[Cryptography] cryptography Digest, Vol 93, Issue 1
Howard Chu
hyc at symas.com
Sat Jan 2 07:24:09 EST 2021
John Tromp wrote:
>>> Ring signatures take up more space, and worse, require full nodes to
>>> maintain some data of all past outputs, which negatively affects
>>> scalability.
>>
>> A Monero transaction takes a lot less space than all of the coinjoins and other
>> nonsense that would be required to give even a fraction of privacy to a Bitcoin
>> user.
>
> I'm comparing Monero tx with plain, non-private Bitcoin txs. We agree
> that Monero pays a large size price for its hiding of the sender among
> decoys.
Fair enough. This appears to be the price that must be paid for effective privacy.
>> These days the average Monero transaction (2in/2out) is about 4x larger than
>> the average Bitcoin transaction. The total volume is nowhere near the
>> limits of current network bandwidth or storage capabilities, so the 4x
>> difference is moot. In Big-O terms, both chains are equal here.
>
> Constants matter. A 4 day IBD (initial block download) is way worse
> than a 1 day IBD.
If you prune away 7/8th of the data then you don't have that disadvantage any more.
> Compared with Mimblewimble, a Monero tx is nearly 30x larger than a MW
> one with spent outputs.
That may be, but MimbleWimble privacy is easily broken, and Monero's is not.
The CipherTrace CEO says this pretty plainly.
https://www.reddit.com/r/CryptoCurrency/comments/ijzj17/ciphertrace_develops_monerotracing_tool_to_aid_us/g3hg9eq/?utm_source=reddit&utm_medium=web2x&context=3
https://www.reddit.com/r/Monero/comments/ik0t3h/ciphertrace_monero_tracing_example/g3j0byq/?utm_source=reddit&utm_medium=web2x&context=3
>> This point of auditability
>> keeps being brought up but it doesn't hold water. In either case it comes down
>> to getting the math right, not whether the inputs are transparent or not.
>
> If someone, somehow, finds the discrete log of generator H, then
> Monero suffers undetectable inflation. Bitcoin would be unaffected.
They'll probably get a major mathematics award too.
>>> Monero has a history of different PoWs that were each supposed to
>>> prevent ASICs for many years.
>
> My apologies for this falsehood; this only applies to the original
> Cryptonight and to RandomX.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography
mailing list