| >On 2: ...How many transactions are actually private after you consider hacks or LE warrants? That's actually a difficult question. I won't try to estimate here. But IIRC something like 95% of ZCash tx are non-private by user opt in, and the remaining 5% are also vulnerable to things like warrants at the exchange and timing attacks. So the bar is set really low for Monero to have the best anonymity set of all privacy tokens. >On 3: How many people must agree in order to change something in Monero such as HF parameters like ringsize? There is not a single company but it looks [to an outsider like me] as a similar position. I think Monero is in a similar-but-better position. True the core team can be compromised and true the core team is more powerful than others. But I view this as a necessary centralization to get the ball rolling. I want the Monero core team to eventually be more hands off. Spagini's "I'm not a CEO" statement inspires confidence. >But the low ringsize is weak [hence going from 3 to 5 to now 7]. can't wait for bulletproofs! >All ring members are not equal to n^k is very naive. I was intentionally very cautious with my words here. What I actually said was "Over the course of k steps the possible transaction history might be in any of n^k states". I did not say that all n^k states are equally likely. The actual amount of entropy in the Monero blockchain is much harder to explain/estimate so I used n^k as an upper bound. |
I was under the impression that no exchanges handle shielded transactions. What do you mean by timing? I would assume you go t-z-t and leave it quite a while as shielded.
>can't wait for bulletproofs!
Bulletproofs do not help verification time which is why we have low ring size. Going from 5 to 21 ringsize only increases size 8%. 15 is even less, a reasonable compromise on size. There is an unspecified perf target that must be met on verification.