Dude let's not pretend you or any bitcoiner combed thru a billion+ bitcoin transactions and made sure all input/outputs were good. You don't do that to all new transactions every ten minutes either.

You just run a node and pay zero attention like any Monero user

"But bro three people on the planet actually do that" So now you're trusting others to do it for you and be honest if they find it and not exploit it? What was the point of running a node then?

Yall make no sense 

 yup 

 In the beginning I’ve done that with my own transactions and looked through random ones in the mempool. After seeing it reliable, I stopped. However. I can’t do that with monero and the fact that the monero website itself claims that supply soundness is compromised in order to provide better privacy says a lot. 

 "I trust bitcoin because it's transparent and don't understand math"

i think we can safely disregard your opinion. 

 🥱 the opinion that matters most https://image.nostr.build/80e5082c7ae61d99e99db85a29b351df75faac6dbce83a475e431f5297499178.jpg  

 You can always tell when a maxi has lost all actual fact-based argument.

Because they pull out a fiat chart of relative speculative value as if it was meaningful. 

 If you’re going to commit logical fallacies (e.g. move the goalposts and straw man) then I’m just going to share the objective math that matters most. 

 I have not moved any goalposts.
Just continued to call out your obvious inconsistencies.

You are the one changing the subject, not I. 

 You’re a clown. The original post was about Snowden asking for more privacy on the base layer. I said that this won’t happen because a transparent blockchain allows for supply soundness. You argued something about zero proofs and other cryptographic shit. It’s irrelevant. You either disprove my claim or drop it. And since monero can’t even guarantee supply soundness with this same technology that you’d like to have on Bitcoin, then your arguments are pointless.

All that’s left for you to do is hard fork of Bitcoin with these zero proof concepts or stfu. 

 You're too much of a moron to understand what either I or Snowden are talking about.

Or how moneros cryptographic security is *at-least* as reliable as cryptographic assumptions you are ALREADY trusting.

have fun staying ignorant. 

 Why don’t you fork bitcoin then? Talk is cheap 

 MAHDOOD the type of guy that praises Bitcoins decentralized ledger, then constantly posts centralized ledger price charts

MAHDOOD the type of guy that says he loves Bitcoins simple transparent auditability, but never takes advantage of it

MAHDOOD the type of guy that says things like "the market is always right" and "network effects" when referring to Bitcoin, but then tells you why it's wrong and can't explain Monero Darknet adoption

MAHDOOD the type of guy that talks about anonymity sets and hiding in large crowds, but then uses a transparent and pseudonymous blockchain

MAHDOOD the type of guy that talks about Bitcoin being permissionless digital cash, but then brings up permissioned white market transactions and CEX volume 

 In other words you havent made sure all Bitcoin transactions work out and that it's supply is sound

An advantage you don't take advantage of is hardly an advantage 

 Do you have evidence that the Bitcoin supply isn’t 21 million? 

 The onus is on you to prove it does because you are claiming it does (you want us to prove a negative)

This is logic 101 

 No actually the onus is on them to prove that their zero proof shit actually guarantees supply soundness. Since they’re proposing that Bitcoin should change the base layer. 

 Actual personal responsibility and self sovereignty requires effort. 

 Ill see if I can find a braindead explanation of rangeproofs or Pedersen commitments.
In the meantime here's the wikipedia on commitment schemes.

https://en.m.wikipedia.org/wiki/Commitment_scheme 

 Effort is one thing. But 
 an engineering background is something totally different. Especially when others with engineering backgrounds are also not convinced 

 If only maxis were so demanding when it comes to auditing the gettxsetoutinfo function.... 😥

It is good to be intellectually consistent. 

 Yes it’s good to be intellectually consistent. Supply soundness was the tradeoff bitcoin went with and is the reason bitcoin is winning. The monero team clearly knows they have supply soundness risks. https://image.nostr.build/330d0930ddc837e108141f42adfe562f289912b1c186acc88fceec1470846117.jpg  

 Nobody is arguing that napkin math isnt a sounder guarantee.

But it is intellectually inconsistent to bitch about ZK proofs when you are ALREADY trusting cryptographic primitives that are more complex. 

 That would be intellectually inconsistent except I never complained about zk proofs. I don’t even know what that is lmao all I’ve said so far is that I’ve seen my tx inputs and outputs balance out. I have firsthand experience of supply soundness in Bitcoin with my transactions. Anyone could also just do a simple sum of all the addresses in bitcoin at any time. I can’t do that with monero. There is no need to check every single transaction when you can just sum the total supply at any given moment.

