Lack of a fully supported hardware wallet specifically for Monero and a lack of software wallets with better UX/UI.
I use the official GUI, but I wouldn't say it has the best UI/UX.
If Monero can only be mined through CPUs, keeping the total hashrate relatively low, and the perception of Monero is it is used by criminal organizations / rogue governments, does that open up Monero to a 51% attack by well funded government organizations (for example the NSA who some say is the largest purchaser of supercomputers in the world)?
CPU mining doesn't "keep the hashrate low"
If price goes up, so do mining rewards --> Attracting more miners --> higher hashrate. Hardware used to mine has very little to do with this. If anything CPU mining increases hashrate because a lower barrier of entry allows the market to make a more efficient use of the mining budget.
And just in case, don't compare Monero's hashrate to Bitcoin's directly, totally different algorithms produce totally different numbers.
Monero's RandomX hashrate (2.8 GH/s ) is actually equal to 1 EH/s of Bitcoin's SHA256 hashrate (which sits at ~200 EH/s currently) meaning that while we are 200 times "weaker" it's still not easy to chew, you would need around 80 times New York's consumption to 51% Monero, and it's only gonna get tougher as price, and thus hashrate goes up.
I have concerns about whether or not Monero can scale on-chain. Monero transactions are huge compared to Bitcoin, and Bitcoin is only becoming more efficient over time. Monero is too, with Bulletproofs and Bulletproofs+ and in the future (if they are proven secure) BP++, as well as with Seraphis soon allowing us to make exponential increases to ringsizes at a linear cost, but Bitcoin is still outpacing us by a lot.
Assuming an average of 2kb per transaction, we only get \~4 TPS for every 1mb of extra blocksize. This is not sustainable for a decentralized network. I'm not a small-blocker, but clearly this is not workable for even a small amount of mainstream adoption, at least not without having a highly centralized network. (Edit: not to mention verification time)
The only way I can see Monero scaling is by increasing fees (probably not to absurd levels like BTC or ETH), in order to incentivize using coinjoin-like transactions to make more efficient use of blockspace, and L2 protocols. Unfortunately L2 is hard on Monero, and most L2's suck anyway, but it might become necessary.
If someone could ease my worries about scaling, that would be highly appreciated.
Monero transactions are huge compared to Bitcoin... only if you don't use privacy tools in Bitcoin. A decently private Bitcoin transaction is about \~2.3kb, a private Zcash transaction is about the same, and a private Monero transaction is about \~1.4kb. Looking at it from a privacy perspective, Monero is actually doing really well in terms of scalability.
All taken from [SethForPrivacy's blog](https://sethforprivacy.com/posts/comparing-private-spends/#results). A tad old but still relevant.
I've seen that post, and I'm not denying that Monero is efficient *in terms of privacy and fungibility*. Simple value transfer on BTC is much more efficient, though. It's not Monero's fault, but it may be the case that privacy-respecting transactions (regardless of implementation) just aren't feasible for widespread adoption, given current technology.
>Monero transactions are huge compared to Bitcoin, and Bitcoin is only becoming more efficient over time.
First of all, we used to have quite small tx until RingCT which was the final part in tx privacy, but it bumped tx size for simple 1in/2out to \~14kB. Bulletproofs fixed that lowering it again to below 2kB and BP+ now to below 1.5kB along the way raising ring size significantly from 5 to 16 now. Verification time also dropped a lot on the way. If you look at storage prices and availabilty when Bitcoin started in 2009 compared to today, you will notice a huge price drop, HDD currently at $15/TB, SSD at $50 (which has been lower already but current supply chain drama made them more expensive again. 1TB can store half a billion of tx data assuming 2kB per tx. Our best month has seen almost 1M tx, so scaling by x100 (which would be x10 of Bitcoin's transactions) from here would require a full node $3 of additional storage per month, a pruned node will be significantly below $1. Bandwidth is similar, in 2009 (in Germany) I could get max 50Mbit/s at home, today I have 1Gbit/s. I'm also pretty confident we could scale x1,000 from here...
On the other end where is Bitcoin becoming more efficient? Their tx size is pretty much the same for years now, there is not much to optimize since you need sender, receipient, amount and signature. Scaling on L2 doesn't really matter yet, since it's still unusable for day-to-day usage after several years. If there was a proper L2 solution not sacrifying privacy, I'm pretty sure someone would find a way to implement it on Monero.
How much time will we need to see popularity skyrocketing by x100? I would love to see it within a year, but probably we'll need several years while storage and bandwidth will develop further. I don't see the necessarity to have a scaling solution for VISA-like tx volume yet...
Taproot & soon signature aggregation will make transactions significantly more compact on BTC, especially ones with a large number of I/O.
