There also good reasons why Dandelion isn't in Bitcoin Core (yet). But why do a simple google search to learn why if you can score engagement by complaining?
This doesn't give me too confidence in the new publication, though of course I'm happy to be wrong.
Thx for sharing that. I wonder if this was the source of the DoS attacks on the Monero blockchain a few years ago.
Either way seems those wrinkles have been ironed out, so not sure if this old stack exchange answer still applies.
1. I suspect Monero's mempool works differently from the Bitcoin Core implementation.
2. A lack of attacks does not mean the problem is solved.
1. Makes sense
2. Yeah but that's life. Sha256 is not provably secure. But because there are no known attacks we trust it
There's a massive gap between the confidence you can have in sha256 and that of the mempool of Bitcoin, let alone that of Monero (which has fewer incentives to be attacked, e.g. no second layer protocol that relies on it).
Monero has fewer incentives to attack it? Are you even serious? Hace you been sleeping under a rock for the last 5 years?
I'm smelling a strawman
On bitcoin you could literally steal money with a good mempool attack, by closing a lightning channel with a previous state in your favor and censoring your peer to broadcast the real final state. There's good money to be made.
On Monero the only financial incentive is your government sponsored wage to de-anonymize users. It's motivating if got the job, but it's not like there's a sea of APT actors continuously looking on how to steal the cake, like North Korean Lazarus Group did on a bunch of ethereum L2 bridges (which I admit are much lower hanging fruits, but I'm sure one day they'll take a look into bitcoin L2s).
You can't spend unconfirmed transactions in Monero, so the mempool is much simpler.
Thanks for the explanation, Sjors! I was wondering: why don’t you join my show to explain why Bitcoin doesn’t have better privacy to provide fungibility to the monetary asset?
Or better yet, explain why nothing out there (including Zcash’s Halo2 and MWEB) is good enough for Bitcoin. So that nobody ever assumes negligence or malevolence when it comes to protocol development, granted that the reasons are purely technical.
> why don’t you join my show
Because of your behavior.
And also because I don't have time to study, for you and for free, a dozen protocols to figure out what trade-offs their marketing team isn't talking about that make it unsuitable for Bitcoin.
That's not to say there's never something useful out there. Information does make it across, e.g. because developers talk to each other - less so through public debates.
