I ask this question because someone on HN reminded me of this great 2001 article from Joel "Nostramdamus" Spolsky on Blockchain Astronauts:
> Don't let Architecture Astronauts Scare You https://www.joelonsoftware.com/2001/04/21/dont-let-architect...
> When you go too far up, abstraction-wise, you run out of oxygen. Sometimes smart thinkers just don’t know when to stop, and they create these absurd, all-encompassing, high-level pictures of the universe that are all good and fine, but don’t actually mean anything at all.
> These are the people I call Architecture Astronauts
> The Architecture Astronauts will say things like: “Can you imagine a program like Napster where you can download anything, not just songs?” Then they’ll build applications like Groove that they think are more general than Napster, but which seem to have neglected that wee little feature that lets you type the name of a song and then listen to it — the feature we wanted in the first place. Talk about missing the point. If Napster wasn’t peer-to-peer but it did let you type the name of a song and then listen to it, it would have been just as popular.
What's the equivalent for Grin of "that wee little feature that lets you type the name of a song and then listen to it" ?
The reason Napster made more sense than a single central server is that what it was doing was explicitly violating copyright law. At the time, there was no real possibility of licensing music for distribution online, even in a pay per song model. The only reason RIAA/etc caved and allowed both download services and streaming services was the success of early private services.
This is like questioning why Silk Road needed all the infrastructure when you could just list your illegal drugs for sale on eBay.
The wholly grail of cryptocurrency today is not optimizing anonymity but gaining legitimacy and working as a payment system parallel to national currencies while complying with the complex regulations around KYC and criminal and terrorist financing. These are vigorously enforced in any first world nation, for sound, historic reasons.
The wholly grail is to opt out of government surveillance while maintaining social responsibility and capacity to root out bad actors. This will probably require a mixed, technological, institutional and regulatory response if it is ever to be realized.
Abstracting the real world away and hiding in your little cryptographic fantasy governed only by math and not people will leave you with speculative playmoney in the best case and a dangerous can of worms in the worst.
As for legitimacy. If people used crypto for payments without ever converting to fiat, absolutely no “on high” institution or state can confer legitimacy. It’s irrelevant.
And as for money laundering and terrorism. Give me a break. The existing financial system is gamed all the time by nation states, the wealthy with shell companies and tax havens and the biggest ‘coin’ in all these activities is the USD. These laws are vigorously enforced entirely selectively and usually politically. I’d rather it was simply impossible.
As for bad actors, these exist now and always will, that doesn’t mean you stop the rest of the world having access to tools to move value how they want and avoid state run monetary policy. The world’s elites and mega corps do this now already.
This is an impossible requirement. Every country has different, subjective, fluctuating, and often vague regulatory requirements. Not decentralized platform could ever comply.
The reason crypto hasn't taken hold is simply that it doesn't scale. When enough people use it, the system grinds to a halt. Newer cryptos, like Monero have made some big steps recently, but there's still a long long long way to go for scalability.
We first need to acknowledge the need to comply with the spirit of these regulations and allow some features that national operators can build on to create legal solutions.
There is a commonality here and there is a international convergence towards similar regulations. Sure, some countries with particular draconian legislation could still reject crypto, but there could exist a workable compromise in most other countries.
I reject this idea that we need to go Full Monty: from one end of the spectrum (no privacy, complete state control over money and banks) to the other end, financial anarchy.
It's not going towards "anarchy" unless you're defining it to mean "there is no one from a government agency involved."
A market is a regulatory mechanism: prices via arbitrage transmit information about supply and demand directing actors to devote their efforts to alleviate scarcity. And cryptocurrencies by design have mechanisms that help enforce contracts which is directly regulatory.
And excellent anonymity, privacy and fungibility of its token, enabled by the large set of txs that do not reveal their audit key.
You either trust national governments and their KYC and AML laws, or you trust the crypto network and _its_ governance. That is the whole point, as stated by Satoshi.
If your crypto complies with some least- or greatest-common-denominator of government laws (as they apply to their national currencies), then what is the point?
If the decentralized governance rejects on principle that money laundry is a social problem, then society through it's various forms of governance might reject the currency, just as it would reject say, a hyperinflationary currency.
This is what I mean to say by "going full-crypto-Monty": there is a strong tendency in the community to reject some important social values without debate and to try to enforce a political perspective on how society should work by circumventing the legitimate venue where these political debates are fought. The more the problem is asserted, the more crypto people double-down on their utopian narrative and invent new technical measures to circumvent any social control, such as this here.