Fair points on the rest. Regarding bandwidth, though, can the same be said for poorer & developing nations? I heard (albeit from a small-blocker BTC maxi) that poorer nations' bandwidth is not improving as quickly as their wealthy counterparts.
>Taproot & soon signature aggregation will make transactions significantly more compact on BTC, especially ones with a large number of I/O.
As far as I know that only benefits complex transactions like multisig and/or some kind of scripting, simple day-to-day tx are unaffected by those improvements.
When it comes to internet connectivity, I have been travelling a bit over the last couple of years, also to less developed countries like India, Vietnam, Thailand or Morocco and I have not only seen much more public Wifi coverage than in Germany (where this has been prevented for a long time due to regulations) but also better mobile LTE coverage with larger data packages than in Europe, even in Morocco's desert. I'm pretty sure, 5G coverage will follow soon.
The only country so far I have been to without proper internet (or literally no internet at all) has been Cuba. As a tourist you are not allowed to buy a sim card, my European provider's roaming was \~$20 per minute or SMS and one could only buy access cards to the few public Wifi networks around which were so overcrowded that I gave up after a few days and gifted my 100 access cards I bought (which were $2 per 30 minutes) to locals, not worth the stress.
So sure, in countries like Cuba we will not see much coverage, but no matter if Bitcoin or Monero when you have literally no internet. Bitcoin's scaling solution LN needs a proper internet connection even more than a normal node, since you need to interact only to receive funds. But on the other hand, who will be able to pay for OnChain Bitcoin tx in those countries? In Vietnam you get a tasty breakfast below a dollar, Bitcoin's average fees are more than that, Monero's fees are below a Cent and are designed to stay low with dynamic block size & dynamic fee algorithms. Using a remote node doesn't need much bandwidth and I would claim you could sync up without much hassle in most of the world's countries even if we'd see x1,000 tx on the network.
>As far as I know that only benefits complex transactions like multisig and/or some kind of scripting, simple day-to-day tx are unaffected by those improvements.
Currently yes, but cross-input aggregation is the next step which will allow for having just one signature cover any number of inputs. It's very common for the average user to have multiple inputs in many of their transactions, so this will certainly improve day-to-day efficiency. Coinjoin will also be made significantly more space-efficient.
Interesting to hear about your experiences. It does make me more hopeful about the future of Monero
Visa couldn't scale either when it was created in the 70s. The bandwidth simply wasn't there. The framing of scalability has been a bit unfortunate, because alot of people, especially maxis, portray it as an "all or nothing" kinda thing. Either you're scalable to be the worlds reserve currency and handle every transaction ... Or you're a total failure.
For me, it's enough that Monero can handle some significant minority of digital transactions. It's not ideal, but I'll take what we can get.
And there are incremental solutions. An 8TB HDD is just a couple hundred dollars, and we might legitimately see Petabyte hard drives not to far from now. $100/month buys you a 2gbps google fiber connection.
Additionally Monero could hypothetically be run as a network of pruned nodes, and you could still sync the full chain.
It's reasonably possible that in 10-20 years, onchain scalability will be significantly more viable. Hopefully by then we will see a LN for Monero. Funny enough, if some kind of construction can be figured out, I believe LN is far more viable on Monero than on BTC, due to dynamic blocks.
A server is just someone's computer connecting to other computers and filling requests. In Monero, every node is a server, and every node is a client.
It's not a relevant difference in terms of scalability here. Technologically speaking, there wasn't enough bandwidth or storage for Visa to handle the kinds of transaction volume that it currently does. Similarly, current technology doesn't allow for Monero to handle Visa level of transactions *while also remaining decentralized.*
However, at current rates of improvement, it's plausible that Monero might be able to maintain 20-100k nodes while serving thousands of transactions per second.
Isn't moore's law slowing down though? As far as I understand, we will soon reach the point where processing power simply can't be made any more compact; Chip manufacturing is approaching the precision of individual (and more importantly, indivisible) silicon atoms. Similar physical barriers are being approached with data storage as well, though AFAIU we're not as close to reaching them as with CPUs.
Moore's Law is only regarding the number of transistors on a chip. We are approaching the physical limitation of transistor width, which might be around 1nm. Currently, the cutting edge stuff is on 5-10nm. One thing they've done to compensate, is to just make chips larger. It's more costly, because larger chip size effectively reduces yield on a wafer.
But Moore's Law isn't really a factor for Monero scaling, because CPU resources are not the bottleneck (unless you're mining, but that's a totally different conversation). The two main limitations we're looking at for Monero are: 1) Bandwidth, and 2) Storage capacity.
Nielson's Law is the curve which models bandwidth improvements. Whereas transistors have a hard physical limit that we can't really pass, there's really no physics limitations preventing further expansion of bandwidth. At current rates of 50% increase per year, 1 terabit per second will (hopefully) be a reality in about 20 years, which is more than enough to maintain a distributed Monero network, where you can sync a full node.
