I disagree with you on this one (and I think I owe you a response on Reddit, now that I think of it). In short, I think this is at best an open question, but if it turns out there is any orphan risk or marginal-cost-per-tx, and/or if miners don't actually compete, longrun, on mostly the commodity block-production anyway, then this just amounts to unnecessary economic meddling, and I hate it that people are so quick to justify this sort of thing.
I just fail to see how a fee market is going to develop. In either case, limited or unlimited blocksize, you need a huge amount of transactions per block to keep miners incentivized and the network secure. Let's take the example of 1 Exahash the network hashrate is around today. With an average price of 400 over the last month, miners earn ~$10k per block (taking this number for convenience). Coincidentally, Bitcoin's daily transaction fees hit almost $10K on a 200 day moving average. For convenience, I will take that number as well. From another chart, we also see that number of transactions just hit an all time high of 242,129 tx/day. That's ~ 2.8 tx p/s with blocks becoming kind of full on average and a limited blocksize. In sum, currently ~ 2.8 tx p/s is making up for ~$10k in transaction fees daily. When the block reward runs out, assuming miners are currently mining at equilibrium, we would need (6*24) * ~2.8 tx p/s = 403 tx p/s on the main chain to yield the same proceeds for miners as of today. That is conditional on most current variables remaining the same and blocksize being limited, since I think it would likely be a race to the bottom with an unlimited blocksize and no block rewards. I personally fail to see how to accomplish this, certainly with the push of lower value transactions to side-chains. Perhaps the fees of higher-value transactions will reduce the amount of tx per seconds needed, but it would still be a large number to accomplish. Also, bear in mind that if the network is doing such a high amount per transactions, we likely need more hashrate to make the network more secure.
Anyway, it will be an interesting experiment, that is for sure.
Links:
https://blockchain.info/charts/n-transactionshttps://blockchain.info/charts/transaction-fees-usd?timespan=360days&showDataPoints=false&daysAverageString=200&show_header=true&scale=0&address=
That said, it's money supply transparency that matters most, so if a coins comes with a tail-emission out of the gate, that's fine (except for the above caveat about it suggesting the devs/community may be prone to over-engineering in the economic realm).
But in Monero's case, you tail-emission supporters broke *the* single biggest implicit contract: don't change the supply dynamics!! I loathe the fact that I bought-in to one economic model in 2014 and then a bunch of economic-meddlers decided to change the model out from under me. Yes, it's small relative to my holdings, but quite the slippery slope. That might as well be fiat, and the move *drastically* reduced my respect for the coin, the developers, and the community.
They did not do such a thing? Smooth already stated this earlier and on the earliest web.archive I could find it is also stated clearly ->
http://web.archive.org/web/20140520215957/https://bitcointalk.org/index.php?topic=583449.0. See:
Seems minor to me, but hard for me to truly judge without being a cryptographer.
Well, if the cryptography breaks, the whole system breaks and it will be rendered worthless. Therefore, it is in my opinion extremely important. Furthermore, Bitcoin is also build on solid cryptography. Cryptography usually strengthens over the years, when it has been thoroughly tested, vetted and peer-reviewed. Relying on mature cryptography, opposed to an infancy one, is definitely an advantage in my opinion.
This post of gmaxwell emphasizes the importance of cryptography:
Cryptography has never been a significant part of cryptocurrency - even though it may share the first few letters. It works on a system of digital signatures.
It would seem that you actually do not understand what cryptography is in the modern sense.
A fundamental nature of information is that it wants to be freely copied everywhere to everyone. That any bit is equal and indistinguishable from any other bit of the same value and that any bit is eventually known to all who care. Cryptography is all that technology by which we hope to confine and constrain the nature of information, to put up fences and direct it to our exclusive purposes, against all attacks and in defiance of the seemingly (and perhaps actually) impossible. Digital signatures are cryptography by any modern definition and utilize the same tools and techniques (for example, a DSA signature is a linear equation encrypted with an additively homorphic encryption), and suffer from most of the same challenges as the message encryption systems to which you seem to be incorrectly defining cryptography as equivalent. Moreover, the use of digital signatures isn't the only (or even most relevant) aspect of cryptography in cryptocurrencies-- e.g. the prevention of double spending of otherwise perfectly copyable and indistinguishable information in a decentralized system is a cryptographic problem which we address using cryptographic tools, and-- like all other practical cryptography-- achieve far less than perfect confidence in our solution. As are more modest ends like interacting with strangers but not being subject to resource exhaustion from them.
Far more so than other sub-fields of engineering, cryptographic systems are doing something which is fundamentally at odds with nature and share an incredible fragility and subtly as a result (and perhaps all are failures, we have no proof otherwise).
A failure to understand and respect these considerations has resulted in a lot of harmful garbage and dysfunctional software.
In addition, it might take 10-20 years for Zcash's cryptography to become mature/vetted and considered "safe". Bear in mind that Zcash is also prone to (thus not safe from) quantum computing, which might by the time their cryptography is considered "safe", break their "system".
I agree with your other comments.