I'm naturally "full crypto-Monty" and find it hard to connect with people who identify more with today's political model.
Can you point me to some thinking you respect about how to blend various governance venues (crypto and physical/political)? Thanks ahead
But crypto currencies were borne out of a distrust for banks and government money policy, like inflation.
In my view, the fallacy was/is that by putting trust "in the network", these policies could be avoided, not duplicated. But that's impossible: crypto currencies merely shift trust to the network operators (who, for financial gain, become increasingly consolidated), and to the maintainers of the code, who ultimately determine the rules.
Maybe the point is that with a diversity of currencies, there is a diversity of policy choice. But that only increases the exchange problem, which defeats the purpose of a currency (that is, being widely accepted).
Which projects (or, rather, their communities) are doing the most interesting stuff around achieving widespread distribution? I agree with you that this is essential for any crypto to truly become viable as money. If Bitcoin has won the store of value battle at least for now, then that leaves the medium of exchange game wide open and it won't be ABC/SV.
What the... That’s not the goal of cryptocurrency according to its creators. The goal is, as you stated later, “to opt out of government surveillance”, which is incompatible with the former. You’re contradicting yourself.
Why don't you allow for shades of gray, workable anonymity that protects most regular people yet can be lifted by law enforcement in a auditable and costly process that rules out mass surveillance? Why can't we have crypto-banks that know you identity yet can't freeze your assets, only atest to them when compelled so by law? Can you mathematically prove such constructs are not possible? Is there a possibility they could serve society's needs better than either the current banking system or the Bitcoin-style hodge-podge?
The selling point of cryptocurrencies is not being beholden to the whims of a government.
To give a very crude example, a FBI backdoor key established in the genesis block could allow them to publish into the blockchain a personal information fetch request that is public and has a public field that the agency is expected to populate with relevant court order number. They could of course issue requests without that field, but in that case everyone could see their behavior and laws could be passed to make it illegal.
A further refinement would be to request a financial bond before the operation is executed. This bond could increase exponentially, guaranteeing the backdoor cannot be abused for mass surveillance and is employed for limited, high profile cases.
The "whims of a government" are often the expression of strong social forces that exist for a reason. Rejecting any form of social governance is an Utopian political construction at it's core, masquerading here as technology.
I'm going to guess you're American. It might be news to you, but the rest of the world (and many Americans) don't want to be subjected to the United States government and its inane laws. You might love your government and think it does no wrong, but we don't. And it has a terrible track record.
Moreover, what are you going to do when the inevitable happens and this "supersecret backdoor key" is leaked? Your system is a ticking time bomb.
> They could of course issue requests without that field
Your "field" is useless then.
> but in that case everyone could see their behavior and laws could be passed to make it illegal.
Then what would be the point of allowing it in the first place?
> The "whims of a government" are often the expression of strong social forces that exist for a reason.
"Strong social forces" doesn't mean "good social forces". You have an incredibly naive view of how governments work if you think otherwise.
Or you could move away from a centralised governance altogether and have a stake voting system where the actual users decide to de-annonimize a particularly user. Or we can imagine a weak form of privacy where cooperation among your trading partners can reveal more and more information, a al e-cash with blind signatures, where a double spend reveals your identity.
In short, the question is if "absolutely private money transfers" are something we need and want, not if there are technical ways to gradually weaken privacy in a socially controlled fashion.
Hand-waving is not a valid way to address fundamental problems with your proposal.
> you could issue the key to an international organization such as the INTERPOL
Interpol? Haha, no thanks . You also haven't addressed the key being leaked, which would destroy your proposed system.
> treaties could be set-up beforehand so only lawful use of the field is permitted
Yeah, that tends to work very well in the real world.
> key revocation is a thing
So who can revoke this supersecret magic key, and under what conditions? If you don't specify that, this statement is as good as meaningless.
> a stake voting system where the actual users decide to de-annonimize a particularly user
Which “actual users”? Literally everyone?
You're going to have to explain the details of your proposed deanonimization system because as it stands it's completely vague.
When every known system that meets your criteria fails, the onus is on you to show that such a system can succeed.
> The imperfect nature of international law and institutions is not such an issue
Relying on a demonstrably unreliable system, particularly where enormous power is concerned, is absolutely a fundamental issue.