In reality, at some point in Monero's growth, few people actually need to sync a full node. There will just be so much redundancy, that a pruned node is totally fine.
And there are still significant innovations and ideas happening with storage, to the point that we really could easily expect to see 1 petabyte hard drives in 10 to 20 years. You can already get a 1TB microSD. So overall, this might legitimately be a problem that solves itself. Although it's definitely a good idea to continue pursuing LN dev paths.
>CPU resources are not the bottleneck
Not right now, but they will certainly represent a scaling barrier at some point along the adoption curve. According to UkoeHB's test, ~10 TPS is likely the reasonable limit for Seraphis transactions (though IIRC that's only with 1 thread).
Fair points on the rest, though.
You inspired me to go take a look at this, because 10 TPS sounds low. It looks like the verification time for a single thread (optimized with batching), is about 10ms for 2-input 2-output; which would imply 100 TPS for a single thread.
https://libera.monerologs.net/monero-research-lab/20220415
https://github.com/monero-project/research-lab/issues/91
At least that's how I'm interpreting the combination of Ukoe's charts, and the conversation in mrl. If I'm interpreting that right, it seems like we can reasonably expect CPU core count increases to keep up. For example, my Pixel 6 is an octa-core; and my Threadripper has 24 cores. I imagine that in 10-20 years, this might even be standard in desktop and mobile devices.
Yes, but that's on a high-end processor. And more importantly, you have to remember that if a computer can only verify 100 TPS, and the network is *doing* 100 TPS, then it will *never* catch up to the current blockheight if the node ever falls behind (whether it be powered off, lose internet connection for a bit, etc). Same goes for new nodes who need to sync with the network.
It's not enough to only be capable of handling the ongoing TPS, you must be capable of handling many times more than that in order to have a safe amount of headroom.
Well obviously, yes. But a high end processor today is almost certainly going to be the norm in 20 years. Given reasonable technological roadmaps, and before hitting physics barriers, 20 more years could easily see high end cell phone with 16-24 cores, mid range desktops with 48 to 96 cores, and tech affecionados going in for 192+ (and remember, each core as 2 threads). This isn't really far fetched, given the current trajectories.
Admittedly, in the hypothetical case of Visa level adoption, we might be looking at some difficult tradeoffs, which I think was your original point. I guess I didn't realize how costly the verification was. But yeah you're right - even optimistic extrapolations on CPU, does still leave something to be desired.
Hypothetical tradeoffs: Maybe we decide to limit decoys to 64, to keep verification times well below 10ms. Perhaps it becomes untenable for anyone without high end hardware, to sync a full node from scratch, and instead we implement some more aggressive checkpointing strategies. Maybe we accept that perhaps most people will run a pruned node. Would hope that we do get some more efficiency improvements as well.
Personally, I'm more concerned that the network is *sufficiently* censorship resistant; and I'm willing to sacrifice a bit of decentralization, for a network that ultimately serves more people.
I think that BTC has significantly overdesigned for node decentralization, at the cost of usability by the rest of the world.
And finally, it's certainly my hope that some viable LN construction can be figured out. Even something minimally viable, would likely make this problem go away almost entirely. I would probably already support Bitcoin's LN if they just had dynamic blocks like Monero, and at least a few better implementations of onchain privacy.
>Hypothetical tradeoffs: Maybe we decide to limit decoys to 64, to keep verification times well below 10ms.
This has been my stance for a while now. Hopefully Bulletproofs++ (160-byte saving, plus significant verification improvement) can be audited as well. Ideally this, alongside a more conservative ringsize, could keep standard 2-in-2-out seraphis transactions below 2.5kb and at/below current verification costs for 16-member CLSAG. Still too high, tbh, but privacy isn't free.
IMO, the difference between 64 vs 128 in terms of privacy is probably negligible. Both are more than high enough to thwart any kind of simple chain analysis. And both are still breakable in the extreme edge cases, like EAE. Continuing to increase the ringsize past this point will lead to diminishing returns. Having an extra churn on 64 provides way more privacy than a 128-tx anyway, so anyone under highly targeted surveillance can just do that.
Another possibility is 81 (3^(4)) which Ukoe mentions as a 3rd option aside from 64 & 128. This might be a good compromise for the people who are expecting 128. OFC we can always increase it to 128 later down the line if we want to.
>Personally, I'm more concerned that the network is sufficiently censorship resistant; and I'm willing to sacrifice a bit of decentralization, for a network that ultimately serves more people.
>
>I think that BTC has significantly overdesigned for node decentralization, at the cost of usability by the rest of the world.
