I’m following up some comments posted at bitcointalk.org which were responding to my critique of MimbleWimble/Grin (to which this comment replies), and the emission schedule digression below is specifically w.r.t. Grin’s implementation of MW (and other implementations that copy theirs).

@sandinthebones wrote (also archived):

Disadvantages of MW:
[…]
No scripting possible, so no smart contracts nor atomic cross-chain transactions (but there’s a way to achieve HTLCs but not multi-hop off-chain networks such as Lightning Networks (LN)).

and quote from https://www.grin-forum.org/t/much-of-the-technology-behind-grin/127

Scriptless scripts. MimbleWimble can’t allow Bitcoin-style scripts. In theory this should be very limiting. But in practice, leveraging Schnorr signatures, we can re-introduce multiple types of smart contracts. Inluding the basis for lightning network and…

Atomic swaps. One type of scriptless script that allows exchanging grins with other cryptocurrencies trustlessly.

Note I corrected that listed disadvantage in my MW/Grin critique, to indicate that only scripted scripts aren’t possible.

I did note in the edit that the statement that atomic exchange wasn’t possible came directly from Andrew Poelstra in his earlier video presentation which I had cited (and the link is still there if anyone wants to verify Andrew’s culpability for the error). Thus Andrew is now refuting his earlier statement based on new ideas he has presented. Apparently Andrew did not grok the HTLC concepts well when he made that earlier cited statement which I had based that item of my post on:

Andrew Poelstra wrote:

I don't really know how HTLC's work, but this matches my understanding

I actually think that was a very minor point in terms of my overall critique of MW. I do appreciate @sandinthebones’ correction.

Correct peer review is always appreciated. However what we have below are more examples of technologically ignorant shills making incorrect (and ad hominem) statements. This is one of the aspects of bitcointalk.org which lowers its value for meaningful discussions. And primarily the reason I have requested that they not remove my perma-ban from that site.

What is especially disingenuous about the comments below is these political-hacks cherry-pick the least important claim in my prior post. Instead of addressing the major weaknesses, they try to misdirect the focus of the reader onto the least relevant issues, so the reader is fooled into believing that the major points I have made are also somehow not compelling. This is a well known political strategy for fooling people.

The main weaknesses I enumerated for MW basically are more generally summarized:

• The anonymity/privacy is not the best (for the numerous enumerated reasons, not just the following).
• It’s not transaction scaling, rather it’s only validation scaling.

Tangentially Note: My market positioning conjecture is that given the above, MW’s raison d'être is dubious. Contrast this with for example the raison d'être demand for Binance coin (ticker BNB), which provides a 25% discount on trading fees (if employed to pay the fees) on the fastest growing and arguably the best exchange with numerous pairs of numerous altcoins which is deploying their $0.5 billion in profits to buyback the Binance BNB token. Binance coin has been entirely counter correlated to the entire rest of the cryptocosm and has been rising duing the entire crypto winter! Because it has real demand! Imagine that, a real use case! The math geeks usually don’t excel at marketing and business because they think nifty math is the hammer for every nail.

For example, snotty kids¹ may not understand that my point about the declining relative value of the minted tail reward² (because it becomes an inexorably smaller proportion of the money supply) is most applicable to the context of a 50+% attack being able to deanonymize mix sets (except for zk-snarks/zk-starks will have unbounded mix sets) wherein the miner can spam the mix sets because the adversarial miner(s) can pay the transaction fees to themselves (thus no cost of spamming and if necessary they control what goes into any limited blocksize). When someone’s anonymity is crucial to avoiding being persecuted or other heinous outcomes, they can’t risk the chance of these vulnerabilities. And again, this tangential point I made wasn’t even the most significant of the weaknesses I listed, as evident by the caveat I attached to it, “Note this posited insecurity is a problem perhaps a decade or two from launch when the constant minted reward has become a [relatively] small tail reward [value].”

