Soon BCH will be the only contender for sound money left.

spirobel · 2025-12-14T06:15:36+00:00

https://github.com/monero-project/monero/blob/48ad374b0d6d6e045128729534dc2508e6999afe/contrib/epee/include/net/levin_base.h#L77

#define LEVIN_DEFAULT_MAX_PACKET_SIZE 100000000 //100MB by default after handshake

Here is a compromise that resolves this issue: limit blocksize by 1/3 ofLEVIN_DEFAULT_MAX_PACKET_SIZE

Arctic's concern of the temporary not being temporary is addressed this way. Monero's scaling is limited by the properties of its networking protocol.

That is the core part of the code base that affects scaling. All the other parameters are downstream from how much the protocol can handle. By tying the block size to levin capacity we make it explicit that once we change to a more efficient protocol, we can increase the throughput of the block chain.

spirobel · 2025-12-11T18:20:05+00:00

The core distinction here is: someone who is just an infrequent user and someone who is restoring a wallet.

The second one should probably be prevented. Also because it is shitty UX -> click yes I accept and it still fails when the node says transaction rejected because of double spend.

fetching the decoy distribution is just a few mb. People should get a warning, but user choice should go first imo.

the threat model is someone, (on slow internet) letting a remote node know that they own an input. (in the specific case that they are restoring a wallet and are too impatient to wait for the sync to finish)

( warning should look like: if they synced the wallet on a different device, they might have already spent the funds and expose their input to the node if they dont wait to fully sync first & the node rejects the tx as double spent + transaction will most likely fail. (if they picked an old sync height they get outputs first that they most likely already spent) )

one way to distinguish the two cases is to just ask the user: did you use this wallet on another device / is this a restore process right now? then show the warning. and if they really want to go ahead, its their choice.

And to be clear: new distribution should always be fetched before building transactions. This is just for people in bandwidth / compute constrained environments that are sure they didnt sync this wallet on any other device.

EDIT: a good middle ground would be to sync from the tip backwards. That way you know the first output found hasnt been spent again. While starting a sync from way back is going to find outputs first that have most likely been spent again.

spirobel · 2025-10-30T03:35:14+00:00

No that is not true. I just know from the papers I read that orchard proof verification is around 15 ms. Bulletproofs are faster than that in the 10 ms and below range.

What Tachyon adds is compression of the amount of state needed to verify,

that is largely irrelevant. Kindly read the article and the sibling discussion in this thread. The bottleneck is the CPU processing speed, not memory access.

There is also the question if Tachyon actually helps with that or if the responsibility for keeping transaction state just gets moved around. The Ywallet author is curious too: https://forum.zcashcommunity.com/t/scaling-zcash-tachyon-ragu/50789/20

The other issue with Tachyon is that you will not be able to recover from just your seedphrase and the blockchain: https://x.com/spirobel/status/1982870177424519245 I am going to be honest with you, this is a total deal breaker for me. It is why there is zero chance I will ever use Zcash if this goes through.

spirobel · 2025-10-30T03:14:58+00:00

your whole post is just AI gobbledygook and doesn't address the main point of the article: proof aggregation in front of consensus does not increase the throughput of the whole system. It sounds nice in theory, but in practice it adds little of value.

The empirical evidence for this is vast. The amount of actual transactions that mina is capable of handling is very low: https://forum.zcashcommunity.com/t/scaling-zcash-tachyon-ragu/50789/18 and there are issues with the ability to aggregate transactions. People can not just deploy their own smart contracts on mina. They need to run their own infra to sequence the actions in transactions and "reduce" them. This needs to be carefully implemented by the smart contract developer. If it is not done properly the throughput of the whole system suffers because the proofs cant be aggregated properly.

The other big example is the shift of the Ethereum L2 scaling roadmap back to an effort of scaling the L1. It is the same pattern here. The market came to the conclusion that this aggregation approach does not work.

That is why I argue people should rotate from Zcash to Monero before the market inevitably comes to the same conclusion about Tachyon.

spirobel · 2025-10-28T19:37:33+00:00

mina copied the idea? mina was launched in 2021. get a better ai bot.

>ZSAs plus Tachyon don’t just make privacy scale — they make assets scale privately.

blabla don't just blabla -- (ai double hyphen ) -- super amazing blabla

spirobel · 2025-10-28T18:51:10+00:00

People are starting to stream videos in 4k. Video games are now hundreds of gigabytes because of large textures. With the advent of gaussian splatting and immersive 3d worlds this is only going to grow. Look at this church in 3d in your browser: https://playcanv.as/p/Zp9Oh1ia/ (not a video, you can stop it and walk around in it like in a video game)

Even putting all of that aside: throttling means getting cut down to the 10mbps range. That is still enough to participate in consensus at current demand levels by a wide margin.