> our worldview that rejects money laundry is a real problem
This is a straw man. It's like saying that anyone who doesn't believe the government should have cameras in people's homes rejects terrorism as a real problem. We're talking about tradeoffs.
Well, Bitcoin is more traceable than Monero or Grin so there you go, a handy example of an (unintentional) trade-off that seems to work without the sky falling. It's absolutely reasonable that an intentionally designed system could achieve a more favorable trade-off, with better privacy for regular folk and less for well defined, exceptional circumstances.
"Coupling Tor with a trusted coin tumbler, any serious criminal can hide his tracks"
They absolutely cannot. Their tracks are in the the NSA database in Utah. Tor is great for one thing mark yourself suspicious so it is easier to track you down.
TL;DR version for the inpatient
"It all depends on who you are trying to protect yourself from. The biggest forces of surveillance in the world are not governments, but private corporations: Google, Facebook, Twitter, Yahoo, Amazon, eBay, Apple — companies whose core business runs on the surveillance and profiling of every person that comes into contact with their platforms. Everything that you communicate on the Internet gets sucked up and filed away — not by the NSA, but by Google and Facebook. Tor does nothing to protect people from that. Tor does not prevent Google from scanning your emails or recording your search history. Tor does not prevent Google from tracking your location via your Android phone, creating and saving a detailed day by day map of where you go and what you do. Tor works to an extent. If you an individual trying to hide from the NSA or the FBI or the FSB, Tor might give you some measure of protection — if you are very technically savvy — but it is a limited sort of protection. It does not protect users against corporate surveillance. But it does provide a false sense of privacy. That is why Silicon Valley companies like Google and Facebook support Tor: it sells a version of privacy — privacy from the government — that does not threaten their own surveillance business models."
Sending personal letters, or photos of a dissident demonstration are financial transactions?
Won't Grin have to do something similar that would support secure messaging in order for users to build txs in a secure and easy way?
That said, the "no amounts" thing is very confusing. Do they mean to say that the amounts aren't public? Because as far as I can tell, there definitely _are_ amounts. From the repo: "The block reward is currently set at 60 grin" - that's an amount, right? Someone's account is credited with 60 grin. I can then send 20 of those 60 grin to someone else, who can send them on and so on.
Furthermore, the look-forward to quantum computing is great, and not common enough in new projects.
There are 3 main properties of Grin transactions that make them private:
- There are no addresses.
- There are no amounts.
- 2 transactions, one spending the other, can be merged in a block to form
only one, removing all intermediary information.
The 2 first properties mean that all transactions are indistinguishable from
one another. Unless you directly participated in the transaction, all inputs
and outputs look like random pieces of data (in lingo, they're all random
Moreover, there are no more transactions in a block. A Grin block looks just
like one giant transaction and all original association between inputs and
outputs is lost.
Yeah, that's what I thought at first, as well as some other people. I thought that maybe each person creates their own "currency" - maybe all the transactions are just sending files? The people trading determine the currency - a rare (e)book? Photographs?
I feel like it'd be very useful to make this clearer. "No amounts" is a very different statement than "no public amounts".
There is a cascading effect from modeling out speculation that they do acknowledge and don’t care about.
That is called vision.
But I said the same thing about bitcoin being stupid in 2009 here.
Do you mean the fact that there's a fixed continuous rate of new coin production? Because as they point out in the Grin for Bitcoiners page that's still a continuously decreasing inflation rate (as a percentage of all coins).
That's not as much of a storage improvement as I expected from mimblewimble. By comparison, a simple ETH transfer on Ethereum takes 109 bytes: https://ethereum.stackexchange.com/questions/30175/what-is-t...
They do say they could optimize Grin's transaction storage further but don't quantify that. Does anyone here know what the potential is?
1. Each transaction comes with a value called a kernel, this kernel is constant size in the size of the transaction. It does not change with the number of inputs and outputs of a transaction.
2. Mimblewimble lets parties non-interactively merge transactions. So if you have 100 transactions you can merge them together and have only 1 really big transaction and 1 kernel.
3. In mimblewimble you only need to keep kernels and unspent outputs to prove to someone just joining the network that all the rules have been followed (fixed coin supply, all transactions where correctly authorized). Over time you can throw away most of that big merged transaction, as it's outputs get spend and just keep the kernel.
