I have been thinking about fully anonymous currencies in the past, which, not a big surprise, lead me to NIZK proofs. I was stopped there by the lack of resources on the topic. Your simple explanation (the link above) was really helpful. Thanks fro writing that down!
That being said, the biggest problem of the system seems to be that if it is compromised, someone can make ludicrious amount of money (2^64 units or such) out of nothing. Which has, in turn, potential to drive the price of the currency towards zero. Even worse, you don't know, at any given point, whether the system was already compromised or not. Thus, no emergency measures (such as the one made when bitcoin chain was forked) can be applied.
Use N distinct ZK proof systems in parallel. This requires having multiple distinct systems which are sufficiently efficient. Getting one is currently hard enough, but in the long run it might be a good way to achieve adequate security.
That being said, the biggest problem of the system seems to be that if it is compromised, someone can make ludicrious amount of money (2^64 units or such) out of nothing. Which has, in turn, potential to drive the price of the currency towards zero. Even worse, you don't know, at any given point, whether the system was already compromised or not. Thus, no emergency measures (such as the one made when bitcoin chain was forked) can be applied.
Any ideas how to fight the problem?