[flipperto]

That is not correct, the vulnerability you are talking about is barely a vulnerability. It did not unmask transactions in the sense that no sender, recipient or amount (which are the properties that are hidden in the monero blockchain) was revealed. The issue only arises in some very specific scenarios, and the only information leaked is that you are more likely to be the one making the transaction (as monero hides the sender by using "decoys") in the case were you receive and spend a transaction in a very short span of time.

While bold cryptographic claims should be taken with responsibility, monero is researched and implemented by well known criptographers and researchers in a very serious way. Almost all (if not all) aspects of the protocol come directly from proven and well understood theory and published research.

[woodruffw]

> While bold cryptographic claims should be taken with responsibility, monero is researched and implemented by well known criptographers and researchers in a very serious way. Almost all (if not all) aspects of the protocol come directly from proven and well understood theory and published research.

I have a lot of friends and acquaintances who (despite my nagging) work at cryptocurrency shops, and I personally do some entirely separate work on provable computation. To call cryptocurrencies' use of zero-knowledge proofs "proven and well understood" is a tremendous overstatement: they're a brand new area within cryptography. We don't really know what their properties are yet, and we haven't even begun to comprehensively document weakness in construction, implementation, &c. the way we do for actually established cryptosystems. The deluge of published research on ZK/OT/&c. is evidence for this: everybody is scrambling to explore and publish on a new, immature research domain.

[flipperto]

You are just talking without any bases. It is true that ZK is a rather new concept in applied cryptography, but the theory has been around for a while now, without any relevant breakthrough in possible attacks. Monero cryptography comes from primitives that are not new to cryptocurrencies and have been in the cryptography scene for a couple of decades now. One could argue that theory and implementation are two very different problems, but even in the implementation side there haven't been any severe vulnerabilities (the only that comes to my mind now is the double spending attack that could be done because of a missing check in a signature). Again, the one you cited is far from a real attack on Monero. Do you have any concrete examples of parts of the protocol that are so new and immature that we should distrust for this reason?

At the end of the day it is a matter of trust and risk. I trust the mathematics of it because I took the time to read about it and understand the claims of security being made. I also have some trust in the team writing the software because I have been following their development relatively close. You may have done the same and come to the conclusion that they are not that serious or competent, but claiming that Monero is not to be trusted because the cryptography is too new is just an exaggerated view. This things are not being claimed without a proper basis.

Now, I am only talking about Monero here, there are several other crypto-systems using more esoteric methods than Monero that I wouldn't have the same trust in them, like ZCash and its derivatives. They use far more novel cryptography (zk-SNARKs) and some debatable design decisions (trusted setup, optional privacy, developers taking a chunk of mined coins).

[atatatat]

> criptographers

EP dropping Dec 2021.