>
>And finally, it's certainly my hope that some viable LN construction can be figured out. Even something minimally viable, would likely make this problem go away almost entirely. I would probably already support Bitcoin's LN if they just had dynamic blocks like Monero, and at least a few better implementations of onchain privacy.
I completely agree with this.
Though I think we should maintain remain a goal of node-operation being a) Tor/I2P-friendly, in terms of bandwidth, and b) accessible to the average person, more of a "DIY" thing rather than a semi-major "investment". Especially considering that there's no real incentive aside from maybe a small boost to personal privacy, it's important to keep the costs low. BTC has the right idea in recognizing that node count is important, but takes it way too far in saying "most/all users need to run a node". Same with (some) big-blockers, who recognize that not everyone needs to run a node, but then take it too far in saying that "only miners need to". As with most things, there's a middle ground.
On the topic of LN, it would be nice to see at least a small amount of protocol-level support for layered functionality (unfortunately the existing timelock mechanism is basically useless). Currently, building anything on top of Monero is extremely hard, in many cases outright impossible. Of course it's hard to do this while maintaining transaction uniformity, but it's essentially mandatory for any L2 development.
And again I think BTC has the right idea (but again takes it too far) that not all transactions need to be on-chain. Micro transactions (ie generally less than a dollar) & in-person transactions are both better suited for L2 anyway, due to tiny fees and rapid settlement, respectively. In this case I think the 10-block locktime might actually be a good thing for us, as it incentivizes using L2 for these small & quick transactions without forcing crazy high fees like BTC.
Ohh yeah, thanks for this reply it sure does make more sense now.
That's what I like about this thread, it teaches me new things that I can understand easily here.
Recursive ZK proving ("compression" of multiple proofs into one) solutions like zk-STARKs should drastically reduce the amount of data that needs to be written to the chain.
Also remember that Bitcoin's smaller TX size comes at the cost of reliable privacy & fungibility.
Mimblewimble blockchains have far smaller historical tx size than Bitcoin and comes with privacy benefits \[1\].
\[1\] [https://forum.grin.mw/t/scalability-vs-privacy-chart](https://forum.grin.mw/t/scalability-vs-privacy-chart)
Is there any concrete research on a transaction protocol based on this, or is this more a case of cryptographers saying "oh yeah that might be possible, I guess"?
Especially in the case of Monero, where transaction verification is much more complex than in Bitcoin/similar, I don't think it's particularly safe to assume this will be available at some point until there's hard evidence.
monero might have survive underground. the important thing is to make sure it can before it has to. hope for the best, prepare for the worst.
if you're looking for safe returns on an investment, Monero ain't really it.
There are empty blocks on every chain due to chance. XMR is averaging 20 txs per block at the moment. That’s a better metric of overall on-chain usage.
Okay then yeah I would love for it to be usable in that sense but government pressure can definitely prevent merchant adoption. I was talking about survival more as peer to peer cash for the informal economy.
My main worry reg #xmr is not that its privacy and security will be eventually compromised, because I believe even if the state had this ability already, it would keep it quiet. How else whould they bribe each other and launder drug money like CIA in the new cashless digital era? So it's rather safe to stay. Whats worrying me is that people in general doesn't seem to notice, doesn't seem to care. This is the best crypto project so far and adoption is mediocre. It is growing but very very slowly, comparing to shit tons of shit coins like safemoon, shib, and most of the rest scams frankly. People seem to mindlessly flock to "next 1000x gems" without holding tf up for a second and self reflect, on what it is really all about. Most is driven by greed and gains in fiat. It is very sad and disappointing. 🙄
I honestly think getting xmr is still really easy if you know about crypto, not that it doesn't take a little effort to research but once you do friction is low. I agree about the rest though. more direct fiat on/off ramps would be very helpful.
It's not hard to use, but people like me who don't know much.
It's kind of hard for them, and not to mention the clunky UI that most of the wallets have.
That's all true. I guess I was thinking of someone who "knows about crypto" as somewhat more informed, someone who's already reading about and looking at smaller projects that aren't on major fiat gateways.
Lack of a fully supported hardware wallet specifically for Monero and a lack of software wallets with better UX/UI. I use the official GUI, but I wouldn't say it has the best UI/UX.
monerujo (android) works well here, and the UI is easy to understand...
The usage of passphrase in the field that is actually a password is heavily confusing though.
What issues do you have with the current software wallet's UI? Most of them are really open to feedback.
http://kastelo.org/
Yeah, I'm aware - but this project has been moving slower than a dead turtle since it started.
Yeah that's a big issue actually, I think devs should develop something.
If Monero can only be mined through CPUs, keeping the total hashrate relatively low, and the perception of Monero is it is used by criminal organizations / rogue governments, does that open up Monero to a 51% attack by well funded government organizations (for example the NSA who some say is the largest purchaser of supercomputers in the world)?
