A toy crypto-currency based on a discrete logarithm zero-knowledge protocol, in <95 lines.
The way logcoin works is as follows:
Note that we protect against double-spending without a blockchain and have a fully anonymous and totally zero-knowledge proof-of-stake system (since only random numbers are transmitted to the tracker). The reason we have to use two signatures and add them together is to prevent a man-in-the-middle attack. Let's say we sent only two quantities, $2^(x) mod p$ and $2^(y) mod p$, then an interloper could spoof only the signature and invalidate the coin so Bob cannot spend it.
To run it, you will need Python 2.7 with generatesafeprime (which is on PIP). Usage is:
python tracker.py ...
where x1,x2,x3,x4,etc. are initial secret keys of coins to put into circulation (you also have to distribute them to people; they will be updated securely as soon as they are spent once).
On the other end, you must do:
where x1 is the current private key of the coin you want to claim ownership of.
It should be that the wallet prints the new private key of the coin every time it works and otherwise gives no output and an error code of -1. Transaction time on localhost is 5 or 6 seconds on my machine. The data transfer is well under 1mb so it shouldn't lag too much more over a network assuming the tracker is centralized.