In theory each block should be one big transaction. Thus the size of blockchain grows with the number of unspent outputs and the number of blocks, but not the size of those blocks. This also makes validating the blockchain much faster and under certain circumstances may have privacy benefits.
Mimblewimble it is an important step on the path to scalable blockchains.
Non-interactively merging transactions doesn't combine the kernels into 1. So a block ends up with all the kernels of all the original transactions.
>Non-interactively merging transactions doesn't combine the kernels into 1.
In theory Mimblewimble should support non-interactive kernel merging unless intentionally disabled. There are a bunch of reasons not to allow non-interactive kernel merging such as kernel locktimes, griefers adding spam transactions to your transaction, etc...
Even if non-interactive kernel merging is disabled you can still interactively merge kernels using say CoinShuffle++ and you should to save on the number of kernels.
It's not intentionally disabled. We'd love for Dandelion nodes and miners to be able to merge kernels. But unfortunately that's not possible with the Schnorr signatures and secp256k1 curve we're using.
> Grin's emission rate is linear, meaning it never drops.
This sounds more like a real currency, although, without limited supply this thing won't be going to the moon. The deflationary nature of cryptocurrencies thus far has been my main criticism as their viability of currencies (inflation encourages spending, which increases liquidity).
Also, fixed linear emission is pretty much the second worst possible monetary policy and I think it's basically a way to have plausibly deniable deflation. If Grin adoption follows an S-curve then 50%/year emission won't be noticeably different from 0%. (And if it doesn't follow an S-curve then it has failed anyway.)
Deflationary money can theoretically work, its just that instead of having the vendor adjust menu prices every year for inflation, consumers would have to discount their purchases. For instance, during the 2017 boom, I noticed friends often paid each other for dinner with Ethereum at large discounts.
Obviously this isn't price efficient, and the mental calculus isn't a great user experience, but it can work. We would just live in a much more frugal society which saved a little more. We could have lower defaults as we underconsume. A credit system probably wouldn't work however as we're destroyed the concept of time value of money.
Imagine a thirsty tourist in a desert might be unwilling to part with his Bitcoin for a meal, but willing to do so for a bottle of water as his instantaneous discount rate for water is far higher at that point in time and state.
Whether a coin is inflationary or deflationary is a little more nuanced than simple changes in money supply, and has to do with whether these changes are unanticipated and how users form inflation expectations. Imagine if Satoshi's account suddenly awoke and moved, only to burn those coins in another address. There would be momentary hysteria and selloffs, before inflation expectations readjusted back to before.
You'll see that price levels are relatively indeterminate without strong commitments to target inflation rates. In that sense a bank may be better than a non-sovereign currency at maintaining price stability.
This is spot on and is the main problem. This destroys all lending, which prevents various forms of capital investment - the cornerstone of economic growth.
Like it or not, inflation is a key component to any currency. ...and as you said, increasing the money supply doesn't even guarentee inflation - but contracting it absolutely spells deflation - which is death.
Ideally a "better" cryptocurrency would detect the velocity of money within its own blockchain, and calculate the appropriate amount of inflation (or even deflation) to keep the scarcity of currency stable.
If you imagine that a currency is like blood in a body, then as the body grows (or shrinks), the blood volume must adjust accordingly. Fundamentally, the function of currency is not to save - it is to spend.
I wasn't aware of token curated registries but after skimming the paper (seems to be something like a prediction market?) I don't understand the connection to monetary policy.
(quotes from https://www.ethereum.org/ether )
During Ethereum's life, the block reward has been reduced, and the time bomb has been delayed. This is in itself an example of how blockchains depend on an initial human consensus. The Ethereum Foundation is overseeing Ethereum's monetary policy, and the miners mostly approve of it. This is not a bad thing (decentralization != anarchy).
It really needs to be inflationary.
At a certain point the inflation rate drops below that of fiat currency. Pretty smart IMO
Are you suggesting any of the top 5 cryptos are encouraging HODL besides Bitcoin?
This is an interesting point I had never considered before.
Assuming that a mainstream crypto currency would lose a constant percentage of its coins each year (seems reasonable), any mainstream crypto currency with less than an exponential growth rate will eventually hit a steady state of coins in existence.
That said, they intend for grin to be used in 50 to 100 years. Verbatim. Do you want to wait that long?
Dandelion seems like the weak link from a privacy perspective under a reasonable attacker scenario, though, although it could easily be replaced.