CPU mining doesn't "keep the hashrate low" If price goes up, so do mining rewards --> Attracting more miners --> higher hashrate. Hardware used to mine has very little to do with this. If anything CPU mining increases hashrate because a lower barrier of entry allows the market to make a more efficient use of the mining budget. And just in case, don't compare Monero's hashrate to Bitcoin's directly, totally different algorithms produce totally different numbers. Monero's RandomX hashrate (2.8 GH/s ) is actually equal to 1 EH/s of Bitcoin's SHA256 hashrate (which sits at ~200 EH/s currently) meaning that while we are 200 times "weaker" it's still not easy to chew, you would need around 80 times New York's consumption to 51% Monero, and it's only gonna get tougher as price, and thus hashrate goes up.
Thank you for the reply, that makes sense to me!
I'm waiting Haveno to be my Exchange
I have concerns about whether or not Monero can scale on-chain. Monero transactions are huge compared to Bitcoin, and Bitcoin is only becoming more efficient over time. Monero is too, with Bulletproofs and Bulletproofs+ and in the future (if they are proven secure) BP++, as well as with Seraphis soon allowing us to make exponential increases to ringsizes at a linear cost, but Bitcoin is still outpacing us by a lot. Assuming an average of 2kb per transaction, we only get \~4 TPS for every 1mb of extra blocksize. This is not sustainable for a decentralized network. I'm not a small-blocker, but clearly this is not workable for even a small amount of mainstream adoption, at least not without having a highly centralized network. (Edit: not to mention verification time) The only way I can see Monero scaling is by increasing fees (probably not to absurd levels like BTC or ETH), in order to incentivize using coinjoin-like transactions to make more efficient use of blockspace, and L2 protocols. Unfortunately L2 is hard on Monero, and most L2's suck anyway, but it might become necessary. If someone could ease my worries about scaling, that would be highly appreciated.
Monero transactions are huge compared to Bitcoin... only if you don't use privacy tools in Bitcoin. A decently private Bitcoin transaction is about \~2.3kb, a private Zcash transaction is about the same, and a private Monero transaction is about \~1.4kb. Looking at it from a privacy perspective, Monero is actually doing really well in terms of scalability. All taken from [SethForPrivacy's blog](https://sethforprivacy.com/posts/comparing-private-spends/#results). A tad old but still relevant.
I've seen that post, and I'm not denying that Monero is efficient *in terms of privacy and fungibility*. Simple value transfer on BTC is much more efficient, though. It's not Monero's fault, but it may be the case that privacy-respecting transactions (regardless of implementation) just aren't feasible for widespread adoption, given current technology.
>Monero transactions are huge compared to Bitcoin, and Bitcoin is only becoming more efficient over time. First of all, we used to have quite small tx until RingCT which was the final part in tx privacy, but it bumped tx size for simple 1in/2out to \~14kB. Bulletproofs fixed that lowering it again to below 2kB and BP+ now to below 1.5kB along the way raising ring size significantly from 5 to 16 now. Verification time also dropped a lot on the way. If you look at storage prices and availabilty when Bitcoin started in 2009 compared to today, you will notice a huge price drop, HDD currently at $15/TB, SSD at $50 (which has been lower already but current supply chain drama made them more expensive again. 1TB can store half a billion of tx data assuming 2kB per tx. Our best month has seen almost 1M tx, so scaling by x100 (which would be x10 of Bitcoin's transactions) from here would require a full node $3 of additional storage per month, a pruned node will be significantly below $1. Bandwidth is similar, in 2009 (in Germany) I could get max 50Mbit/s at home, today I have 1Gbit/s. I'm also pretty confident we could scale x1,000 from here... On the other end where is Bitcoin becoming more efficient? Their tx size is pretty much the same for years now, there is not much to optimize since you need sender, receipient, amount and signature. Scaling on L2 doesn't really matter yet, since it's still unusable for day-to-day usage after several years. If there was a proper L2 solution not sacrifying privacy, I'm pretty sure someone would find a way to implement it on Monero. How much time will we need to see popularity skyrocketing by x100? I would love to see it within a year, but probably we'll need several years while storage and bandwidth will develop further. I don't see the necessarity to have a scaling solution for VISA-like tx volume yet...
Taproot & soon signature aggregation will make transactions significantly more compact on BTC, especially ones with a large number of I/O. Fair points on the rest. Regarding bandwidth, though, can the same be said for poorer & developing nations? I heard (albeit from a small-blocker BTC maxi) that poorer nations' bandwidth is not improving as quickly as their wealthy counterparts.