So @whoeverlovesDigit is not technically wrong when he says that monero zero proofs or whatever requires you to trust that it works. And you can argue that other cryptographic properties in bitcoin require trust too. And that’s correct but that trust is not built on my understanding of complex software. It’s built on time and actual firsthand experience. I understand how they work and trust it because it has earned my trust. No amount of firsthand experience can change the supply soundness flaw in monero. And average sheeple are not going to magically start giving a shit about their privacy anytime soon. So I’ll take the supply soundness and practice privacy using tools like pay join and ecash. 

 you're proving my point

nostr:nevent1qqsp00g66jame0tgt4tl30f0l8apsmsd6vceh2k34kplp3ajqepfjwcpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qgs0npwnpyvheqz7zuvuwvv9k460c0hyqlturds40hhfn34vufvehwcrqsqqqqqp2gasdm 

 Moving the goalposts.

Neither you nor monero devs can guarantee supply soundness. That makes monero a shitcoin HFSP 🫡 

 By the EXACT same logic
you cant trust ECDSA to ensure that only your private keys can spend your utxos.

But you do.

Your whole argument is just
"I trust Team Bitcoin when they say ECDSA is secure.
But I don't trust Team Monero when they say range proofs are secure.
I don't DYOR.
I don't verify.
I just follow the prevalent groupthink of the team I like."

Frankly, you're a sorryass Bitcoiner. 

 WRONG. 

I trust that private keys work because I’ve literally used them to spend. But you keep moving the goalposts lmao prove that the monero supply is sound first. 

Frankly you can HFSP 🫡 

 <sigh>
lol ok

You have no evidence your private key is the only key that can spend a utxo.

This property of bitcoin depends on the ECDSA encryption it uses being mathematically sound and the implementation being correctly coded

YOU *TRUST* THE BITCOIN COMMUNITY WHEN THEY TELL YOU THIS IS SO.

YOU ARE ALREADY RELYING ON CRYPTOGRAPHIC PRIMITIVES YOU DON'T UNDERSTAND.
YOU JUST REFUSE TO ACKNOWLEDGE IT. 

 Do you have any evidence that a different private key can spend my utxos? All you’re doing is talking in abstract theoretical “what ifs.” But it’s just unproductive mental masturbation.

Provide evidence that monero’s supply is sound. If you can’t, then that is the main reason why bitcoin is winning against monero. Adding zero proofs or whatever you call it to bitcoin would jeopardize supply soundness. 

 if you dont have the ability to actually reflect on your fundamental assumptions you are a waste of time.

point is
you demand proof from me,
but trust other "maxis."
WITHOUT understanding or DYOR on *either* of the cryptographic primitives involved.

it is intellectually inconsistent and you arent a cypherpunk or a true bitcoiner.
just a team player unwilling to make the effort of critical thinking.

have a nice day. 

 How do you know the Monero network rejects malicious nodes like you know with the Bitcoin network? 

For me as a Monero user, the answer is "blind hope." 

 I'm not sure what you mean by "there is no proof". Proving you own the private key that can spend a UTXO without revealing that private key (asymetric cryptography) is also complex math, but pretty much everyone is trusting this math and has likely never tried to do it by hand. That's also a mathematical proof, although the assumption being made that it cannot be faked are vastly different.

Maybe I should have mentioned, "bulletproof" is a proving scheme that comes from academic cryptographers, just like SHA256, ECDSA and Schnorr signatures used by Bitcoin, it's not a Monero-specific protocol, although it's likely its biggest user. It follows the same scrutiny from bright and smart people.

At best we could argue zero knowledge proofs are younger than the other cryptographic primitives I mentioned, and we might want to wait to see if new schemes can offer different speed or proof size. But I believe the fear against them is largely unfounded now.

Anyway, as I said, I'm not a zero-knowledge maximalist, they are a means to an end, and the end is large anonymity sets, make multiple users indistinguishable from one another. Maybe we could manage to reach that end differently. But in our search for solutions, it would be a shame to not take into consideration the track record that some of them already have. 

 You pretty much get it. It's the fact that zero knowledge proofs are younger.

I also do think a lot about how a privacy token could work while having verifiable supply. The best option I've thought of so far would work like this:

There are no UTXOs, every unit of the currency has a keypair.

Every time there's a new block, every keypair changes based on seeds.

To send a transaction, you say to a network node "here's an encrypted message with moneys in it for a certain pubkey"

To confirm a transaction, the recipient says to the network "here are some moneys and their old keys and some new keys for them to change to" 

To retain anonymity, the sender and recipient can also listen for other network nodes sending the same kind of messages, and they can all mix in fake spam messages without blocking each other for it, within reason. You can also just pay a transaction fee to manually cycle your seeds now and then, or to cycle additional seeds other than the ones you're sending or receiving every time you send or receive any.

