[Cryptography] cryptography Digest, Vol 93, Issue 1

[John Tromp]

> > Constants matter. A 4 day IBD (initial block download) is way worse
> > than a 1 day IBD.
> If you prune away 7/8th of the data then you don't have that disadvantage any more.

I don't follow. The IBD must comprise the entire Monero tx history.
Only after downloading and verifying all of that, could a full node
decide to prune what it stores on disk.

> > Compared with Mimblewimble, a Monero tx is nearly 30x larger than a MW
> > one with spent outputs.
> That may be, but MimbleWimble privacy is easily broken, and Monero's is not.
> The CipherTrace CEO says this pretty plainly.
> https://www.reddit.com/r/CryptoCurrency/comments/ijzj17/ciphertrace_develops_monerotracing_tool_to_aid_us/g3hg9eq/?utm_source=reddit&utm_medium=web2x&context=3

All he says there is what we agree on already, namely that
"MimbleWimble privacy is worse than Monero". He doesn't say it's
easily broken.
I could quote Ian Miers on slide 54 of
https://slideslive.com/38911785/satoshi-has-no-clothes-failures-in-onchain-privacy
saying that decoy systems are not private.

But I think such pure binary qualifications are not that helpful. In
the end, privacy is a spectrum, as shown in
forum.grin.mw/t/scalability-vs-privacy-chart/
To me, MW sits at a very advantageous starting point from which
various avenues are open to reduce the remaining privacy leak of
input-output linkability, thanks to the ease of aggregating
transactions.

And while both MW and RingCT lack support for Bitcoin script, MW makes
up for that with scriptless scripts.
These support an amazing range of functionality, including both
absolute and relative time locks, from which one can build
bi-directional payment channels.

regards,
-John