5 sats \ 9 replies \ @ZezzebbulTheMysterious 3 Mar \ parent \ on: Why aren't ecash solutions such as cashu being developed on top of monero? ecash
The problem is the STXO (spent tx output) model used in monero — eg: you must record all consumed “key images” or commitments to a given keypair without revealing them for all time. You just keep this list forever. We could do something clever here with further set inclusion zkproofs but it’s still about accumulation of ancient cruft.
This scales awfully compared to the UTXO model, which already doesn’t scale enough to be a picture gallery of mental patients jpegs. BTC is prunable and easy to remove unspendable jpeg trash.
DC is right. The clean, simple UTXO model of Bitcoin is the right model to build Layered networks.
BTC is prunable and easy to remove unspendable jpeg trash.
Really? How do I prune it then?
I want to prune spam that is new blocks as well and without pruning financial data from the old blocks. I am only familiar with pruning old blocks (all of them nonselectively) in order to stay under the specified
number of megabytes by specifying
prune=<number_of_MB> in Bitcoin Core's bitcoin.conf?I agree with you that in the case of Monero the model of storing
so much in blockchain does not scale. That said, they seem to be able
to store what they store quite efficiently, as of now their blockchain size is
180GB (
x=$(curl -sd '{"jsonrpc":"2.0","id":"0","method":"get_info"}' http://node.moneroworld.com:18089/json_rpc | grep 'database_size' | sed -r 's/.*: ([0-9]*)\,.*/\1/g'); y=$((x/1024/1024/1024)); echo -e "\tCurrent uncompressed Monero block chain is: "$y"GB" )
when compared with Bitcoin's 584GB . Given that onchain their fees are
below one cent, why aren't ecash solutions integrated with monero?
Is it the lack of Lightning?reply
I mined monero during the early days and have basically reduced my position to zero over time. There are some fundamental problems. The lack of transparency onchain does not help.
After the low order generator bug was found (https://jonasnick.github.io/blog/2017/05/23/exploiting-low-order-generators-in-one-time-ring-signatures/), there is a fear that a future inflation bug may be found and exploited invisibly. These existential risks to blockchains means we should not build on an unstable base.
I am aware a tx validation bug was found in Bitcoin by Matt in 2018 — however this would be discovered more quickly on a transparent chain.
Don’t fall into the falsehood that big chain = more users. By this metric Solana is the most used chain and we should do all lightning there. Lol.
Larimer used to say “proof of activity”, EOS is best chain by tx count. Lol.
Monero is inefficient with a STXO eternity set (pls fix/nerd this monero devs), and the 11+ Ring sig is vastly more inefficient with so much decoy key material vs Bitcoin.
Bulletproofs have helped considerably over the earlier range proofs, but size is a problem.
Monero is good for what it is, but it is not Bitcoin.
The sheer number of txs processed by BTC vs XMR at ~2x the chain size vs monero… (with a 5y head start too).
reply
You're forgetting to add that for XMRs increased transaction size you're retaining sovereignty while also getting:
no visible addresses
no visible amounts
obfuscated senders
targeted miner censorship becomes impossible
anonymity
fungibility
Yes, Bitcoin has smaller transactions, but it also has none of the above and is less effective and less efficient in being "private" than Monero
You can also prune/shard Monero. You don't have to keep the full blockchain. Technology isn't static either Monero can grow alongside it.
Monero also has the ability to upgrade to newer, better, more efficient tech. Bitcoin doesn't have that same adaptation (for better and worse) because there is no will to hardfork.
reply
None of this things speak to the technical sustainability of the ecosystem.
You cannot easily prune it as you have no idea what Is consumed or not. This is a fundamental problem — also the STXO grows bounded, vs the UTXO bound of bitcoin.
Do try to understand what I am saying. This is not a political thing — I really love the idea of monero!
Monero blockchain is fundamentally more unscalable than bitcoin. This is quite obvious. Monero would break if it tried to handle such flows.
reply
Yes, I agree Monero is fundamentally more unscalable than Bitcoin. I understand, but allow me to push back a bit and see what you think...
The claim that Monero is not technically sustainable rests on many assumptions:
-Monero will quickly grow many orders of magnitude in a short time
-General consumer tech will not continue to advance
-No more efficiency gains
-Complete protocol upgrades won't happen
-Every user has to be able to run a node or it's not decentralized. For a crypto to be sufficiently decentralized enough to avoid capture 1 node definitely isn't enough, but every single person is overkill. Diminishing returns are a real thing. Bitcoin had less nodes 5-10 years ago. I'm sure you would agree Bitcoin was decentralized enough back then. Bitcoin will have more nodes in the future. Is it not decentralized right now?
One can easily run a pruned Monero node at a fraction of the size, although technically it is closer to "sharding", so you are right I shouldn't call it pruning.
You assume Monero needs to handle such flows right now. But that is a hypothetical that is unlikely and will probably never happen. In the end Bitcoin would also break in a hypothetical scenario of overnight adoption. I don't think any serious Bitcoiners would claim that Bitcoin scales as it is right now. Lightning doesn't even scale.
Monero is handling a nice chunk of Bitcoin flow today (33%-40% daily tx count) and works fine
https://bitinfocharts.com/comparison/transactions-btc-xmr.html#3y
reply
That is interesting, it has really taken off in tx count this year. Maybe it doesn't need such flows right now.
I think my concern with opaque blockchains in general is that some bug will either:
a) make it much easier to map tx graph [thus challenging the users threat model, which maybe well considered in a transparent blockchain]. or
b) allow invisible inflation
several nasty bugs over the years have caused some problems with exchanges. can we be sure there were no undetected events?
reply
a) Is it realistically possible to map the tx graph on Monero if receivers are not visible? (unless you are using Monero on exchanges or have the private keys to a wallet) Every hop makes it exponentially more difficult to find a sender. After only one hop away from the original transaction there is less than one percent chance of guessing sender correctly (~0.4%), two hops (~0.02%) etc. (not even considering you could be chosen as a decoy for someone else too) But if this worries you I'm not sure why you would use Bitcoin as mapping a tx graph is 100x easier to do.
Also, if this is still your concern, Seraphis upgrade will bring FCMPs (Full chain membership proofs) that are replacing ring sigs. They are being worked on already. Every transaction will eventually be a potential member of every transaction that has ever occurred with FCMPs.
b) Fair concern, but Monero cryptographic commitments are based on relatively old tech from the 80s. Pretty well established and tested so invisible inflation is in realm of possibility but unlikely. If it still concerns someone you can just sidestep this by only treating Monero as a checkings account (having a small pool for transacting) and using Bitcoin to save until Bitcoin has better privacy tech (if ever?)
reply
A) I look forward to seeing newer tx encodings that increase the anonymity set for spends. Thank you for the reference as I have not been following.
B) actually happened, was exploited in Bytecoin. Patched in XMR.
Newer encodings like A) introduce risk of B).
Would you decode what is STXO?
reply