Bitcoin has a chance of surviving a direct confrontation with a large state actor, Monero does not. The best chance you have is Bitcoin takes the brunt of the attack, and Monero adds unfuckable privacy for the edge cases when you need it.
Discussion
It depends on what you mean by “surviving”. Large state actors will try to suppress every viable alternatives to #CBDC. If an attacker succeeds at making a viable alternative not viable anymore then, maybe you can call it “surviving” but it’s certainly not a win anymore. It’s more akin to cooptation or surrender. #Bitcoin has never meant to be a surveillance coin, if we get there, sorry but it won’t be called a win.
Surviving means being able to provide censorship resistant immutable transactions. Without this, privacy is irrelevant.
Okay, do you think that Bitcoin can remain censorship resistant if a third party is involved in approving a transaction? Because that is exactly what we may see happening on #Bitcoin if covenants are enabled and as far as I understand that’s not something that would be possible on a privacy coin. Also you seem to imply that #Monero isn’t censorship resistant and immutable but maybe I’m misunderstanding your point.
Monero's security model is reliant on the community trusting the devs who rotate the hash algorithm and use checkpoints because it doesn't have the security budget to remain censorship resistant or immutable if it comes under attack. This is a non starter against a state actor and defeats the entire purpose of proof of work.
There are many ways Bitcoin is vulnerable, but it's the only attempt being made at separation of state and money.
So what we should be really comparing monero to isn't bitcoin, but fedimint. Fediment can definitely offer greater privacy if you use a mint with a large enough anonymity set. Question is whether we can have fedimints that are more robust vs state attacks than Monero.
Yes, except Monero has stronger guaruntees over the total supply.
Seems like a trilemma...
Bitcoin: Self-custodial, NGU
Monero: Self-custodial, Private
Ecash: NGU, Private
Depends what you mean. If we assume the mint can be trusted...
Pro: Monero network is more resistant to direct physical attack from states considering node count and ubiquity of general purpose CPU mining.
Ecash is either a single mint operator, or a handful of people from a federation you can go after. Might be harder for a federation, but defnitely much easier than rounding up every single miner on Monero. You could try and reduce this vulnerability by having many mints, but that would be negative for anonymity set.
Con: Monero network is currently more vulnerable to a pure hash war VS the state.
This attack isn't possible with Ecash because no mining is involved, obviously...but it involves assuming the mint is and will always be trustworthy (wasn't the whole point of Bitcoin to remove or reduce trust?)
Did u learn on how eth was capture ? How those federation...hum..."open source, free federations" works ?
There are a bunch of those project on eth, like here w ecash. That won work for me.
Bitcoin begin to work like a eth project, L2, state investor...bs after bs.
We all know how that will end (it will end like those bullshat tokenisatiion project that those suit like).
Agree with you. There will probably be many rugpulls.
Rugpulls are not an issue. People will just change method of exchange. And get they saving taken. Money can still be save after that.
What i see is that those spy will have hard time w privacy chain focus now. And no return to those anon chain.
In 2024 people will learn what is to be persecuted by those spy. Devs have already learn. They already shifting to those anon title XD.
There still so munch devs that are not anon. They will learn the hard way, w help of the prosecuters. As for bitcoin it will wind down, price high but only use by those public credited people.
no more anon node or hardware. No more exchange without kyc.
This is a maturation of blockchains tech. Its good to see.
This is the way.
Mints can steal, not comparable at all.
There are various other risks with Monero, such as the continual hard forks, potential for node centralization etc. The comparison is more, can we have a fedimint where the overal trustworthiness of the federation similar to that of the Monero system of incentives. You could also make the same comparison to bitcoin, but overall trust in the base system is much higher than Monero.
And the answer would be: no
Sufficient trust in a mint would be centralization. This applies even to trust in several large mints.
I agree with your second point and Monerans have been avoiding my query on this, but i disagree with your first point about frequent hard forks. It's "how" it's done that is important, not how often. The HF's that take place are years in the making, focused on improving the single value proposition for XMR. They go through rigourous testing by skilled devs. The community can reject it, but rarely do because, and it bares repeating, they only have one goal. Privacy. No ETF's or corporate/state actors to appease, no mining conglomerates or electricity infra, no layer 2 scaling or smart contracts to integrate, no ordinals or Script externalities like BitVm.
This means only a handful of experts need to work on a given fork, itself trying to fix a potential problem, push the fix and move on with their lives, like with RandomX. Whereas with other projects you need to pass on the torch, audit Interoperability, and consult with veterans and stake holders.
Scheduled Hard forks in Monero are way less dramatic than in politics based Bitcoin and even less than in centralized upgrades like Windows going from one version to another.