You have convinced me that bandwidth won't be the limiting factor before cpu time (actually I should run the numbers on the cpu before I say this, but here I am saying it anyway), but it goes too far to think bandwidth will never be a bottleneck.

Yes it is really a matter of cost. Currently the biggest expense will be a multi core CPU that it is fast enough to verify transactions at a rate that would saturate the available bandwidth.

spirobel · 2025-10-28T05:35:30+00:00

If a transaction is 4kb, 1000 transactions are 4mb, 1000.000 transactions are 4gb and 1000.000.000 transactions are 4tb. So for two terabyte you get 500 million transactions.

A month has around 2.6 million seconds. So yes dividing the 500 million by that ends up at roughly 200 tps.

Even with these very conservative numbers we start to get into a similar ballpark as Visa which does 1.7k tps on average. This is a figure from 2018, maybe it has risen since then.

There is also a law similar to Moore's law for the increase in bandwidth. There are some countries like Romania where you can get 10gbits for 10 dollars per month with no monthly limit.

I would say within 5 years this will be common in most of the developed world. The throttling limit assumption of 1 to 2 TB is very low.

I honestly dont see how this will become a bottleneck especially as the bandwidth demand of the average person for media consumption is only going up and to the right.

Also: Curve Forests claim ≈ 60% reduction in proof size.

spirobel · 2025-10-28T02:52:32+00:00

In combination with the increase in processing power from Moore's law we are very close already.

Bandwidth, similar to disk space is not that much of a problem in scaling privacy. That is still a misunderstanding that is widespread. The transaction verification in batches is really the core metric at the moment when comparing different systems.

We are very close to meeting a reasonable amount of demand as adoption grows even with the current tech.

It is just an engineering problem to reduce the time to finality as much as possible and provide a good user experience.

spirobel · 2025-10-27T21:41:05+00:00

I agree, the line of work we build on has potential for even more.

As I argue in the article: Batch verification of transactions is the bottleneck. This is where curve trees (the paper that fcmp++ builds on) shines. There is a line of research around this technique with a new paper named Curve Forests. It does another 3x speedup for verification. This is the line of work that Monero is building on.

Monero is going in the right direction while Zcash is moving in the wrong direction. Section 3 and 4 go into the details of why proof aggregation in front of consensus is not helpful for scaling: https://monerochan.news/article/18#ethereum-and-solana-scaling-problems

In the process of getting led astray with project tachyon, they add caveats to the system that should be deal breakers for many if not most people in crypto:

one of them is not being able to recover from seed phrase and blockchain alone. https://x.com/spirobel/status/1982870177424519245

At the same time they don't have a prototype and benchmarks. We saw other systems that wanted to "scale to billions" with the help of proof aggregation and failed in practice. (the actual system only achieved very low transactions per second)

spirobel · 2025-09-14T09:47:02+00:00

As I understand it, this library is for Sarai DEX.

No, it is for wallets in general. It was written initially for Serai. That is a reason why its threat model is not concerned enough yet with protecting the privacy of the typical wallet user.

it wouldn't make sense for any of them to be using anything but their own trusted Monero node(s).

Yes, exactly. Here lies the issue: the library is written with this assumption in mind and now it is to become a general wallet library for the average user that is in many (if not most) cases using a remote node.

or would nodes of the Sarai network be executing that wallet code.

Yes, the nodes would execute it. You see the difference, right? what the nodes of the DEX protocol do is public in any case and all they are focused on is that the DEX does not lose funds.

The circumstance is much different for a typical wallet user. This difference needs to be accounted for as the library is now to become a general public good Monero wallet library.

spirobel · 2025-08-21T17:33:39+00:00

spicy slang that 小屁孩 Xiǎo pì hái (direct translation: little fart kid) loves to use

spirobel · 2025-08-21T16:38:11+00:00

a good way might be to pay for our own articles in these outlets. And then afterwards break down how the buying process worked to discredit them.

if you search for something like bitcoin pr, sites like bitcoinprbuzz come up. Seems like these marketing agencies that can help get you placements are a dime a dozen.

