Topic: rpietila Altcoin Observer - page 133. (Read 387493 times)

Perpetual debasement. If you had bothered to read some of his discussions, you'd know that. You'd make a good posterchild for Dunning-Kruger.

So when mining is finished who is going to pay the miners?
Nothing in this world come for free you should know that. This was the stupidest statement I have ever read from you.

Just discussions on IRC in #monero-dev (we will move to a more archivable format soon) - once something is ready to be formalised it will be proposed and put up for commentary.

TacoTime, there are cases when it is better to keep my mouth shut. This is one of them.

There hasn't really been any decent alternatives.

For any proof-of-resource chain, it will tend towards centralization. That centralization can be concentrations of stake or coinage, or signing delegates, or hard drive space, or bandwidth, or whatever.

A censorship free, decentralized, provably temporally stable messaging system for which we can transmit and then store transactions simply doesn't exist. I have a lot of doubts about whether or not there will be a solution to that. I think it will be proven impossible before it will be proven possible.

I sort of agree with your post.

I do note nothing gets done to fix these killer flaws, e.g. centralization of mining.

We always push it out into the future when it is too late already, e.g. Bitcoin.

Okay so now we know what the parameters are. So I will go back to work on solving the fundamental problems and Monero can continue moving forward as a stop-gap measure.

Agreed?

(so I can go silent now I hope)

I'm surprised at how many people in the Bitcoin community are fine with the way transaction fees are headed to be honest. I was really surprised too when I downloaded NXT to see that the fee was 1 whole NXT per transaction for a currency just a few months old. I guess they depend on that fee to support the network or something?

Right.  "with a sane minimum" -- something akin to BBR's minimum-mixin flag, to address the long-term mix de-anonymization problem.  A solution to that will boost the blockchain size, though by how much nobody knows yet.  The last time I heard from Zoidberg on this, he was thinking of something like minimum-mixin 5, but don't quote me on that, that's memory.

Thank you AnonyMint, dga, and smooth for your answers. All very interesting perspectives.

The other killer flaw of Monero is non-zero transaction fees. A coin with zero-transaction fees can surpass it quickly.

The other killer flaw of Monero is it inherits Bitcoin's centralization of mining.

I edited my prior post to make that point.

Mostly agree, but one comment. Ring signatures do not make up the entire block chain, so using a mix factor of three (approximately 3x signature size) does not mean 3x in terms of blockchain size factors. Perhaps you are already assuming a mix factor of 5 or something, and the 3x number includes this.

I2P is a general network layer. It is not just Monero that is being run on it. Adding a protocol change to I2P impacts all the network services that run on it. I suppose it might be possible to allow services to opt-in higher latency, so that is implicit in the question I asked of them. But it might not be possible for various reasons, one being resource usage reciprocity on relay nodes (or who provides the bandwidth for free and why are they not the NSA's Sybil attack?).


If something comes along that can scale faster because supports ZERO transaction fees, prevents pools from being large, mass mining, micro transactions and Ethereum style contracts, then Monero could be surpassed.

Also I don't believe Monero is anonymous to the NSA and authorities with high reliability given the weaknesses in I2P and Tor.

Also just like Bitcoin, Monero appears headed towards centralization thus it won't take long for NSA to have power to send national security gag order to the few pools that will dominate it, and thus defeat the anonymity either by correlating entry and exit node timing or simply changing the protocol to ban transactions they can't correlate.

Centralization is the near-term enemy. Bitcoin is already there. Monero has not innovated at all on decentralization of mining.

Note I did not argue that Monero is useless in all possible scenarios one can contemplate.

It depends. If you think this is going to replace Visa (or perhaps larger, by including micropayments that are currently handled "off-chain" with Visa) in its present form that then that is probably in the PB range. If you are thinking about Bitcoin today and in the foreseeable future then that is not PB.

Anonymint to his credit wants to "think big" and focus on the former. I think that's entirely reasonable, but I also think it is fairly useless for him to be doing so on this forum, because there is little indication that Bitcoin-derivied technologies are going to do that and certainly he is going to get very little useful collaboration here because few if any in the Bitcoin space are currently making any serious effort to implement it.

The rest of us are (or at least the Monero team is) focused on incremental improvements on what already exists and adding value in the near future. So adding some level of privacy to Bitcoin which currently has essentially none, improving scaling even if that doesn't mean scaling to PB, fixing bugs, improving usability and performance, etc. It is entirely possible that all this work will be made entirely obsolete someday by what Anonymint envisions, but it won't be soon.

To the previous poster:

(a)  Some people are looking for any hammer they can to bash on the CryptoNote coins in general, and XMR specifically.  This is the most obvious, because it does represent the most apparent tradeoff made thus far:  The cryptonote blockchain is larger than the bitcoin blockchain.

