Quote
I would say closer to ZeroCash. I've heard from the relevant experts that Monero is not computationally-efficient enough to stand on its own, but I have similar problems with ZeroCash standing on its own (it is almost "too private", for people to check and make sure it's working correctly). However, I think both (and/or, the concept of "coin privacy") will be among the first practical, usable, sidechain applications. I think that people will sidechain coins over, mix them on the sidechain, and then send them back.
What are they implying by "not computationally-efficient enough to stand on its own"?
I'm honestly not sure.
There are criticisms about the chain being larger than Bitcoin. That's one thing, maybe an issue in practice, maybe not, but not really the same question as "computationally efficient".
There have also been criticisms of the PoW being too slow. This was a bigger concern before it got optimized and verifying a PoW took a second or something. But now at 20 ms, I don't really see this as disastrous. Even if it is, it could easily be replaced, and doesn't constitute a scaling issue (PoW cost doesn't go up as usage increases, in fact it decreases per-tx).
I'm not really sure where a criticism of the protocol itself being too computationally inefficient would come from. The signature verification is based on DJB's elliptic curve methods that are designed to be very efficient. We can verify something like 1400 signatures/sec on CPUs that are a couple of generations out of date. And that isn't even fully optimized.
So who knows. Sometimes memes based on a tiny bit of information, possibly taken out of context or misinterpreted, just get out there and take on a life of their own, making them very hard to ever fully kill off.
I assume you meant transactions instead of signatures.
For example this recent tx "06246f5c78aefac38b6c539ffc2ead5d48d452a38dbffe019cb63668aba657ed" has 15 inputs at mix 1, or 30 signatures. It took 3ms to verify on my machine (i7-4770). That would imply 10k sigs verified per second (not sure if this is multithreaded or not, and I'm not sure how much overhead there is on verifying beyond sig checking).
Actually I completely misremembered not only the number but the context of it. It was 2.5ms/tx average according to NoodleDoodle on a i7-2600. I originally thought it was single threaded which would yield 1600/sec not 1400, but now I'm not sure how that was measured since multithreaded verification was added at some point, though not sure if it is signatures or PoW. I guess signatures since most syncing PoW uses the precomputed hashes now anyway.
We could look into the code more carefully here to see how it is being done, but all of these numbers agree that "computationally efficient" doesn't make sense to raise an issue. And of course both your numbers and NoodleDoodle's numbers are aging to old midrange desktop CPUs. You would run into huge problems with storage, bandwidth, centralization, etc. long before computational cost because a bottleneck. That's true for all blockchains so I just don't understand the original statement except as a misunderstanding.
Just going from memory, I'm fairly certain the POW verification is multithreaded now, and was changed before the fast-block-sync stuff. So I don't know if tx verification is multithreaded as well, but I tend to think yes.
Edit: wallet "refresh" command I'm fairly certain is *not* multithreaded.
If you want to donate hurry up before you are unable to 