@kingcolex wrote (also archived):

@Hueristic wrote (also archived):

Meh, shitload of conjecture argued as if it were facts as usual.

The money supply grows more slowly over time, so the decline decelerates into a small tail reward and thus a dubious level of security

[bolded text is] Bullshit.

Yeah it doesn't make too much sense now does it? If the security was low then difficulty would be low too and people back to mining.

Drooling fanboys¹ may fail to understand how proof-of-work operates, and flunk the most rudimentary level of education on proof-of-work.

The profitable hashrate demand for mining (and thus the difficulty level) adjusts to the value of the mining reward available. If that reward is too low, then the chain is vulnerable to rented hashrate attacks which are unprofitable in terms of the cost of rewarded tokens, but are profitable due to some externalities (such as the ability to double-spend or short the market). That the difficulty level adjusts upward to the rented hashrate attack is not relevant to my point about security because a 50+% (aka 51%) attack exists in this case regardless of the rise of the difficulty level. (Note the rising difficulty level will prevent accelerated mining but that obviously wasn’t the posited security vulnerability)

I will quote as follows from my critique of Lightning Networks to make this rebuttal more irrefutable in the minds of readers who have a functioning brain stem:

The unavoidable invariant is that PoW requires significant funding for miners in order to bolster the security of the longest chain against rented hashrate attacks. The $multimillion Bitcoin Gold 51% attack eight months ago and Ethereum Classic’s recent 51% attack highlights the critical importance of funding security adequately.

The above are recent examples of 50+% attacks due to inadequate mining rewards. So this is not conjecture. The contemplated vulnerability actually occurred numerous times already.

Regarding the “Meh, shitload of conjecture argued as if it were facts as usual.”, peer review consists of refuting statements with facts. My statements about the technological weaknesses are the facts. If anyone thinks otherwise, the onus is on them to make factual statements refuting my assertion of the facts. Ad hominen drooling from fanboys¹ who flunked even the most rudimentary understanding of blockchains doesn’t qualify as peer review.

As for the conjecture in my post about the market positioning for Grin (and other MW systems), I would like to see some well thought out counter points. Ad hominem doesn’t qualify as reasoning.

¹ _{These are relevant to the rebuttal statements of fact and thus not ad hominem. Wikipedia defines, “Ad hominem (Latin for ‘to the person’), short for argumentum ad hominem, is a fallacious argumentative strategy whereby genuine discussion of the topic at hand is avoided by instead attacking the character, motive, or other attribute of the person making the argument, or persons associated with the argument, rather than attacking the substance of the argument itself.”}

² _{Note although transaction fees also augment the miners’ reward, there’s been some published research (c.f. also my explanation of it) that the incentives compatibility of proof-of-work is dubious as the minted reward declines relative to the reward from transaction fees. Even Grin links to that research in their justification for an inexorable tail reward. But instead of making this a percentage of the money supply (as Monero does), they chose instead inexorably declining. The above cited research concludes that as incentives compatibility fails for proof-of-work due to too low of a minted block reward, a mining oligarchy must take control over the blockchain, else it forks off in a very high orphan rate that can stall or highly delay the confirmations. Nobody knows what level of minted tail reward will suffice and for one reason is that no one knows what the reward from transaction fees will be (as that depends on demand). Bitcoin has this same flaw, but at least it doesn’t impact anonymity. And thus Bitcoin must and will become ruled by a mining oligarchy in the future for that reason and also reasons I cited recently in a discussion with @smooth.}

I see there was some follow-up attempts to refute my clarifications above.

@kingcolex wrote:

A decade or two? In crypto we have already found out if this coin would be a winner or a loser, we would already be on Gen 6+ asic but also he contradicted himself on Grin.

You’re at least removing the ad hominem so I will also. Yet it’s still extremely noisy when you respond without carefully reading what I already wrote. Did you not notice that “against rented hashrate attacks” links to NiceHash which is a marketplace that matches sellers to buyers for renting mining hashrate provided by CPUs, GPUs and ASICs.