(b)  It's actually interesting, for the above reasons, if your goal is for BTC or XMR or BBR or whatever to "take over the world" (i.e., replace cash) and scale to handle thousands of transactions per second.
  (b.1)  The block time is 60 seconds, so there is 10x more overhead from "blocks" (as opposed to transactions).  An "empty" XMR blockchain is O(10x) larger than an "empty" BTC blockchain.  An empty BBR blockchain is 5x larger than an empty BTC blockchain.  I use the "order of" notation O(x) to note that this is not a precise answer, but it's the right order of magnitude.

  (b.2)  To facilitate anonymity, transactions in CryptoNote are split into fixed-size chunks, so that the precise size of the inputs and outputs is not a clear distinguisher of the transaction.  Thus, one "payment" (as the user sees it) involves more inputs and outputs than might be typically used in Bitcoin.  Kind of.  None of the analyses that people have posted are very careful on this front, because the increase in transaction size depends on how well your client software can match up your existing set of coin inputs (which were also sent as fixed-size chunks!) to the outs it needs to generate.  This may be anywhere from 1x to 10x.

  (b.3)  When using mixins, the ring signature scheme adds an extra signature for every mixin used.  Thus, again speaking vaguely, a CryptoNote transaction is a few times larger than a BitCoin transaction, other factors being equal.

(c)  People are guessing and seem to be biasing their answers in favor of the direction they like.  I don't think people have a good answer to how much (b.2) above actually adds to things -- my personal hunch is that it's maybe a factor of two or three, but that's a guess.  Some people are pointing out stridently that the "empty blockchain" is actually only X much bigger than bitcoin, and that's true, but it's also a bogus measure, because we shouldn't care about the size of a blockchain that's being used primarily for mining coins and sending them to an exchange.  

The people picking huge constants and multiplying them all together are being similarly deceptive, because they're ignoring that some overheads (such as the block header, etc.) are fixed and shouldn't be included in the multiplication.

If you pick and choose this, you can construct almost any answer you like.

Here's my guess:

- Splitting into fixed size chunks:  2-3x
- Ring signatures with a sane minimum for guaranteeing anonymity:  3x
- Block time:  Negligible in the limit as the number of transactions increases
- Bigger individual signatures and addresses:  2x

Overall:  Roughly 10x the size of bitcoin.  Perhaps 10x, perhaps 30x.  With bitcoin at nearly 20GB, the XMR equivalent would be somewhere in the 200-600 GB range.

This is a concern.  Once the blockchain is too big to fit on a single commodity hard SSD, for example, the *time and knowledge* needed to participate as a full node in the system increases substantially -- RAID arrays, building your own hardware, etc.  The time to download the blockchain may also be a concern for the time to bring a new node into the ecosystem.

This is also an overblown concern for the moment, given the newness of all of these coins, the experiments underway at ring signature pruning (BBR), the increasing understanding of pool management to mitigate dust transactions (XMR), and the fact that we have *no idea* what kind of fees people would be willing to pay in order to have their transactions remain anonymous, or whether and what technical solutions will work well to help keep the size down.  There's also a complex long-term interplay with Moore's law and the volume of transactions.

tl;dr:  People are blowing a lot of smoke to try to achieve their own aims and pretending to be a lot more certain about it than they really are.  It's an important question.  But you probably don't need to panic about it in the short term.

Not sure I understand, this delay is useful when sending coins because couple of additional seconds is worth the wait. We don't need other general network functions - or do we?

Do we expect and require Visa scale and micro transactions? Bitcoin is fine for that. Remember you yorself claimed we are running out of time because of coming global sovereign debt collapse and currently there is nothing better on the horizon that would stand up to your criticism for now let's just stick with what we have and concentrate on the main goal - it doesn't include micro transactions on Visa scale.

Is there any place I can go to learn about the ideas presented thus far?

This is open source correct?

Yeah, I was just being snarky:-P


I don't think pruning is possible, at least not in the way you could with Bitcoin. There are other things we're looking at, but in my opinion pruning is a non-starter for solving this.

Question:


Reply:



To get to Visa scale with Bitcoin brings us to 80 Terabytes without pruning.

Monero claims 5 - 6x bloat (and I disputed that, it could be higher see below...). So heading towards a Petabyte just to reach Visa+MC scale.

And we are expecting micro transactions and crypto-economies (Ethereum, CounterParty, Bitshares, etc) so the volume of transactions could increase orders-of-magnitude over Visa+MC scale.

Thanks for the information.

(Anyone) - Any suggestion on a small and cheap netbook or the like, to be used as an offline machine?
I will be using a USB stick with the wallet generator on that and just print off it.

Thx in advance,
EMS

Also ask how they can prevent Sybil attacks on the relay nodes? Answer: they can't

Also ask if adding the randomized delay would be compatible with use of I2P as a foundational network layer for general network functions? Answer: No