Oddbean

It is not plausible to suggest zero knowledge proofs are unreliable because "they are younger" They've been around since the 80s and are well understood. People have been talking about adding them to bitcoin since forever. I'm not aware of *anyone* who is opposed because they're skeptical of their mathematical properties. Here Hal discussing them back in the day. https://cointelegraph.com/news/bitcoin-pioneer-hal-finney-talks-zero-knowledge-proofs-newly-surfaced-video

Zero knowledge proofs in the context of cryptocurrency have been much less tested than the cryptographic signatures and other complex components of Bitcoin. I don't know why I keep having to explain this in different words here. Both Bitcoin and Monero have complex components that most users can't be expected to understand directly, but with Bitcoin those components were broken and fixed in world war 2 and with Monero those components are being tested for the first time.

By the way, I think most users can and should read about the basic premises of public-key cryptography and zero-knowledge proofs. But most users might not ever have any idea how to sign a Bitcoin transaction or verify a Monero wallet amount by hand without having software handle it for them.

I have zero logical room for doubt that if the cryptography in Bitcoin can be broken by human efforts, it will be. I'd bet the network could survive by freezing and reverting to a previous block and continuing under an updated version of the protocol with different cryptographic standards. In the mean time, Bitcoin supply is verifiable. A layman can access overwhelming proof that Bitcoin's available on-chain supply is what it's supposed to be, instead of relying on blind hope that the experts know what they're doing. I don't know why you're refusing to recognize this. If Monero's supply is perfectly verifiable to the experts out there, I am still waiting for an understandable explanation of how, and so are many other Monero users.

You can't revert without screwing over all the users who just gave away products/services for fake Bitcoin that would go poof. That happens to your blockchain even if it's transparent anyway. Bitcoin is verifiable with "napkin math" but we both know you are never going to do that for billions of transactions. You simply run a node like any Monero users would (If you are the tiny fraction that even runs a node) and "blindly trust" For that "advantage" that almost no one takes advantage of (no pun intended) you lose fungibility, privacy, targeted-censorship resistance, etc. Cool. Here you go. Should take all of five minutes for you to understand what pedersen commitments are and the math behind them. Can't dumb it down more than this and we're not going to spoonfeed you just because you're too lazy to learn high school level math. https://docs.grin.mw/wiki/miscellaneous/switch-commitments/

You got better things to do...that's why you're replying to anons on Nostr for the past few days but can't skim a brief introduction on commitments for a couple minutes. Suuuuure lol. No one is upset. You didn't address anything else I said because you cant. If you can't click a link that's your own willful ignorance. I really don't care if you do or don't.