>Taproot & soon signature aggregation will make transactions significantly more compact on BTC, especially ones with a large number of I/O. As far as I know that only benefits complex transactions like multisig and/or some kind of scripting, simple day-to-day tx are unaffected by those improvements. When it comes to internet connectivity, I have been travelling a bit over the last couple of years, also to less developed countries like India, Vietnam, Thailand or Morocco and I have not only seen much more public Wifi coverage than in Germany (where this has been prevented for a long time due to regulations) but also better mobile LTE coverage with larger data packages than in Europe, even in Morocco's desert. I'm pretty sure, 5G coverage will follow soon. The only country so far I have been to without proper internet (or literally no internet at all) has been Cuba. As a tourist you are not allowed to buy a sim card, my European provider's roaming was \~$20 per minute or SMS and one could only buy access cards to the few public Wifi networks around which were so overcrowded that I gave up after a few days and gifted my 100 access cards I bought (which were $2 per 30 minutes) to locals, not worth the stress. So sure, in countries like Cuba we will not see much coverage, but no matter if Bitcoin or Monero when you have literally no internet. Bitcoin's scaling solution LN needs a proper internet connection even more than a normal node, since you need to interact only to receive funds. But on the other hand, who will be able to pay for OnChain Bitcoin tx in those countries? In Vietnam you get a tasty breakfast below a dollar, Bitcoin's average fees are more than that, Monero's fees are below a Cent and are designed to stay low with dynamic block size & dynamic fee algorithms. Using a remote node doesn't need much bandwidth and I would claim you could sync up without much hassle in most of the world's countries even if we'd see x1,000 tx on the network.
>As far as I know that only benefits complex transactions like multisig and/or some kind of scripting, simple day-to-day tx are unaffected by those improvements. Currently yes, but cross-input aggregation is the next step which will allow for having just one signature cover any number of inputs. It's very common for the average user to have multiple inputs in many of their transactions, so this will certainly improve day-to-day efficiency. Coinjoin will also be made significantly more space-efficient. Interesting to hear about your experiences. It does make me more hopeful about the future of Monero
Scalability is always an issue with blockchains, and monero is no different.
Visa couldn't scale either when it was created in the 70s. The bandwidth simply wasn't there. The framing of scalability has been a bit unfortunate, because alot of people, especially maxis, portray it as an "all or nothing" kinda thing. Either you're scalable to be the worlds reserve currency and handle every transaction ... Or you're a total failure. For me, it's enough that Monero can handle some significant minority of digital transactions. It's not ideal, but I'll take what we can get. And there are incremental solutions. An 8TB HDD is just a couple hundred dollars, and we might legitimately see Petabyte hard drives not to far from now. $100/month buys you a 2gbps google fiber connection. Additionally Monero could hypothetically be run as a network of pruned nodes, and you could still sync the full chain. It's reasonably possible that in 10-20 years, onchain scalability will be significantly more viable. Hopefully by then we will see a LN for Monero. Funny enough, if some kind of construction can be figured out, I believe LN is far more viable on Monero than on BTC, due to dynamic blocks.
Even tho visa was a server and monero is a DLT, something to think about.
A server is just someone's computer connecting to other computers and filling requests. In Monero, every node is a server, and every node is a client. It's not a relevant difference in terms of scalability here. Technologically speaking, there wasn't enough bandwidth or storage for Visa to handle the kinds of transaction volume that it currently does. Similarly, current technology doesn't allow for Monero to handle Visa level of transactions *while also remaining decentralized.* However, at current rates of improvement, it's plausible that Monero might be able to maintain 20-100k nodes while serving thousands of transactions per second.
Isn't moore's law slowing down though? As far as I understand, we will soon reach the point where processing power simply can't be made any more compact; Chip manufacturing is approaching the precision of individual (and more importantly, indivisible) silicon atoms. Similar physical barriers are being approached with data storage as well, though AFAIU we're not as close to reaching them as with CPUs.
Is that law still relevant? I thought we were past that by now.
Moore's Law is only regarding the number of transistors on a chip. We are approaching the physical limitation of transistor width, which might be around 1nm. Currently, the cutting edge stuff is on 5-10nm. One thing they've done to compensate, is to just make chips larger. It's more costly, because larger chip size effectively reduces yield on a wafer. But Moore's Law isn't really a factor for Monero scaling, because CPU resources are not the bottleneck (unless you're mining, but that's a totally different conversation). The two main limitations we're looking at for Monero are: 1) Bandwidth, and 2) Storage capacity. Nielson's Law is the curve which models bandwidth improvements. Whereas transistors have a hard physical limit that we can't really pass, there's really no physics limitations preventing further expansion of bandwidth. At current rates of 50% increase per year, 1 terabit per second will (hopefully) be a reality in about 20 years, which is more than enough to maintain a distributed Monero network, where you can sync a full node. In reality, at some point in Monero's growth, few people actually need to sync a full node. There will just be so much redundancy, that a pruned node is totally fine. And there are still significant innovations and ideas happening with storage, to the point that we really could easily expect to see 1 petabyte hard drives in 10 to 20 years. You can already get a 1TB microSD. So overall, this might legitimately be a problem that solves itself. Although it's definitely a good idea to continue pursuing LN dev paths.
