This is a cool project. Thanks for sharing the link. I'll totally buy/mine some GRIN when it comes out.
Things I like so far:
1) Solves privacy and scaling in a single elegant stroke.
2) Inventors seem to be anonymous. I didn't try too hard to identify them but Tom Elvis Jedusor is the French name of Lord Voldemort. This is an important feature for privacy focused coins and for cryptocurrency as a political statement (not just as a technology).
3) The website, by eschewing flashy web2.0 design and and buzzwords, clearly sets itself apart from the typical "lets get rich quick" coin. Although I am disappointed the white paper isn't done in LaTeX.
Reasons I'm skeptical (perhaps you can address these):
1) Missed the boat on first mover advantage. Monero seems to solve the privacy problem good enough. Perhaps it is unreasonable to expect people to completely swap over to a new coin whenever there's an advance in tech. Especially when word of the new coin has to spread through grass roots instead of a centralized mechanism.
2) Elliptic curve crypto is vulnerable to quantum computers. IMO this is a ticking time bomb.
3) Expanding on point 2, bitcoin intentionally made a habit of layering "proven" crypto methods on top of each other. Eg both SHA256 and RIPEMD160 hash functions are used so that if a weakness is found in one hash the other is still ok. So far as I can tell mimblewimble has a single point of failure (elliptic curve cryptography).
> Reasons I'm skeptical (perhaps you can address these):
1) Monero may have first mover advantage in the privacy realm, but at the cost of prunability. Grin not only avoids that cost but further improves prunability beyond bitcoin. To me the first mover advantage will always belong to bitcoin, which will likely adopt privacy improving features in the long term.
2+3) Indeed; when evidence appears of quantum computers becoming feasible at breaking EC crypto, current blockchains will need to adopt post-quantum crypto methods of signing transactions, and migrate existing balances. Since EC crypto is more heavily ingrained into Grin, it may have a much harder time than the more modular bitcoin design, or even find it impossible to do so. I'm not aware of any post-quantum equivalent to Pedersen commitments.
My hope is that quantum computer development runs into insurmountable barriers...
>current blockchains will need to adopt post-quantum crypto methods of signing transactions, and migrate existing balances.
That's sort of true. Bitcoin is mostly quantum safe. The only vulnerability is that a quantum computer could deduce a private key and change a transaction during the brief (~1 hour) window when the transaction is pending. Quantum computers would have get to ~660*10^6 quantum gates per second before this becomes feasible (roughly a clock cycle of 660 MHz in classical terms). The first quantum computers will likely be slower than this.
The bitcoin ledger itself is quantum safe because addresses are hashes of public keys rather than just naked public keys. QC won't significantly speed up hash inversion thus a QC won't be able to steal funds out of an arbitrary address.
This is what I mean by bitcoin "layering the crypto" so as not to have a single point of failure. Sure bitcoin could have just used public keys as addresses. Instead it choose to use hash's of keys seemingly for no reason. Some of the facets of Satoshi's design are so genius that we only learn their purpose years later.
>My hope is that quantum computer development runs into insurmountable barriers...
ehhh maybe the GRIN devs should think about this now rather than later.
> The bitcoin ledger itself is quantum safe because addresses are hashes of public keys rather than just naked public keys.
This is true of later addresses, but in early times, addresses were naked public keys, and tons of bitcoins are thus vulnerable to slow quantum computers.
I could have sworn that hashing the pub key was all the way back in the whitepaper. In any case are any "naked pub key" coins still left unspent? I'd reckon that if they are actively owned by someone than that person can forward to a secure address when QC becomes practical and if they are "lost" then who cares if someone with a QC comes and claims them?
Things I like so far:
1) Solves privacy and scaling in a single elegant stroke.
2) Inventors seem to be anonymous. I didn't try too hard to identify them but Tom Elvis Jedusor is the French name of Lord Voldemort. This is an important feature for privacy focused coins and for cryptocurrency as a political statement (not just as a technology).
3) The website, by eschewing flashy web2.0 design and and buzzwords, clearly sets itself apart from the typical "lets get rich quick" coin. Although I am disappointed the white paper isn't done in LaTeX.
Reasons I'm skeptical (perhaps you can address these):
1) Missed the boat on first mover advantage. Monero seems to solve the privacy problem good enough. Perhaps it is unreasonable to expect people to completely swap over to a new coin whenever there's an advance in tech. Especially when word of the new coin has to spread through grass roots instead of a centralized mechanism.
2) Elliptic curve crypto is vulnerable to quantum computers. IMO this is a ticking time bomb.
3) Expanding on point 2, bitcoin intentionally made a habit of layering "proven" crypto methods on top of each other. Eg both SHA256 and RIPEMD160 hash functions are used so that if a weakness is found in one hash the other is still ok. So far as I can tell mimblewimble has a single point of failure (elliptic curve cryptography).