Monero is so simple, it eliminates entire classes of issues that would make frequent hard forks "scary", whereas Bitcoin preserves old problems to keep legacy devs employed.
I'll let the original participants in this conversation continue it. My comment was based on the assumption that criticisms already brought up were true, so it will rest on the conclusion of taat discussion.
fed imment is just another word for middlemen.
Devs changes mean nothing without users agreeing and going along with those changes voluntarily
Monero only exists because users disagreed with changes previous devs made in the first place
This is the same for any proof of stake system. It's even true of the US dollar.
Bitcoin is solving a completely different problem.
I may or may not agree with PoS, but I don't have anything against people voluntarily entering or leaving those networks. The US Dollar is a bit of a stretch. Not an open permissionless system that anyone can just fork or leave. All other currencies are beholden to the US dollar too via force.
PoW is not flawless and neither is resistance to hardforks. There is no immutable law of the universe that prevents majority of BTCs increasingly diluted users (normies) from moving to more compliant and captured Bitcoin forks in the future, i.e. because it is regulatory friendly, and taking most of BTCs hashpower and value with them.
So does Bitcoin. If Quantum Computing breaks SHA-256, Bitcoins security model relies on devs switching to a post quantum algo.
Maitenance hard/soft-forks are not a feature unique to Monero development. What is unique is its hyperfocus and singular mission towards default privacy. Bitcoin has inconsistent narratives, memes and aspirations (NgU, MoE, Sov, is it for privacy or not, is it compliant or libertarian) all well and good in terms of competition in pure market terms, but the history of large unfocused projects and nations is not favorable. Small, lean and focused teams can win against giants, especially during a crisis the elephant too entrenched to respond to.
But hey, who knows, maybe one more fucking addressing scheme is what Bitcoin needs.
I think until we see an attack taking place from someone attempting to take over the hashpower, it’s impossible to tell if such an attack is practical on the #Monero’s network. I would agree that blockchains with SHA-256 algo and no other protection mechanisms are vulnerable to this type of attack because of the existing amount of hashpower that can be directed by a malicious actor but this scenario doesn’t apply to Monero. RandomX had been around for a while now and the only attempt we’ve seen at gaming the system is from Bitmain that released a “miner” which consists in a bunch CPU assembled in series. So saying that the security depends on devs changing the algo is to this date pure speculation. Also, we would need to factor the response from users in case of an attack against Monero. It’s likely that if Monero were to be attacked we would see a much stronger response from users than we will see in the case of a similar attack on #Bitcoin. Everybody has a CPU at home whereas the supply of miners that can be added to the Bitcoin network isn’t elastic. I’m not saying that Bitcoin is less secure than Monero but I’m skeptical of the claims saying that Monero isn’t secure due to its hashing algorithm.
If Monero ever comes anywhere near Bitcoin's level of power and influence, you'll find out very quickly why Bitcoin's security model is anchored in energy rather than market decisions.
As per the recent events, #Monero is being attacked to the same level than #Bitcoin is. Haven’t you heard of the multiple exchange delistings that had impacted Monero? The executive power has made it clear that #privacy isn’t welcome in #crypto and Monero is a prime target. So far I find Monero to be more resilient to these attacks but we shall see where we end up as we’re likely to see more attempts in attacking those networks.
Lol
Targeted mining censorship is possible on Bitcoin, not possible on Monero
Large consolidated ASIC mining farms are also easier to take down or co-opt by the state VS ubiquity of Monero mining
Over half Bitcoins hashpower now requires KYC
Everyone knows what you're doing with that ASIC miner you bought
Heat, noise, and energy draw of ASICs don't help either
"Police raid a concealed #Bitcoin mining operation, initially mistaking it for an illegal marijuana farm due to the heat signature"
https://twitter.com/BitcoinNewsCom/status/1721359382745874489
You've failed to understand the fundamental security model
In regards to Monero, It's very cheap to buy CPU's that could appear to be different decentralized pools, but are actually co-operating. These colluding pools could each have only 10-20% hash each , but a combined +60%. While that has can't be used to censor, it can be used undermine the confidence in the network at a time when alternatives such as bitcoin are cut off. So far Monerans have intentionaly misunderstood the point i'm making or ignored and censored my comment.