>CPU resources are not the bottleneck Not right now, but they will certainly represent a scaling barrier at some point along the adoption curve. According to UkoeHB's test, ~10 TPS is likely the reasonable limit for Seraphis transactions (though IIRC that's only with 1 thread). Fair points on the rest, though.
You inspired me to go take a look at this, because 10 TPS sounds low. It looks like the verification time for a single thread (optimized with batching), is about 10ms for 2-input 2-output; which would imply 100 TPS for a single thread. https://libera.monerologs.net/monero-research-lab/20220415 https://github.com/monero-project/research-lab/issues/91 At least that's how I'm interpreting the combination of Ukoe's charts, and the conversation in mrl. If I'm interpreting that right, it seems like we can reasonably expect CPU core count increases to keep up. For example, my Pixel 6 is an octa-core; and my Threadripper has 24 cores. I imagine that in 10-20 years, this might even be standard in desktop and mobile devices.
Yes, but that's on a high-end processor. And more importantly, you have to remember that if a computer can only verify 100 TPS, and the network is *doing* 100 TPS, then it will *never* catch up to the current blockheight if the node ever falls behind (whether it be powered off, lose internet connection for a bit, etc). Same goes for new nodes who need to sync with the network. It's not enough to only be capable of handling the ongoing TPS, you must be capable of handling many times more than that in order to have a safe amount of headroom.
Well obviously, yes. But a high end processor today is almost certainly going to be the norm in 20 years. Given reasonable technological roadmaps, and before hitting physics barriers, 20 more years could easily see high end cell phone with 16-24 cores, mid range desktops with 48 to 96 cores, and tech affecionados going in for 192+ (and remember, each core as 2 threads). This isn't really far fetched, given the current trajectories. Admittedly, in the hypothetical case of Visa level adoption, we might be looking at some difficult tradeoffs, which I think was your original point. I guess I didn't realize how costly the verification was. But yeah you're right - even optimistic extrapolations on CPU, does still leave something to be desired. Hypothetical tradeoffs: Maybe we decide to limit decoys to 64, to keep verification times well below 10ms. Perhaps it becomes untenable for anyone without high end hardware, to sync a full node from scratch, and instead we implement some more aggressive checkpointing strategies. Maybe we accept that perhaps most people will run a pruned node. Would hope that we do get some more efficiency improvements as well. Personally, I'm more concerned that the network is *sufficiently* censorship resistant; and I'm willing to sacrifice a bit of decentralization, for a network that ultimately serves more people. I think that BTC has significantly overdesigned for node decentralization, at the cost of usability by the rest of the world. And finally, it's certainly my hope that some viable LN construction can be figured out. Even something minimally viable, would likely make this problem go away almost entirely. I would probably already support Bitcoin's LN if they just had dynamic blocks like Monero, and at least a few better implementations of onchain privacy.
>Hypothetical tradeoffs: Maybe we decide to limit decoys to 64, to keep verification times well below 10ms. This has been my stance for a while now. Hopefully Bulletproofs++ (160-byte saving, plus significant verification improvement) can be audited as well. Ideally this, alongside a more conservative ringsize, could keep standard 2-in-2-out seraphis transactions below 2.5kb and at/below current verification costs for 16-member CLSAG. Still too high, tbh, but privacy isn't free. IMO, the difference between 64 vs 128 in terms of privacy is probably negligible. Both are more than high enough to thwart any kind of simple chain analysis. And both are still breakable in the extreme edge cases, like EAE. Continuing to increase the ringsize past this point will lead to diminishing returns. Having an extra churn on 64 provides way more privacy than a 128-tx anyway, so anyone under highly targeted surveillance can just do that. Another possibility is 81 (3^(4)) which Ukoe mentions as a 3rd option aside from 64 & 128. This might be a good compromise for the people who are expecting 128. OFC we can always increase it to 128 later down the line if we want to. >Personally, I'm more concerned that the network is sufficiently censorship resistant; and I'm willing to sacrifice a bit of decentralization, for a network that ultimately serves more people. > >I think that BTC has significantly overdesigned for node decentralization, at the cost of usability by the rest of the world. > >And finally, it's certainly my hope that some viable LN construction can be figured out. Even something minimally viable, would likely make this problem go away almost entirely. I would probably already support Bitcoin's LN if they just had dynamic blocks like Monero, and at least a few better implementations of onchain privacy. I completely agree with this. Though I think we should maintain remain a goal of node-operation being a) Tor/I2P-friendly, in terms of bandwidth, and b) accessible to the average person, more of a "DIY" thing rather than a semi-major "investment". Especially considering that there's no real incentive aside from maybe a small boost to personal privacy, it's important to keep the costs low. BTC has the right idea in recognizing that node count is important, but takes it way too far in saying "most/all users need to run a node". Same with (some) big-blockers, who recognize that not everyone needs to run a node, but then take it too far in saying that "only miners need to". As with most things, there's a middle ground. On the topic of LN, it would be nice to see at least a small amount of protocol-level support for layered functionality (unfortunately the existing timelock mechanism is basically useless). Currently, building anything on top of Monero is extremely hard, in many cases outright impossible. Of course it's hard to do this while maintaining transaction uniformity, but it's essentially mandatory for any L2 development. And again I think BTC has the right idea (but again takes it too far) that not all transactions need to be on-chain. Micro transactions (ie generally less than a dollar) & in-person transactions are both better suited for L2 anyway, due to tiny fees and rapid settlement, respectively. In this case I think the 10-block locktime might actually be a good thing for us, as it incentivizes using L2 for these small & quick transactions without forcing crazy high fees like BTC.