Community funded. Pure mine. Rust, inflationary economics, cuckoo cycles. No governance, but that is debatable. Small team making decisions. What is that?
Beam, entrepreneur team. Had a presalethat allowed them to put devs on the project full time and blow past Grin in material output. It’s not a “pre-sale” but it is. They pay back the investors through splitting the block reward (founder’s reward) over the first five years. Then spin that into a foundation, C++, cuckoo cycles.
Give Beam a chance before you say it’s a scam. They are good people. I don’t agree with what people are saying about them, despite disagreeing with their approach. Talk to them before making up your mind. They have sound arguments that founder’s will understand, and ideologues like me disagree with.
Somebody has to do the work to bootstrap and develop the network. Whom do you expect to govern the project? Governance meetings are public, bi-weekly, in the Gitter Lobby chat, you are free to join.
Also since I am into nitpicking, economics are inflationary for the first couple of decades gradually switching to deflationary (1 grin per second forever).
I don’t think the monetary/inflation model sufficiently differs between the two to make a real difference. For a payments system, I’d rather see higher inflation, or at least a subsidiary token with higher information, but none vs linear isn’t a big difference, and any of these can probably work, as long as it is predictable.
As long as they are making decent decisions, no one deeply cares about governance (yet). Maybe they will in the future, but for going from
0 to something used by people, I don’t think it has ever been a top concern.
One of the two will probably win, but that will likely be determined by:
1) merchant/user/developer adoption (which all feeds on itself, and has a bunch of factors — marketing, toolchain, etc
2) exchange support, with three tiers — “any exchange”, a “big exchange”, and (depending on the user) “my preferred exchange” (coinbase or binance for many)
3) lack of fucking up in unrecoverable ways
4) (as yet unsubstantiated) the first really good mobile wallets on android and iOS
5) killer initial applications (which might just be regular user to user anonymous payments, but could be something new)
6) maybe: erc-20 type functionality to support other kinds of assets
The other competitor for both is if an existing base layer adopts MW. If BTC or ETH (or maybe XTZ or EOS or something) adopted it overnight, that would probably remove the market for a new MW token.
* client (wallet)
* network from client to node (network)
* network node to node (consensus)
Each one has a different attack surface and threat model. Mimblewimble is a neat solution to the ledger, at rest, threat model. I still think zcash is the king right now when it comes to privacy, but obviously mimblewimble is a cool approach to scaling. It’s a really fascinating space.
I’m not gonna spend a lot of time arguing on here, but I think it’s worth closely studying these systems as they’re fascinating. All anonymity focused systems have tradeoffs, just like more commonly understood distributed systems.
With ZCash I'm willing to trust the trusted setup (even if it was imperfect); the issue is that people don't actually use shielded addresses/privacy protecting transactions much.
I don't think blinding factors are as much of an issue.
Zcash setup doesn't matter for privacy. The larger issue is as you said, adoption of private transactions.
Standardizing values makes no sense since amounts are already invisible.
How many self to self tx does bob need to do to hide from Alice and carol?
The more I learn about MW the less suitable it seems for my goals.
If you imagine the ledger like a deck of cards, there is probably a point where all txo's are shuffled (and we can likely make a conjecture that after N shuffles, the position of any txo is unknown, it's just hard to gauge how many shuffles we need to do for real privacy guarantees. If you want 6 sigma privacy, you might need to wait a very long time).
The mailing list message https://lists.launchpad.net/mimblewimble/msg00091.html explains how any possible multi-party transaction can be done safely without exchanging blinding factors.
Out of band blinding factor transfer is interesting, also relay/mix nets are interesting. I think it’s all a super cool area that’s worth studying closely.
Please reread the paper.
Are there any projects that you consider to be a success that currently use a distributed blockchain?
I suspect like most people my skepticism comes not from the inherent technology but in all actual deployments so far.
A system that solves scaling, doesn’t appear to be a questionable pyramid scheme, and had even a few of the advantages of the existing financial system would be welcomed.
Would you object to me saying "bitcoin" (edit: I should be clear that I'm primarily referring to market value and making money for those involved with this one)?
It's morally ambiguous at best, but what about "dark net markets"?
Or if we just don't worry about morality, "cryptolockers"?
Of course the latter two are really just consequences of us having a reasonable secure and (seemingly) anonymous currency. The fact that bitcoin enabled them perhaps says more about the state of the rest of the world than bitcoin itself.