But wouldn’t the fact that mining is more accessible also enables a higher degree of response from users in case of an attack on the network? I feel that Bitcoin security now strongly relies on large actors (mostly state powers with divergent interests) that are involved in mining as more and more of the smaller miners can’t stay in business (and I don’t see the trend reversing). I don’t think an attack on #Bitcoin mining is practical but I don’t think it is on #Monero either. Still it’s concerning that half of the hashpower is now KYCed. It seems that this could be used to influence the outcome of a contentious fork. I don’t think miners are going to be as free to support an upgrade that would go against the interests of the state for which they had KYCed. Also, Bitcoin is all about access to cheap energy which is certainly an area in which state actors are going to outcompeted independent actors so again, the security increasingly relies on actors having divergent interests on the future of Bitcoin. CPU is a highly available commodity to consumers so as long as RandomX isn’t cracked, there is a case to be made that Monero mining is actually more secured in the long run.
What stops the U.S government from having equal CPU hash power, right now?
How would you know they don't control 60% net, right now....
Monerans never answer these questions.
I’m not disputing this but the same goes for all PoW chains including #Bitcoin. What seems to be more important is the capacity for the network to respond to an attack. In this regards, I think the elasticity of the resources requires to counter an attack on the #Monero network is a plus.
KYCed miners are to some extent in the hands of the government.
So the btc is in the hand of gov.
Plus a lot of the mining power for Bitcoin comes from corporations with multi-year contracts so for those, shifting pools isn’t economically viable.
Oh. I'm not defending ASIC's as a more resilient structure, just that CPU's are not either.
Yes the community could respond, but you have once again ignored my question and other Monerans do this too. I'm not being mean here, just pointing out a common short circuit in logic:
How would you even know ?
For all we know the hash at this moment relies on several pools that appear to be decentralized, but are actually the same actor.
I want you to try this:
-Estimate how many Xmr users there are, -Double that to = x
-Now give each of them four cpu's, yhe cost of which is = y
-Make the cost of running 4 cpu's per year = z
- (x y z) = R
Now i want you to compare R with it's nearest comparable governmental agency or department or commitee. If it's too small for federal agencies, bring it to the state level.
- Let's = that to D.
When you have that i want you to read the following sentence outloud and tell me if you believe it, example:
The united states government is incapable of running a server farm with a cost of R which is comparable to the yearly budget of D, the Idaho potato Tourism department.
I agree that cost of attack for a state actor would be marginal but I don’t think those attacks could achieve much in the long run because there would be a reaction from the network either through upgrades and/or brining more hash power online. This would ultimately strengthen the network in the long run even if it can undermine the trust in it at first. Also, specifically on #Monero it would be challenging to selectively censor transactions. Double-spending would undermine trust in the network but wouldn’t achieve much. I guess empty blocks could be mined but for how long?
My point is that, I don’t think this type of attack is practical for a state actor to conduct. That’s also not how they proceed to attack blockchains. If a state actor were to be caught conducting this attack (through whistleblowers or other leaks), it would strongly undermine their credibility which is a key factor for states to maintain.
As we see, state actors prefer attacking those systems through regulations, weaponization of their agencies and propaganda.
Again, I’m not saying that such attacks are out of reach of state actors but until proven otherwise, it doesn’t appear that those are the most effective to conduct.
I’m curious what other are your thoughts on other Sybil resistance mechanisms such as PoS. Would you say that those tend to be more resistant to state actors? Which mechanism would you favor? There are more and more blockchains adopting hybrid PoW/PoS models.
This is a good reply, finally, i've been asking around for days.
The main counter you have made here is something like: "Undermining Monero is possible, but would not achieve much, or would only do so for a short time before a solution would be deployed."
If it is possible and it does undermine Monero, then the goal (much) was achieved. We are talking about something they perceive to be, by the point they do this, an existential risk, perhaps on the level of a Hitler or Communist Russia. Think about that, and the war of attrition they would fight.
Knocking the price down 100$ in confidence in monetary terms would be the war equivalent of an air raid bombing on an enemies industrial sector.
Two huge assumptions are embedded in your scenario where we know an attack is taking place, that is, we have somehow confirmed that a state controls majority hash, and is fucking with tx's;
1. That a solution will and
1.2 can be implemented, and
2. that the price and project will recover.
The second strikes me as the "manifest destiny" level of confidence Bitcoin toxics have and the first is just as hopefull. While i agree that in general attacks can make a project stronger, this one anonymous hash providers, might not.
Advocating for or defending Monero at that point would be given no quarter or discussion. They would frame privacy coins as dangerous to a much higher level than even now.
Think of prohibition where they poisoned and allowed the sale of Alchohol, that in turn killed tons of people. There is no law so petty the state will not kill you over it. The state has and can do almost anything, credibility is established at the barrel end of a gun. No one would care if they run over your pet coin. They'll just say you are all drug dealers or something.