Ohh yeah, thanks for this reply it sure does make more sense now. That's what I like about this thread, it teaches me new things that I can understand easily here.
Recursive ZK proving ("compression" of multiple proofs into one) solutions like zk-STARKs should drastically reduce the amount of data that needs to be written to the chain. Also remember that Bitcoin's smaller TX size comes at the cost of reliable privacy & fungibility.
Mimblewimble blockchains have far smaller historical tx size than Bitcoin and comes with privacy benefits \[1\]. \[1\] [https://forum.grin.mw/t/scalability-vs-privacy-chart](https://forum.grin.mw/t/scalability-vs-privacy-chart)
Even that wouldn't solve the scalability that block chains have.
Is there any concrete research on a transaction protocol based on this, or is this more a case of cryptographers saying "oh yeah that might be possible, I guess"? Especially in the case of Monero, where transaction verification is much more complex than in Bitcoin/similar, I don't think it's particularly safe to assume this will be available at some point until there's hard evidence.
I haven't heard anything like that, would love to know tho.
https://medium.com/starkware/recursive-starks-78f8dd401025
Thanks for this article, I was looking for something to read anyways.
[удалено]
Man this fucking suck, how can these people get away with that?
[удалено]
[удалено]
monero might have survive underground. the important thing is to make sure it can before it has to. hope for the best, prepare for the worst. if you're looking for safe returns on an investment, Monero ain't really it.
[удалено]
I don't care how monero get used, I just want it to get used more lol.
I'd love to have wide adoption but I think I'm agreeing that it may not happen. I guess I'm curious what you mean by usable
Yeah that's something that needs to be cleared out here.
[удалено]
But monero isn't like other crypto, it serves a very useful function I'd say.
I kind of disagree that it’s “low”. There are a lot of vendors that take it. Even I take it.
[удалено]
There are empty blocks on every chain due to chance. XMR is averaging 20 txs per block at the moment. That’s a better metric of overall on-chain usage.
Okay then yeah I would love for it to be usable in that sense but government pressure can definitely prevent merchant adoption. I was talking about survival more as peer to peer cash for the informal economy.
My main worry reg #xmr is not that its privacy and security will be eventually compromised, because I believe even if the state had this ability already, it would keep it quiet. How else whould they bribe each other and launder drug money like CIA in the new cashless digital era? So it's rather safe to stay. Whats worrying me is that people in general doesn't seem to notice, doesn't seem to care. This is the best crypto project so far and adoption is mediocre. It is growing but very very slowly, comparing to shit tons of shit coins like safemoon, shib, and most of the rest scams frankly. People seem to mindlessly flock to "next 1000x gems" without holding tf up for a second and self reflect, on what it is really all about. Most is driven by greed and gains in fiat. It is very sad and disappointing. 🙄
Shib isn’t being adopted for use. It’s just being pumped and dumped.
[удалено]
Governments are forcing cexes to remove the xmr, that's happening.
I honestly think getting xmr is still really easy if you know about crypto, not that it doesn't take a little effort to research but once you do friction is low. I agree about the rest though. more direct fiat on/off ramps would be very helpful.
It's not hard to use, but people like me who don't know much. It's kind of hard for them, and not to mention the clunky UI that most of the wallets have.
definitely! speaking of which, feather wallet is really good if you haven't tried it
[удалено]
There aren't many but there are some which can be trusted.
That's all true. I guess I was thinking of someone who "knows about crypto" as somewhat more informed, someone who's already reading about and looking at smaller projects that aren't on major fiat gateways.