[Cryptography] cryptography Digest, Vol 93, Issue 1

Howard Chu hyc at symas.com
Sat Jan 2 07:24:09 EST 2021


John Tromp wrote:
>>> Ring signatures take up more space, and worse, require full nodes to
>>> maintain some data of all past outputs, which negatively affects
>>> scalability.
>>
>> A Monero transaction takes a lot less space than all of the coinjoins and other
>> nonsense that would be required to give even a fraction of privacy to a Bitcoin
>> user.
> 
> I'm comparing Monero tx with plain, non-private Bitcoin txs. We agree
> that Monero pays a large size price for its hiding of the sender among
> decoys.

Fair enough. This appears to be the price that must be paid for effective privacy.

>> These days the average Monero transaction (2in/2out) is about 4x larger than
>> the average Bitcoin transaction. The total volume is nowhere near the
>> limits of current network bandwidth or storage capabilities, so the 4x
>> difference is moot. In Big-O terms, both chains are equal here.
> 
> Constants matter. A 4 day IBD (initial block download) is way worse
> than a 1 day IBD.

If you prune away 7/8th of the data then you don't have that disadvantage any more.

> Compared with Mimblewimble, a Monero tx is nearly 30x larger than a MW
> one with spent outputs.

That may be, but MimbleWimble privacy is easily broken, and Monero's is not.
The CipherTrace CEO says this pretty plainly.

https://www.reddit.com/r/CryptoCurrency/comments/ijzj17/ciphertrace_develops_monerotracing_tool_to_aid_us/g3hg9eq/?utm_source=reddit&utm_medium=web2x&context=3

https://www.reddit.com/r/Monero/comments/ik0t3h/ciphertrace_monero_tracing_example/g3j0byq/?utm_source=reddit&utm_medium=web2x&context=3

>> This point of auditability
>> keeps being brought up but it doesn't hold water. In either case it comes down
>> to getting the math right, not whether the inputs are transparent or not.
> 
> If someone, somehow, finds the discrete log of generator H, then
> Monero suffers undetectable inflation. Bitcoin would be unaffected.

They'll probably get a major mathematics award too.

>>> Monero has a history of different PoWs that were each supposed to
>>> prevent ASICs for many years.
> 
> My apologies for this falsehood; this only applies to the original
> Cryptonight and to RandomX.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/


More information about the cryptography mailing list