Another part of your repky relies on something others have said to me, a reliance on their past actions and behavior towards crypto. Seizing funds, legal games, regulations, ect. This still does not answer the question : How do we know hash is not captured/coordinated by the major pools right now ?
As far as attacks go, it's true, targeted censorship is not possible, but random censorship is. In addition to the other methods you mention, are all now tools they could use to undermine confidence in the network, if they did have hash dominance, and for cheap !
Not only that, this could be used in such a way and in a manner combined with an astroturf campaign to divert attention away from what is actually happening. For example, posting comments and starting rumors about it being a type of encryption or CT ring break or bug none of the devs can find, but it's actually just them controlling the hash the entire time.
As far as solutions, i like Nano's (xno) removal of fees and mining entirely and their special version of POS which is not a POS at all because nothing is staked, and is more akin to congressional voting, wherein how much weight a representative has is known to all and can be rebalanced if it gets too concentrated. But the reps, could still all be the same entity.
I need to study it more and of course it's core design is only pseudonymous like Bitcoi with no community ambition for privacy, which sucks but a fork of nano is working on Camo, a privacy tool like coinjoin.
Another is of course Worldcoin, with intrusive KYC and centralized development, so not really a solution.
Ultimately i don't think there is an obvious solution. What i'm describing is not a Sybil attack, i'm not saying they use bots or overwhelm the network with fake users.
There not being a readily obvious solution, does not remove the potential problem though.
POW or POS both just push the "Who watches the Watcher" problem up a level.
I don’t disagree with your analysis, I just don’t think it’s a given that this type of attack will be successful at killing the network in the hypothesis that there would be conducted one day. I guess the best way to protect one’s #crypto capital is to diversify it across various chains as it’s unlikely that an actor would attack all chains at the same time. I’ll have to look more into #Nano although I’ve heard that the design was flawed and potentially not secured.
For proof-of-personhood #blockchain like #Worldcoin (but more decentralized) check out #Idena and #Humanode.
Also hybrid POS/POW blockchains like #eCash may be harder to attack as you would need both majority hashpower and stake.
Controlling entity would just censor the final settlement layer for lightning on which ecash mints is based.
Or the largest, most reliable, best fee rate mints are state subsidied.
Or both, simulatenously.
The state often runs operations to recover costs of the operation itself, and then rug pulls when it hurts the most or serves them.
Nano instant and feeless transactions are pretty cool and DAGs seem very scalable. One thing that sucks is that only 33% of the network is required to halt/censor everyone elses transactions iirc
It also requires user to actively vote for their representative to secure the network, so brings in all the problems of voting in general (weak incentives/voter apathy)
The main problem is that it's not supported by many gateways.
I doubt that feeless DAG design are really secured. For instance, #IOTA had failed to make any significant progress on to their vision years after the launch. If there was a similar model out there that works they probably would have replicated it by then.
Definitely less secure overall I think
That why they hate monero. They cant control that, even if they invest infinite money, they can get kick out with a breeze XD.
How can they get kicked out ? You as a user or even a mining operator do notnknow who to sensor. They can't use their Asics, but they can use a huge farm of regular cpu's.
They get kick out by their need to control everything. They need to work now not just sit between people.
Those method cost a lot for nothing. That why they attack bitcoin in the first place. Its cheap and easy to manipulate.
You're right. But to be fair you wouldn't *necessarily* know government controls over 50% of Bitcoins hashrate either. Just say a pool or two become large enough and is in a hostile country like China where government can have complete control over that company but we wouldn't overtly know. Or a growth of miners coming from unknown or scattered origins but really belonging to the same entity.
But I get your point that it is easier to spin up and attack Monero (also potentially easier to pushback against VS ASICs). I guess we would suspect something if everyones transactions were constantly failing mining empty blocks for long enough.
It's easier to fight back against those miners in Bitcoin though. The anonymous nature on xmr means something like stratum v2 is not possible.
With Bitcoin the bad history is noticed way quicker and whatever addresses benefited from it can be traced with meticulous scrutiny all the way back. Even if they are behind tor or a vpn, their spend and miner reward is public and the bad history could be forked from by users.
With Monero, a low amount double spend attack could go on for months, with everyone accepting the history and without an easy or possible way to go back and check/fork from. Is the rate source and timings of reorgs being tracked by the average operator ? or anyone ?
If this type of attack was common I would imagine that sooner or later we would hear complaints from the merchants who got scammed. Also, I’m not sure what this attack would really achieve for a state actor. Distrust in the network? I think it would be easier for them to bribe merchants claiming to be scammed to support a disinformation campaign. I think your point that we wouldn’t discover the attack as fast as on Bitcoin is valid but I don’t think it would remain undetected forever.