Its original notion was "peer-to-peer electronic cash". As best I can tell, there's almost no significant legal use beyond speculation.  Even prominent Bitcoin advocates have admitted it isn't a good currency.  Illegal use is self-limiting; if Bitcoin becomes mainly known as the crime currency, it'll be truly screwed, as governments everywhere will further crack down on conversion and use, driving off investors, developers, business partners, etc.
I think it's especially obvious how much it's failed as e-cash when you compare it with M-Pesa, an African e-money system.  It started just a year before Bitcoin, but does something like 100x the transaction volume and is wildly popular in a number of countries.
 E.g., https://www.nytimes.com/2018/04/16/nyregion/new-york-today-l...
 E.g., https://avc.com/2017/08/store-of-value-vs-payment-system/
And no, it's not a Ponzi scheme either, it's a new kind of scam: https://prestonbyrne.com/2017/12/08/bitcoin_ponzi/
> The SDR serves as the unit of account of the IMF and some other international organizations.
> The SDR is neither a currency
And gold is not a currency either. It's a scarce good, nothing less nothing more.
That's not the same as "not being backed by". Uncle Sam seems to be doing a pretty good job of asserting his control over it, while the Fed isn't guaranteeing it. Worst of both worlds, isn't it?
Credit predates capitalism by thousands of years and noone has shown any sort of working economy running without credit.
> So the Bitcoin faithful have tried to not only convert people, but also convince them to martyr themselves, financially-speaking, for the crypto cause. It goes something like this. - Hey, do you want to hear about the future? It's a digital currency called Bitcoin that lets you spend or move your money online without paying any fees. - Sounds great. How does it do that? - Well, Bitcoin saves you money by making transactions irreversible. - So ... if I get scammed, I got scammed? There's nothing I can do about it? - Yes. - Okay, but is it at least easy to use? - The thing is, I don't actually use it. I just hoard it. I'm waiting for some greater fools to push up the price by using theirs. - Oh. - Yeah. So you should buy some Bitcoins and use yours. - I'll get back to you on that.
If you subscribe to the hodl mantra and advocate for Bitcoin, this is exactly what you do...
I agree with you that the mPesa transactions are much more likely to be transactions for goods and services, but I don't think Bitcoin can be counted as an abject failure just yet.
I agree that Bitcoin won't be counted as a failure yet, but I think that's part of the problem. As a hypothesis, Bitcoin apparently isn't falsifiable. Consider the Fred Wilson article linked above, where a Bitcoin advocate admitted that it wasn't a good payment system. But he immediately declares it a store of value. Now that we've had it crash by 80%, it's pretty clear that it's bad for that too. If there isn't a new consensus answer to the question, "what is Bitcoin good for," then its advocates just shift to the possible shining future based on hope and potential. And note how its distributed, peer-to-peer promise has quietly drained away.
Bitcoin can apparently never fail. And I think that's part of what guarantees its failure. Nobody expects an early product to be perfect. But good products evolve and expand to better serve users. As it became clear Bitcoin was not very good for its stated purpose, it could have changed and grown. But speculation was too profitable, so it got stuck in a very deep rut. If some blockchain currency becomes actually useful, I suspect it would be one of the hundreds of competitors. But given that none of them seem to be delivering real-world economic value either, I'm not optimistic.
Citing an article about a guy trying to use it exclusively is a bit odd as a source for "almost no use".
The big payment processors process up to over a billion dollars of completely normal white market payments per year. That's likely mostly enthusiasts, but still a decent chunk to make a profitable business or two from, and very far from "almost no use".
"Cash" has a very specific meaning from those interested in private currencies, which has nothing to do with how well adopted it is. It means something that is a transfer of value (and not an IOU), that is fungible, with private transactions between parties. Bitcoin is questionable on the latter but pretty good on the former. The white paper must be understood in this context.
The fact that Bitcoin has value at all is an astounding success, compared to what most other casuals observers (myself included) thought about it.
I would love to see your data for that.
But "big payment processors" are definitely the opposite of "peer-to-peer electronic cash". We already had big payment processors. Those are much more efficient.
> fact that Bitcoin has value at all is an astounding success
It strikes me as a pretty uninteresting kind of success. Tulip bulbs and Beanie Babies both had very high valuation for a while. But in the long term, prices generally fall back to what's sustained by use.
For me, the jury is still out, cf tulip bubble.
> of us having a reasonable secure and (seemingly) anonymous currency
I'd object to that on the basis that most crypto-currencies have a public ledger, and I believe deanonymization is already somewhat effective and also only just in its infancy. I would not want to have committed anything to the blockchain that I wasn't happy for the world to know. I believe this is solvable in future innovations, but appears to be far from widely deployed. The linked post appears to be a possible solution.
Also I think the whole tainted coins concept, where a government marks transactions emanating from a wallet, and all linked transactions after that, is going to be a much much bigger deal than people think. It seems very unlikely to me that companies like Coinbase won't have to maintain a blacklist at some point in the future if they want to stay on the good side of regulators, which will lead to all sorts of turbulent effects.
Like I guess they found a niche market. Maybe it will be a success in a post-national world where banks and sovereign debts aren't able to serve our needs, but until then it all feels like LARPing to me.
Bitcoin is not anonymous, this is a big misconception. It is pseudonymous at best. US dollars are anonymous.
There's nothing stopping Bitcoin scaling to 100MB blocks with today's hardware, the problem is long term blockchain growth, and validation times, that sort of thing.
Grins innovation is the entire blockchain is can be shrunk using algebraic reduction, unlike other cryptocurrencies that scale linearly with total transaction amount, Grin only saves unspent transactions and a small proof of the total history of the coin since it's mining date.
This means that a 100GB ledger could be reduced down to 100s of MB of its size, and be a just as provably secure as the original unreduced ledger.
— Exploring Grin’s Monetary Model: Grin’s monetary model gives it medium of exchange and store of value features; community, demand and usage have to do the rest
Check out the charts at the bottom BTC USD gold & Grin vairous comparisons
Note: I don't know anything about blockchain.
They have a mining tool that runs on OSX and Linux 64 on their GitHub.
The premise is that they want it to be an actual currency as opposed to a glorified stock option.
With that name, nope, never.
So how do I pay somebody?
Alternatively it looks like you can expose your wallet over HTTP and others can send tokens to your API endpoint.
1. Alice has a secret called a credit card number.
2. To pay Bob she shares this secret with Bob.
3. Bob then contacts the credit card company and asks to transfer funds from Alice's account to Bob's account. This is authorized using the secret that Alice gave to Bob.
If Bob or some party acting on his behalf Alice can not receive this secret from Alice Bob can't get paid by Alice. As you point out if Alice gives the credit card secret to Bob, Bob can withdraw funds from Alice's account while she is offline. This is exactly the same in Mimblewibble. If you give a third party your Mimblewibble secret that third party would be granted the ability withdraw your funds while you are offline.
'normal', customer-present transactions are more involved. They involve Bob sending a set of transaction data to Alice's card, which the card then signs with an embedded private key, so that Bob can't just keep asking for more.
Unless you still use magnetic stripes. I'm looking at you USA...
(Disclosure: I work on the project.)
What this means is that both parties must participate in a transaction. With Bitcoin, and hence with most blockchains, you can send to an address; that address can be a cold wallet, or could not exist at all, in which case your cybercoins are gone.
With MimbleWimble both parties must participate (interact) to form a transaction, but this can happen asynchronously.
In other words, both parties must be online, but not necessarily at the same time.
> you can send to an address; that address can be a cold wallet, or could not exist at all
I don't think this is accurate since the other party must participate.
The difference between 'both parties must be online at the same time' (true of, say, a phone call) and 'both parties must participate, even if it's during different weeks' is a substantive difference, I only wished to indicate that MW requires the latter, not the former.
No. interactive != online. You can exchange information over any comms method, i.e. email, carrier pigeon, message in a bottle, or... Grinbox: A a federated transaction relay specifically designed to facilitate grin transaction building. It supports asynchronous message delivery. (Disclosure: I'm part of the team building it.)
Best way to try it out in action is via https://github.com/vault713/wallet713
An update on what else we're up to
Monero uses ring signatures, ring confidential transactions, and stealth addresses to obfuscate the origins, amounts, and destinations of all transactions.
The "anonymity set" of a monero transaction is just the number of fake values created in it. This is a fairly small number. If you're willing to put the effort in, you can trace all of them.
For MW, the the anonymity set is either "all users of system" (if you don't believe in a global network observer) or "all users of system who exchanged parameters in a given set".
We won't know till it's actually used, but there could be orders of magnitude greater on chain scalability for this BTC while retaining proof of work...
This is a major accomplishment and both Grin and Beam are major steps forward for crypto.