Rented hashrate attacks aren’t limited to CPU-only or even GPU-only mined blockchains.

he has valid points but that’s mostly at shitcoins that are pump and dumps on life support. If a rented hashrate can take you out then you're not strong enough

Again you apparently didn’t click the links I provided, because there’s a table listing the cost to attack extant altcoins with rented hashrate and nearly all of the proof-of-work altcoins are vulnerable, except Bitcoin, Ethereum, Litecoin and Zcash.

such as against rented hashrate attacks and the Cuckoo cycle may be vulnerable to botnets while it’s ASIC resistant

So their implementation of a constant reward would help prevent a rented hash attack for a decade or two but it’s vulnerable during it’s asic resistance which is planned to switch within two years?

Firstly, may be vulnerable to rented hashrate or botnet attacks during the fledgling adoption stage even though the minted mining reward is relatively higher w.r.t. the money supply than it will be in the future, but probably any botnets will simply be used to amass tokens for dumping later.

I didn’t know that there’s a plan to change from ASIC resistant Cuckoo cycle to ASIC friendly PoW after two years. Doesn’t necessarily change my point that as the minted mining reward inexorably declines in relative value to the money supply (and thus to the market capitalization), eventually the non-transaction fee portion of the mining reward could become too low to either protect against rented hashrate attacks or insure incentives compatibility for convergence on a longest chain (absent a mining oligarchy to prevent the game theory of bribing other miners with transaction fees). Just because the PoW algorithm changes doesn’t resolve the economic value and game theory dilemmas.

Apparently you had your mind only focused on rented botnet attacks. There many different variables in play here, such as the incentives compatibility research I linked to.

This is totally a possibility for if gpuminers split and there are no fpga/asic users but then who are the losers? Bag holder fanboys of a dying shitcoin? Do we even care then?

Do you understand that Ethereum Classic was recently 51% attacked. And I do believe GPUs mine it. Is Ethereum Classic a shitcoin? Seems to me Ethereum (and thus also Classic) has potentially many more use cases and better market position of needed utility than dubious market position need for massive pruning on a HODLer store-of-value with no transaction scaling and arguably not the best anonymity. Bitcoin already won’t be relinquishing the HODLer store-of-value market to any altcoin. Note I’m not an Ethereum fan and my next post on this blog will be a critique of Ethereum’s abysmal state of scaling research. I did explain in my critique post that the wealthy can afford to download and validate Bitcoin. AFAICT, they don’t need massive pruning. And they don’t need you and I on Bitcoin either. And my conjecture is that our geek circle of cyberpunks do not constitute a large enough market to enable Grin to keep pace with other altcoins that are positioned to target larger markets.

Note Grin will likely attain a Top 20 (or perhaps Top 10) ranking for a while because our cyberpunk geek circle still has some influence on speculation markets. Yet I think the crypto market will mature and adoption will broaden over this decade. Where I wrote “dubious”, I didn’t mean useless or entirely incapable. I wouldn’t insult @tromp who has been friendly with me in past discussions. I don’t anticipate Grin being one of the Top 3 that becomes a significant global phenomenon.

If my analysis of the anonymity technologies in play ends up incorrect and somehow Grin’s anonymity is deemed objectively superior to Monero’s, Grin could displace Monero in the Top 10. I think zk-starks are going to eventually displace Grin and Monero. I do much prefer the creative name Grin over Esperanto’s Monero.

My initial critique lacked this limited praise of Grin, because my post was intended to counter balance @Theymos’s anointment of Grin as the only altcoin accepted at bitcointalk.org. I have no vested interest (e.g. no Monero) other than I don’t want Grin to be falsely labeled as the scaling coin— it doesn’t scale transaction volume. I’m contributing to the development of a transaction scaling altcoin.