This is my thinking too. If you are a nation state, and want users to distrust the network, why not just spin up a bunch of miners to attack it and/or regulate white markets?
More direct and easier to attack than 1) trying to figure out if a double spend bug even exists in the first place and 2) secretly double spending low amounts slowly over time that would have virtually no affect on price which means no users would even know. If it isn't enough to change anything does it really matter?
So a "whistle blower" or "hacker" *wink wink* coming out in a few years with the totally organic revelation that a state has had majority hash for the last several years and 1/1000 spends was false over the last several years would not reduce confidence and the market share of Monero ?
Keep in mind the attack is funded by the attack itself, with a net zero cost. The way the state sets up fake drug markets and exchanges, speak easies.
What i'm saying is: yes, and those other things too. They are not limited to only one strategy at a time.
Good point
Guys take this list and ask yourself how much it costs in effort and time to run these attack on the individual. What percentage of this effort does running a server farm to fuck with monero for fun represent to the state ? 1% 2% ? More or even less than 1%
Bribing the merchants would leave a "paper trail" or "finger print" of sorts as just a few merchants who receive such an offer but reject it or merchants who accepted but defect later, would be loose ends. Way too much investment in people and messy people management.
Several strategic blows to undermine it would be hands of with little pointing back to the attacker.
**would be hands off
Where would you hear the complaints ? Reddit censors negative comments, twitter is bots and noise... One out of every thousand small amount double spend is millions of dollars in the aggregate on a long enough timeline, but not individually painful enough to alert anyone.
You cannot prove to me that this is not happening, not even in a round about way through inference the way moneroinflation .com can show inflation is not taking place.
That is all the evidence i need to make my case that this is an issue.
With Bitcoin, ( or more accurately public ledger blockchains, i'm not shilling Bitcoin vs Monero) anyone can know where and when even dust is lost.
I would accept the fork-to-fix argument from Bitcoiners if the exact same thing wasn't incessantly used to criticize other crypto all the time as a flaw (not saying you say this). It would also only be a very temporary solution of course and does nothing to remedy the aftermath (All users that gave away goods/services are screwed).
Maybe I'm ignorant, but what is so great about StratumV2? It's a small improvement over current mining pools on Bitcoin, but payouts remain custodial, and I thought P2Pool is superior anyway?
Ok I see what you mean for that specific type of attack. Would depend on the exact way the bug worked if the double spend was discoverable or not. The flood attack in March, or whatever it was, was noticed almost immediately. But if it wasn't discoverable then yea I admit we would only be able to suspect something was going on via market price consistently sliding downward in a relatively short period of time?
The earliest way we would know is by repeated reports on forums of issues. Then we run into more problems:
How long has this been going on ? How can we even check ?
Are these reports trustworthy or an attack ?
For instance, certain users are less likely to report anything in the first place; persecuted substance users and sellers, small holders.
The reporting venues themselves are numerous and i've noticed we rely on certain people to crosspost news (such as about haveno) from simplex, matrix, reddit, nostr, monero, twitter.
Several fresh accounts with few followers could post a complaint on each of those platforms every day for months and no one would notice. The sub-Reddit is censoring unfavorable posts about Monero, and so its "news" is skewed. Monero town and Matrix a are a pain to sign up for.
So a sub-group of a sub-group will even know.
What if everyone was looking at the Black marble flood attack but ignoring the frequency of reorgs during that attack?
Something like moneroinflation .com having a reorg tracker, with report inputs from accross the network to account for local signal decay bias might be useful, but still, even with active pattern seeking, it's the type of attack that majority hash can carry out in very very small doses, say, only on purchases of a few cents, that in the aggregate amount to thousands.
Then at some juncture of weakness for the network, like a network upgrade or contentious fork: Bam: and in the chaos no one knows whats going on long enough to lose maket cap and users that will never return.
Again, i'm looking for a technical reason majority hash could not be held by a single entity right now accross the several trusted pools, and what they could do if they did , and how we would even know.
I'm looking through historical posts with similar questions but not finding good ansers, maybe i will eventually.
Any standard reply, such as : it is unlikely, why would they, or we would find a way to fight it, while possibly true, is cope as far as i'm concerned.
Btw P2pool solves the custodial payout issue of trad-pools, but as far as i can tell, it does not prevent the coordination of individual nodes behind p2pool.
I think I agree with you for these specific attacks. They would be difficult to discover on Monero unless in some indirect fashion or someone else found the exploit.
Maybe you should bring up the reorg tracker somewhere to discuss and someone can try and implement it if you cant sounds look a good idea. Maybe on: