new | ask | show | jobs
tromp 4 days ago  [ - ]

Yes, it scales much worse:

* node resources scale with the size of the UTXO set (unspent outputs), which in Monero's case balloons to the entire TXO set (all outputs, orders of magnitude larger)

* a typical 2-input 2-output transaction is 4 times larger

* wallets have to track all outputs to choose random decoys for transaction inputs

One can argue that this is the price to pay for significantly better privacy, but the largest benefits come from having no visible amounts or addresses, which can be achieved with significantly better scalability than BTC [1].

[1] https://forum.grin.mw/t/scalability-vs-privacy-chart/8114

beeflet 3 days ago  [ - ]

>but the largest benefits come from having no visible amounts or addresses

MWEB is certainly an improvement over transparent transactions (and other methods such as coinjoin, coinswap, cashfusion, etc.), and I welcome the litecoin upgrade. I agree that decoy-based privacy is weak.

However, I don't believe that the mimblewimble meets the standard of privacy needed for most users. It's not the visible amounts and addresses, but the links between transactions that are the main problem. CTs on their own are just a "nice-to-have".

The end goal should be a zcash or firo style of privacy. I think you can scale that to a global network with an adjustable block size, payment channels, and atomic swaps between multiple cryptocurrencies. The problem is that zcash and firo have weak tokenomics compared to monero. Grin will have a hard time finding an initial niche that isn't currently satisfied by monero, and if it does take off, its changes could be merged into bitcoin (https://www.truthcoin.info/blog/imex/).

proxynoproxy 3 days ago  [ - ]

Don’t forget that opaque blockchains can have invisible inflation. Transparent blockchains will always be worth more, as the user can verify that inflation has not occurred. This applies to grin as much as xmr.

tromp 3 days ago  [ - ]

Indeed that is one downside of hiding amounts, as shown in row "Fully auditable supply" in [1]. Finding out just one discrete log (log_G(H)) can collapse the whole system with undetectable inflation.

[1] https://phyro.github.io/grinvestigation/why_grin.html

beeflet 3 days ago  [ - ]

In opaque blockchains, the mechanism that prevents inflation is the same mechanism that prevents double-spending. The user can verify that inflation has not occurred by running a monero node.

Everything considered, I don't think that the risk of a monero inflation bug is greater than a bitcoin inflation bug when you consider the complexity associated with scripting.

akimbostrawman 3 days ago  [ - ]

wrong

https://www.moneroinflation.com/inflation

coldblues 4 days ago  [ - ]

Tari uses Mimblewimble (privacy coin developed by previous Monero devs with a focus on privacy), so we're not far from being able to benefit from it.