relate them to well-established computational hardness assumptions.

Haven't read it, but since that quote totally rings true to me, I'll step up to the plate: I think they're trying to channel the idea that blockchains are to "agreements" what the internet was to "communications", particularly in terms of democratization.

The internet used to provide low-barrier super-human communication abilities, but only in very limited contexts -- possibly beside a giant mainframe, and only able to talk with other giant mainframes. Now that we have instant comms in our pockets and on our wrists all the time, the effects are pretty expansive. Blockchains are not yet ubiquitous, but when they are (in every device and underlying many services we use), every person will have the infrastructure to create and maintain complex agreements for near-zero costs. (Financial agreements and otherwise.) This will be pretty transformative.

I assume ZCash is acknowledging that privacy is a critical piece of that transformation in organizational structure for society. Kinda like how ubiquitous communications are almost pointless without the possibility of E2E encryption.

But this is a lot of speculation given that I haven't read the linked article ;)

> Blockchains are not yet ubiquitous, but when they are (in every device and underlying many services we use), every person will have the infrastructure to create and maintain complex agreements for near-zero costs. (Financial agreements and otherwise.) This will be pretty transformative.

Sorry, but this is wishful thinking. The simple question about how you can enforce agreements running in blockchains can't be answered. In the real world you have the military or police force while in the blockchain itself you are pretty limited. On the other hand external oracles are the weakest part of the blockchain system. If they are hacked you hacked the agreements.

I think the blockchain/cryptocurrency/smart-contracts/app-coin scene is really exciting but the connection with the real world is problematic, more when the financial institutions are enforcing AML/KYC/etc

> The simple question about how you can enforce agreements running in blockchains can't be answered.

Check out https://www.augur.net/ for an attempt at answering that question. They crowdsource the outcomes of the various bets from people holding REP tokens. REP holders have a financial incentive to act honestly to increase or maintain the value of their REP.

I know Augur, but what part of Augur is an attempt to answering my question?

They developed a way of enforcing agreements (bets) made on a blockchain without courts, police, military, or easy-to-hack external oracles.

Augur doesn't answer my original concern. If you have a smart contract between, for example, two companies, that information is private and it doesn't work like a popular baseball game. If one company doesn't follow the contract you need to solve the problem in the real world.

Also, we don't know yet how public blockchains (where Augur runs) work with State or powerful actor attacks, when the incentives are not purely financial.

One way you could solve the problem in the real world is track down the delinquent counterparty to the contract, drag them into an expensive legal system, subject them to the costs thereof, levy a penalty on them, hope that they pay it, in the even that they do not or cannot, seize their assets, in the event that they have none or you cannot, punish them with prison, in the event that they resist, kill them.

Sure, that's the traditionally accepted way to go about solving the problem in the real world. But there are many other ways to solve the same problems that we're all intimately familiar with by now based around reputation systems. When it becomes public that a counterparty to a contract has engaged in delinquency, they suffer a reputational hit. If their reputation has value (and there is nothing about pseudonymous entities that mean that they cannot accrue reputational value, rating systems work on darknet markets quite well and have since their inception), and the amount of damage to their reputation is higher cost than making good on the contract, then they will make good on the contract (and even if they can't, you've punished their delinquency by damaging their reputation, instead of dragging them through an expensive inefficient corrupt legal system involving violence as the final sanction).

All sharing economy and peer to peer systems that currently exist work on systems of this kind, and cryptocurrencies to the extent that reputations are valued and contracts made similarly so, and this will only become more prevalent as time goes by.

Not everything requires recourse to violence.

Reputation doesn't work in problems with a lot of money/power at stake. You can easily hack the system behaving like a good citizen for a long time until you consume all your reputation in a big transaction. Not only that, reputation is a hard problem if you are a newcomer.

That's why many people say "Everything is an exit scam in waiting". Even your legitimate meatspace bank will cheat if it thinks the economics make sense.

You could use transparency to tell how much a given escrow agent is holding and don't use them if it approaches the value of their reputation. And/or use a system where they don't hold the funds, they merely choose to unlock a transaction to pay to A or B.

Nothing works if the payoff for defection outweighs the costs of enforcement, that's why we have wars, crime, and all of the other things that the old fashion legal and diplomatic systems of the nations of the world have to deal with. However, conflicts of this type are rare compared to the very standard ones that are quite capable of being handled by reputation systems, escrow, etc. They solve these ordinary problems more efficiently, quickly, and at a lower cost.

That should be embraced and noted, and where appropriate migrated to, not pushed aside because there is a rapidly decreasing class of problems not suited to resolution with this model.

Your loan is not paid, how do you enforce the payment? This is the difficult issue that companies such as BTCJam have.

You don't make loans to people unless you have evidence that they can and will pay it back. BTCJam for example has reputation scores, and people actually say what they intend to use the money for.

The default rate on BTCJam, which was one of the first loan services is 10%, this doesn't compare well with mainstream rates however, Bitlendingclub is supposedly one third of that, which compares favourably to mainstream rates https://fred.stlouisfed.org/series/DRCLACBS

> It's an altcoin with more anonymity than Bitcoin. That's nice, but no big deal.

From a product value perspective, that's a pretty big deal for the illegal commerce side of the Bitcoin market. Which I would guess is some double-digit share of Bitcoin (currently $11B). That use alone could make Z-cash a billion dollar product.

As a side effect, that could increase the proportion of Bitcoin transactions that are legal, which might have some nice legitimizing effects on the brand.

I agree but no need to drag Roger Ver into this, afaik he was in the dark as much as most of the people who had bitcoins left in mtgox back then. Didn't he also lose some coins there?