There needs to be a way to verify total supply of Monero without compromising on privacy.
Discussion
you can verify that each tx hasn't inflated the supply whenever you like
They why do people say there's no way of verifying the total money supply in Monero due to it's non-transparent privacy features?
because they don't understand you can prove that something is true,
without knowing the specific values that make up the proof
So in other words, the primary reason people believe Monero's total money supply cannot be verified is because they don't trust the integrity of the math underlying zero knowledge proofs?
mmmm
more like they're just generally suspicious of additional complexity i think
the math itself is well established
Maybe this is the part that scares people: a quote taken from page you shared above.
"Zero-knowledge proofs are not proofs in the mathematical sense of the term because there is some small probability, the soundness error, that a cheating prover will be able to convince the verifier of a false statement."
In other words, it is impossible to be 100% certain that nobody is cheating.
Actually, I suspect you're right about it being about the added complexity. They may not personally fully grasp the technical intricacies of how zero knowledge proofs work, and therefore do not have sufficient first hand confidence in its soundness.
its very similar to how normies don't understand public key encryption
and cant comprehend how Bitcoin could be a sound, mathematically-enforced system.
Its not a sound system, only in theory.. Its not perfectly traceable and maybe that's worse. Imagine selling kyc btc and then getting pole drived because of what the guy you sold btc did. People that are into bitcoin and monero are not understanding the problem bitcoin is.
I do understand. Bitcoin, but really any transparent crypto at this point is a severe problem that will fuck you over from every possible position: past, present and future.
Am I the only one that never bought non-kyc Bitcoin, hasnt touched the internet without multiple layers of privacy tools, since before Bitcoin even existed, and uses non-proprietary operating systems with FLOSS only?
So weird, that people say Bitcoin is not anonymous.
Its not about Bitcoin being anonymous. Its about you being anonymous.
For all the apple users out there that KYC themselves with everything they touch, there is Monero....
really horrible advice.
even if your stack is completely KYC free and you're as anon as you say, you still need a fungible MoE.
all anyone ever has to do to link all your payments to you is contact your trade counterparty and ask them.
and conversely if you buy KYC monero and send it somewhere that end up leaking to an Adversary ,its not protecting you very well.
noKYC always
use monero by default and ALWAYS for any sensitive payment.
It wasn't advice lol.
What trade counter party?
🙏😂.Ohboy...
oh so you don't actually USE it.
that's most private of all 👍
Of course I use it.
You make too many assumptions to have a worthwhile conversation.
Typical monero shitcoiner.
Just remember to enjoy life a bit too.
Touch some grass.
Follow your own advice instead of forcing it on others.
I feel sorry for you monero guys.
Still poor. Still wrong. Still upset everyday.
oh and you seemed like such a fun person to make friends with
You use all these privacy and FLOSS tools but you've never bought non-KYC Bitcoin? Or did you mean you never bought KYC Bitcoin?
which isn't what I was talking about.
Bitcoin
as a public key cryptography system
is perfectly sound.
you can always send your Bitcoin if you control the priv key.
traceability isnt germain to this particular thread.
i don't think so.
maybe informally zkp have this soundness error
but its my understanding that the Petersen commitments that Monero uses are perfectly binding.
another wiki page
further Pedersen commitment learning 😂
these guys have a good cryptography blog
PCs are perfectly hiding, but computationally binding, meaning a quantum adversay cannot break the hiding property(privacy), but can break the binding property(forge fake coins). AFAIK you can only have one or the other. El Gamal is the opposite.
Aside from a quantum adversary existing, it's still infeasible to break the binding property with PCs the same way it would be infeasible to figure out a Bitcoin private key from a public key
Here is another good write up by the grin community on PCs and commitment schemes:
https://docs.grin.mw/wiki/miscellaneous/switch-commitments/#properties-of-commitment-schemes
Because (most) people don't understand Monero and don't do their research.
Monero's coinbase TX are NOT hidden. That's why you can check the current circulating supply via a command in your node.
https://sethforprivacy.com/posts/dispelling-monero-fud/#you-cant-audit-the-monero-supply
This is probably the biggest misunderstanding about Monero.