Post B2M49RAKHEOolUtNzM by d28413712171c33e117d4bd0930ac05b2c51b30eb3021ef8d4f1233f02c90a2b@mostr.pub
(DIR) More posts by d28413712171c33e117d4bd0930ac05b2c51b30eb3021ef8d4f1233f02c90a2b@mostr.pub
(DIR) Post #B2M49OZNvbf4iLar8C by fcf70a45cfa817eaa813b9ba8a375d713d3169f4a27f3dcac3d49112df67d37e@mostr.pub
2026-01-16T09:13:57.000Z
0 likes, 0 repeats
Today we're going to talk a little bit about cryptography.This applies to Monero but also to Zcash, although in a slightly different way, but I'll stick to Monero.I am not saying that Monero is not private; in fact, it is very private. I am not going to deny the obvious, but I am going to explain why, in my opinion, Monero is not a good place to keep your savings for decades.I will try not to get too technical so that it is easy to understand.In Monero, two different things must be separated when auditing its supply:1- Auditing how much XMR has been issued through mining (coinbase):This can be verified with a node (and is reproducible), because the protocol defines how much each block can pay, and the node can add up the coinbase rewards. This gives you a verifiable number of emissions per block.Adding coinbase is useful for mining issuance, but on its own it does not prove that coins have never been created due to a failure in private transactions.2- Auditing that there was never hidden inflation in transactionsHere, the honest answer is that it cannot be done with absolute certainty in the sense of being 100% mathematically provable by looking at the chain as public accounting, because Monero hides the amounts. In Monero's official post on supply auditability, they say it as it is: in opaque assets such as Monero or Zcash shielded, it is not possible to simply count the available supply, and therefore there is a risk of implementation flaws leading to undetectable inflation, flaws that could allow inflation undetectable by simple public accounting. They even conclude with the key idea: if you need absolute assurance of supply, that pushes you towards a transparent asset; if you hide amounts, you are shifting the assurance to the correctness of the proof/signature system.So how does Monero prevent inflation on a day-to-day basis?The nodes do verify that each transaction adds up, but they do so with cryptography:- In RingCT, the consensus verifies a balance equation in commitments (Pedersen commitments).- And it also uses range proofs (today Bulletproofs/Bulletproofs+) to ensure that the committed amounts are positive/in range and that you cannot sneak in negative or out-of-range values to fabricate money.In other words, if we assume that these proofs are correct and that the cryptographic assumptions hold, you should not be able to inflate the supply without the nodes rejecting it.Why is it still not absolute certainty?Because, as in Zcash Sprout, the hard problem is that if there were a soundness flaw or an implementation bug that allowed invalid but accepted proofs to be generated, the inflation could be undetectable to an outside observer who is just trying to add up coins, precisely because the amounts are hidden. So if there really was undetected inflation, then it is plausible that the cryptographic checks/tests as implemented at the time would not have detected it either. And, depending on the type of flaw, there is no guarantee that you can detect it retroactively today either.For this reason, Bitcoin did not and will not adopt these privacy methods because they would destroy one of its main features, the 100% verifiable supply.
(DIR) Post #B2M49PsZ3mb6m7ZgfI by f985d309197c805e1719c73185b574fc3ee407d7c1b6157dee99c6ace2599bbb@mostr.pub
2026-01-16T13:06:10.000Z
0 likes, 0 repeats
nocoiners think that digital money is ridiculous. how can a chain of signatures be money?Bitcoiners have learned to trust cryptographic primitives and understand that no one can steal your Bitcoin.Monero people have learned to trust more cryptographic primitives. They understand you can verify more than just basic ownership.The number of people willing to trust cryptographic primitives over time will only increase.Bitcoiners are the Nocoiners of 10 years ago.
(DIR) Post #B2M49RAKHEOolUtNzM by d28413712171c33e117d4bd0930ac05b2c51b30eb3021ef8d4f1233f02c90a2b@mostr.pub
2026-01-16T18:47:11.000Z
0 likes, 0 repeats
I get the argument here, but it's a huge lift to get up to speed on monero's extra primitives, not to mention it's history as things have changed numerous times along the way (from my limited understanding).There's also the simple argument that I can't fully shake, that digital scarcity can only be created one time. Not trying to rely on religious-style maximalism, but it's kinda hard to ignore the underlying message on that one, for me anyway.
(DIR) Post #B2M49SQJbGmcfNNfY8 by f985d309197c805e1719c73185b574fc3ee407d7c1b6157dee99c6ace2599bbb@mostr.pub
2026-01-16T21:25:05.000Z
1 likes, 0 repeats
as I understand it, the maxi thesis is "for supply audibility purposes, transaction amounts on a blockchain cannot be hidden. they must be transparent."I think for Bitcoin, which is the first to mover in a new technology space, this is necessary. it is so different and understanding it is so challenging that nobody would ever use it if amounts were not transparent. but. I reject that thesis as axiomatic.as technology ages and we begin to understand it better, the attack surface becomes better known. A blockchain is not a complicated data structure.people will trust MORE and DIFFERENT cryptographic primitives then Bitcoin has implemented as time goes on. this includes cryptographic primitives that verify supply.fun fact, both Monero and Bitcoin have had inflation bugs. monero's was detected (a "hidden" bug) and provably not exploited. Bitcoin fixed the bug and reorged out the chain with the created coins. On Bitcoin, how do you trust the cryptographic primitives that create a wallet and the addresses to be unique and guarantee that only you can spend your coins? how do you trust that when you send a transaction it is properly assigned to the destination? probably you know a little bit about the general theory and you trust the community to do the rest. after all it's mathematics. if there was an implementation flaw, the community would fix it and recover.it isn't any different with Monero vis a vis supply. The attack surface is finite and, if the implementation is correct, the supply is guaranteed by mathematics.now, maybe we don't trust the community to correctly implement it.maybe we don't trust that it's been an existence for long enough to be battle tested. these are reasonable objections. but I'm not seeing these reasonable objections. and simply saying " a blockchain should ONLY have transparent amounts because we can never trust the supply" is only a luddite view. the problems we will encounter and the errors we will make are finite and knowable things.#bitcoin #monero