Introduction: Why is Monero the best cryptocurrency?
This article should be the definitive guide as to why Monero is the king of all cryptocurrencies when it comes to acting as money or real currency. It is long in order to be detailed and to provide general answers/tactics. I am open to discussion, but I will say that when it comes to cryptocurrency, confidentiality is essential.
We will compare Monero with several cryptocurrencies. Bitcoin (BTC), Ethereum (ETH), Solana (SOL), Stellar (XLM) and ZCash (ZEC). There is also Secret Network, but so far they want to integrate with Monero, not replace it. I will also talk about second-tier solutions: Lightning from BTC, CashFusion from BCH, Tornado Cash from ETH. For all other cryptocurrencies/solutions you can use transitive property: If Monero > X and X > Y, then Monero > Y. Let’s start with what Monero is. If Monero is new to you, check out the movie Monero: The Essentials.
Otherwise, read the points in the next section if you wish, as these are the key characteristics that give Monero a technological edge over other cryptocurrencies when it comes to fungibility, privacy and consensus. Transaction fees, collateral and international standards*. *Unimportant factors, but it’s useful to know them.
First of all, I admit that Monero is aimed at the main role of currency and does not have Smart Contract capabilities. Can it be done at the second level? Possibly. I encourage all readers to make a case for Smart Contracts, as I have not come up with or seen one that improves my life. One option I can offer, however, is recurring payments, but even fiat doesn’t need smart contracts to make them. You can create services that offer recurring payments on top of any currency. A question to ponder: do recurring payments offer more advantages than disadvantages?
Distinctive and important features of Monero:
There is no system for checking balances. No one knows how much money is in any address or who exactly that address has done transactions with. The Rich List is an inside joke, filled with ????. XMR.
The value of transactions and messages are known only to the sender and the recipient. In order to ensure that the sender has the amount of Monero they are trying to send, audited bullet proofs (range proofs) technology is used. Zcash requires the installation to be trusted, but not Monero.
Monero uses stealth addresses to hide the number of times an address has received Monero. They are similar to the concept of a module, where (x mod 5 = 3) has an infinite number of solutions. They are created by the sender to protect the recipient’s information. Thus, the observer does not know how many times the target address actually received Monero. This is implemented in all wallets, so only a bad player would not create a stealth address, but Monero relies on more than just stealth addresses.
Monero uses ring signatures to protect the identity of the sender. Currently, each transaction has 10 other possible signers, called decoys, as shown here. These signers are skewed towards those who belong to the most recent blocks with 10 confirmations, rather than the older blocks. I won’t talk about the technical aspects here, but if you are interested, feel free to visit the Monero research lab.
A single seed is the key to an infinite number of accounts, each with an infinite number of addresses. Imagine that you have several checking accounts, and each of them has several direct deposit numbers. These accounts are mathematically created, so the nth account will always be the same with different wallet customers.
Transaction fees decrease as the number of transactions increases
Block size is dynamic in the long run, but in the short run it is limited by miner penalties, which ensures block size stability. There is technical information about this, but know that if transaction activity doubles, the next block size will not be twice the size of the previous block.
All of the above are technical features that directly benefit the end user. Below is information for readers who want to get the whole picture.
Monero is a proof-of-work network that uses the RandomX algorithm for its ASIC resistance. We’ll talk about proof-of-stake and the reasons for ASIC resistance later.
Interesting fact: Monero was created from scratch and is not a fork of Bitcoin. In fact, it is a fork of Bytecoin, but improved several times over.
Monero adheres to a philosophy of ever-improving technology. The goal is to be the best, and hard forks are not prohibited in achieving this goal.
Interchangeability of cryptocurrency
Guilty Cryptocurrencies: All but Monero. For a cryptocurrency to be money, it must be fungible. If a cryptocurrency is not fungible, users risk being denied service for not being “right.” The definition of entitlement will depend on the recipient and may even be legislated by governments. Transaction history allows for this, and there is no guarantee that you may not have been followed for a transaction with someone who had the “wrong” coins. This is a problem with all cryptocurrencies except Monero. In ZEC, because transactions are public by default, and most transactions on the blockchain are public, having a public transactions option means that recipients can simply refute any transaction that is not public.
This is also true for exchanges. Exchanges use t-addresses for ZECs, not shielded ones. Now you might say that the lack of interchangeability prevents money laundering and properly harms criminals (is that really true?), but what about unjustified harm to individuals? The definition of a criminal is different in every country.
According to https://www.humandignitytrust.org/lgbt-the-law/map-of-criminalisation/, homosexual relations are a crime in 71 countries. We actively harm marginalized groups when we promote unplayable cryptocurrencies. If you and your same-sex partner share cryptocurrency together, a reputable government could easily suspect you of sleeping together, since bank/money account sharing is more common among partners than among friends. If you like to make an unfair argument by saying that maybe they are just father and son, you are kidding yourself if you think that governments that make homosexuality a crime will assume that half the people who share an account with a same-sex partner are just rich parents.