I'm kinda retarded and sometimes miss obvious flaws in my ideas but I'm pretty sure this would work or is close to something that would 

 I should clarify: this should result in the network easily knowing what units of currency there are, with chainalysis being much more difficult to perform / easier to evade compared to Bitcoin - anonymity still wouldn't be a blanket guarantee, if I'm wrapping my head around my own idea correctly  

 This is also my first time writing it all down so I might be missing parts of my thoughts. Like I just realized I'm pretty sure the point of having keypairs cycle based on seeds was to let partial chunks of the network operate in isolation e.g. your home server saying "leave verifying these keys up to me and those I transact with" and then staying connected to the network constantly cycling all its seeds without transaction fees and without the network knowing which ones are for new transactions and which ones aren't. 

 Also to be clear this wouldn't be a free lunch, the constant connection to the network would be used for the network's functionality instead of paying fees. 

 It is not plausible to suggest zero knowledge proofs are unreliable because "they are younger"
They've been around since the 80s and are well understood.

People have been talking about adding them to bitcoin since forever. I'm not aware of *anyone* who is opposed because they're skeptical of their mathematical properties.

Here Hal discussing them back in the day.
https://cointelegraph.com/news/bitcoin-pioneer-hal-finney-talks-zero-knowledge-proofs-newly-surfaced-video 

 Zero knowledge proofs in the context of cryptocurrency have been much less tested than the cryptographic signatures and other complex components of Bitcoin. I don't know why I keep having to explain this in different words here. Both Bitcoin and Monero have complex components that most users can't be expected to understand directly, but with Bitcoin those components were broken and fixed in world war 2 and with Monero those components are being tested for the first time. 

 By the way, I think most users can and should read about the basic premises of public-key cryptography and zero-knowledge proofs. But most users might not ever have any idea how to sign a Bitcoin transaction or verify a Monero wallet amount by hand without having software handle it for them. 

 This is just incorrect.
ECDSA was not standardized until 2005.

Relying on ECDSA without question but being suspicious of Pedersen committments is weird and arbitrary. 

 I have zero logical room for doubt that if the cryptography in Bitcoin can be broken by human efforts, it will be. I'd bet the network could survive by freezing and reverting to a previous block and continuing under an updated version of the protocol with different cryptographic standards.

In the mean time, Bitcoin supply is verifiable. A layman can access overwhelming proof that Bitcoin's available on-chain supply is what it's supposed to be, instead of relying on blind hope that the experts know what they're doing.

I don't know why you're refusing to recognize this.

If Monero's supply is perfectly verifiable to the experts out there, I am still waiting for an understandable explanation of how, and so are many other Monero users. 

 Their own website says that they can’t guarantee supply soundness so https://image.nostr.build/02a38bdb827adaa58098d3b48f9b5d3087cf5725be91be02028c249effc61e4b.jpg  

 Adding this to my wiki page on Monero 🤙 

 You can't revert without screwing over all the users who just gave away products/services for fake Bitcoin that would go poof. That happens to your blockchain even if it's transparent anyway. 

Bitcoin is verifiable with "napkin math" but we both know you are never going to do that for billions of transactions.
You simply run a node like any Monero users would (If you are the tiny fraction that even runs a node) and "blindly trust"

For that "advantage" that almost no one takes advantage of (no pun intended) you lose fungibility, privacy, targeted-censorship resistance, etc. Cool.

Here you go. Should take all of five minutes for you to understand what pedersen commitments are and the math behind them. Can't dumb it down more than this and we're not going to spoonfeed you just because you're too lazy to learn high school level math.

https://docs.grin.mw/wiki/miscellaneous/switch-commitments/ 

 Got better things to do than expect that link to have useful information, sorry. If you have an explanation, you're free to explain it. 

 And if you can't explain it, I won't believe you're lying, I will just continue to operate on the assumption that you could be. If that upsets you, you basically just need to chill. 

 You got better things to do...that's why you're replying to anons on Nostr for the past few days but can't skim a brief introduction on commitments for a couple minutes. Suuuuure lol.

No one is upset. You didn't address anything else I said because you cant.

If you can't click a link that's your own willful ignorance. I really don't care if you do or don't. 

 You just got very confused very quickly. Sorry about your brain issues, good luck. 

 Again, that is incorrect.

You trust ECDSA to secure your utxos and ensure only your private key can reassign them.
There is no plausible reason to trust ECDSA but mistrust Pedersen commitments.

 

 You have no clue what you are talking about. 

Everything Monero uses is based on proven and understood math and crypto from the 80s it's about as old as Bitcoins tech. Which funny enough you probably don't understand so are trusting too. 

 https://image.nostr.build/c83c0f72d509c443c3faf801c53b6be145f22fb4a36166c7a1cca5de09046a79.jpg 

 You don't take advantage of "amounts in the clear" to verify the billion+ txns anyway. No Bitcoiner does. You just run a node and pay no mind like any Monero user would.

I fail to see your advantage if you never do it in practice.

"Can, but doesn't" is essentially the same thing as "Can't"

It's larping 

 Not sure where you're getting this stuff but no, what you're saying is not correct.