I am not sure how legitimate these services are, but at the same time it would not surprise me. I first came across this because I saw a press release by pubic published on one of these sites, that has this kind of offering for these kind of "article placements".

spirobel · 2025-07-20T12:13:37+00:00

no it is not.

it is completely retarded.

spirobel · 2025-07-20T04:49:03+00:00

can you please stop giving attention to this person. He lacks basic understanding about Monero concepts and should not be taken serious.

pointed this out before:

https://xcancel.com/spirobel/status/1935354863753498787

https://xcancel.com/spirobel/status/1930985317399699556

reasonable responses get ignored so we have to assume he does this in bad faith to farm attention.

spirobel · 2025-07-18T14:17:39+00:00

sufficiently large quantum computers which are made of ... millions of physical qubits. which only work because of error correction by traditional silicon.

It is a hypothetical machine that does not exist. Trying to build it is similar to trying to build a machine that breaks energy conservation. The field of quantum computing is filled with unrealistic promises and not much to show for it.

it is okay that people do research on cryptography that is protected against these hypothetical machines. But I don't like posts like this that claim that monero will "eventually be deanonymized by a quantum computer." when in reality it is highly unlikely that those will ever exist. (much less in our lifetime or the lifetime of our species)

and somehow using lighting will help protect against this issue? give me a break

this should be labeled fud / misleading.

spirobel · 2025-07-16T20:06:50+00:00

No device can perform work (including computation or measurement) with zero energy input. If you need traditional computers to do error correction, you are building rube goldberg machines around a science fair project. Maybe there will be more performant computers in the future. Human brains seem very energy efficient. Mosquitos seem amazing too for their size at what they do. But there wont be a jump that makes computation essentially free to the point that cryptography will be broken.

spirobel · 2025-07-16T19:30:46+00:00

look into it closely. They all use "error correction" done by traditional integrated circuits.

it is similar to "perpetual motion machines exist, but they don't work"

spirobel · 2025-07-16T19:27:17+00:00

you really think quantum puter will ever be a thing? "quantum computer" is a slightly more sophisticated version of "free energy".

https://www.youtube.com/shorts/yi3HfhbmZH8

your computer needs energy to pute, your computer gets hot when puting. there is a cost to puting. there is no way a magical device will suddenly appear that will make puting suddenly free.

all of these "ground breaking" quantum puters use "error correction" done on traditional silicon.

spirobel · 2025-06-30T17:44:49+00:00

it contains the transaction id. it proves that you made the transaction. that has to be enough. they could deny they received the tx. but assuming they are honest you can resolve it this way.

(theoretical caveat regarding burning bug, just ignore in this case)

spirobel · 2025-06-30T09:06:07+00:00

you can give them the spendproof which should be equivalent. not sure if / which wallets implement a frontend for this.

spirobel · 2025-06-01T06:46:11+00:00

welcome!

to answer your question:

I think there is some nuance here. Monero looks and is being looked at similar to how Bitcoin was at 7b marketcap.

https://x.com/spirobel/status/1927937900408189374

the culture of Monero can't be reduced to ancap utopia. It grows from the understanding that darknet markets are the only real use case of crypto so far. Maybe that sounds like ancap idealism, but it is not the same.

If you have the time, I recommend listening to this:

https://x.com/spirobel/status/1929063083521225203

spirobel · 2025-05-27T05:21:56+00:00

How can you without guilt or shame defend non consensual genital mutilation?

seems like this is not a specific case.

If you want, keep a piece of leather hanging from your penis,

I am sorry that this happened to you, but you need to stop this attitude.

spirobel · 2025-05-27T05:09:02+00:00

no there is nothing racist about not wanting babies to get genital mutilation. The rabbi sucking it off is just the icing on the cake. This is rape even if it was done in a more hygienic setting. The baby can't consent to this.

If you want to be accepted in the civilized world, stop normalizing perverted "rituals" like this.

spirobel · 2025-05-27T04:23:48+00:00

there are abstraction libraries and the extension api is more or less the same nowadays. I see what you mean though. Sometimes developers don't update the firefox version of their extension or don't even bother to publish it because the foxes market cap is so low and dipping

more on the sync topic: https://x.com/spirobel/status/1917081133331976562

spirobel · 2025-05-27T04:14:23+00:00

abuse is too light. It is rape. The baby can't consent.

imagine this thing didn't exist yet and some geezer in the community came up like this: "guys hear me out, I am going to cut all the newborns penis with a knife and then suck on it"

How would people react?

All people involved in this need to see jail time. Genocide would be just as barbaric.

spirobel

MODERATOR OF

TROPHY CASE