All I see is 'everyone' and well that's rather vague.
What's the actual value statement other than anonymity? Because being more efficient at the same thing seems of marginal value if the same thing does not have significant demand otherwise...
Also, even if you don't care for your personal privacy, anonymity is important for fungibility of the currency. Cash is mostly fungible, whereas something like Bitcoin might not be in the future.
I used to think the answer to this question was obviously "no", but then Venmo happened, and I learned that some people like the 'social network' feature of it.
Which I find appalling, but tastes differ, I guess.
For example, you don't want your colleagues learning how much you earn, nor does your employer. In a centralized banking system there is a level of privacy because the employer trusts the bank won't divulge the information because they have legal requirements and a reputation. When you take away the central party, now everyone can learn what everyone else gets paid. Without an equivalent level of privacy, very few people will ever consider using Bitcoin for payroll.
People also do not want their lives monitored so they can be sold advertisements or be forced to behave in certain ways by their peers. It's none of an employer's business what their employees spend their money on after they have been paid for work. Increasingly, we are seeing some employers make judgements about the people they pay because they do not share the "correct" political thinking of the employer. The whole thing is becoming absurd.
Transparency of the ledger is what is important. You need to know that somebody didn't make money out of thin air, or double-spend. If you can do this while keeping the actual transaction data private, most people would rather have private transactions if given the choice.
Fiat doesn't have a great deal of anonymity from law enforcement. For most people, nearly everything but small transactions can be known. Even cash can be traced from ATM->Person->Shop->Bank. The notes have unique ID codes, and the biggest denomination of note (say, a $100 bill) usually goes straight from bank to bank with only the 2 people between the transaction, because these are not issued directly as change. You can be sure the bank makes a record of every note and who withdrew/deposited it. Moving large amounts of money through the fiat system is extremely difficult, unless you're a bank. The banks have a monopoly on the ability to launder large amounts of money, and they certainly make use of it!
Public servants have their salaries public in many parts of the world. There is something to be said for transparency.
Some places even have all tax information public so this information is accessible on literally everyone.
And 6000 data brokers.
That's cryptocurrency. The database is the blockchain. Anonymity is essential to make sure anyone, including your boss or ex boyfriend cannot stalk you with your payments. Once we ensure that ( I.e. we get the privacy of the existing banking system), then we can talk about what the gov should and shouldn't see.
One dollar should have the same value as any other dollar.
If I had to verify every dollar I accepted wasn't used in illegal activities, then it would undermine the fundamental principle of equal value units, the coins linked to the WannaCry hack are now less valuable because they're blocked by several exchanges, if you're unlucky enough to accept those coins then you're stuck with coin that is accepted in a lot less places.
There's a reason why the "gold standard" was in a soft metal that could be easily reshaped and melted to fit standardised units and didn't corrode or "break" lowering its value, and not diamonds or gems, where each crystal has unique collection of properties, and thus market values, imagine having to have an assessor to be on standby check the value of every one of your customers gems or bitcoins.
It's also fundamental that you should be able to go to a local coffee shop every day without the threat of being mugged by someone who saw your bitcoin wallet amounts, and your tx sending money to the coffeeshop enter the tx pool just as you buy a coffee.
It's like saying tires don't conform to speed limits.
Also, anonymous transactions.
Downside: you cannot "send coins to an address" as in bitcoin, you must have interaction with the other party to create a transaction.
In other words, less of a downside than it may seem, but it is a real shortcoming since it precludes sending to the equivalent of a cold wallet.
They can be MITMed by an attacker spoofing the identity, but this is no different from a MITM inserting a different BTC address into a communication stream.
Do payments take place over a tcp connection? How do you find your payment peer?
Anonymity is maintained with a cool trick called a blinding factor, where a secret value is drummed up for each transaction and used to obfuscate the data that is publicly displayed on the blockchain. Combining that with range proofs allows all involved parties to verify that the transaction was completed for the specified amount, and that no money was created out of thin air.
Scalability is boosted with transaction cut-through - a neat trick that lets unnecessary “intermediate” transactions get eliminated when a miner assembles a block. This means that nodes on the network can store the entire chain state really efficiently because all you need to know are the total coins in circulation, the UTXO set, and the kernels for each transaction.
I can’t do the whole thing justice in this tl;dr, so read the technical explanation here for more info if it piques your interest:
Great so fraud is a built in feature.