About ZCash ZCH
Now is a good time to dismantle ZCash. Z-cash offers privacy optionally and not even by default. This is the only reason it is present on more exchanges than Monero. To my knowledge, no exchange that supports ZCash but not Monero allows screened deposits (with 50% certainty) and withdrawals. Also, transparent transactions are the default standard, most transactions in the blockchain have been transparent, and users should trust that ZCash was created without any bad players. Transaction transparency by default makes hidden transactions stand out. This leads to discrimination and suspicion against users using shielded transactions. In addition to these problems, ZCash gives 10% of the total supply to its founders. This goes against the principles of fair decentralization and democracy.
In addition, ZCash does not protect transaction values even for transparent -> screened addresses. Having two types of addresses means that senders can discriminate against users of shielded addresses. This two-type system means that common behavior, such as transactions in short periods of time, can be susceptible to blockchain analysis and has already been tracked even by an individual. “having unshielded TXs inherently makes shielded ones less private” – u/lol_VEVO
Further insulting privacy advocates, the founder of the company, Zooka, once (drunkenly) tweeted that they would add privacy by default and take it away from criminals. The need to trust the setting really makes this possible… The fact that the founder holds this opinion shows us that ZCash is not interested in privacy as a human right, only privacy for those who hold the right opinion. By the way, the definition of criminal varies from country to country, as I said in the previous section. I attack the ZCash leader’s vision, which is fair game. In the Monero community, one of the Monero paid employees also worked for another crypto project. There are other details in the story, but a conflict of interest was raised in the community and the employee quit. The general fund was also questioned and a report on the general fund was created.
Cryptocurrency privacy
Guilty Cryptocurrencies: All but Monero and shielded ZCash transactions. Some privacy is offered by secondary solutions, but I gave reasons why Monero offers more protection and is easier to use.
Privacy is a fundamental human right. Any cryptocurrency that does not protect the wallet balance by protecting transaction history puts the owner at risk from bad actors. Many precautions should not be taken, such as using multiple wallets just to ensure privacy. You should also keep each wallet’s coins separate from each other in some way. Then there are the mixers. Mixers/tumblers are a 2014 technology. They cost more transaction fees, take time, and clog up the network. Objectively speaking, a cryptocurrency that can protect your privacy with a single transaction is much better than a cryptocurrency that requires you to use third-party tools for some possible privacy. How can you be sure that your own blockchain analysis tools haven’t already figured out a way to figure out dropped coins?
Here’s a real-life example of the privacy provided by the fiat banking system: In Canada, we have Interac wire transfers. When I send a wire transfer to my friend or vice versa, we don’t know how much money each other has. But if we used BTC, ETH, SOL, XLM and ZEC (the default configuration for the sender), we could see each other’s balances. We simply can’t expect any cryptocurrency to replace fiat if the privacy ends up being worse than with fiat. That’s assuming, of course, that there is less volatility in the world of cryptocurrency prices. Before you say that “people don’t care about privacy,” please tell me, would you leave the door open in a public restroom? People do care about privacy, they just prefer convenience more. Monero aims to be a convenience solution that is private. Let’s break down some arguments that consider the network effect + level n solutions > level 1 privacy. I won’t use the number of users as an argument when there are more Monero users than level n solution users.
Tumblers
Requires users to trust a centralized service or do it themselves, which is difficult for new users.
Tumblers can be tracked by blockchain analytics companies
Transaction fee ++
Network Spam ++
Doesn’t protect the balance, so you’ll need to manage at least two addresses to achieve a basic level of Monero privacy. The UX is much simpler and therefore better for Monero. Monero has its UX drawbacks, but they all have to do with the user interface, not the tech. The UI can always be improved without much cost to the user.
BTC + Lighting
Inbound liquidity. You need 5 BTC to receive ≤ 5 BTC. This is a rich get the richer scheme
L1 transaction fees. Opening a channel requires you to tie up BTC into a channel and costs you a transaction fee.
Balance attack. An attacker can send fake transactions to your invoice to determine your channel balance. You may argue you can have multiple channels or you can store most BTC on layer 1, but how is that more convenient than Monero? You end up having to keep track of and think about more than if you had just used Monero.
Node network. To send BTC through lightning to someone you don’t have a channel open with, you have to HOPE that they are connected indirectly to you via a chain of mutual nodes through another channel you have open. Usability would require the centralization of payment channels and thus is not really secure.
Requires invoicing. For you to send money to me, I have to create an invoice for you to send money to. You have to ask me for permission to send me money! This is absurd and donations would require more work than what layer 1 provides.
There are probably more issues that I do not know about
BCH + CashFusion
CashFusion obfuscates the sender of the coins but does not protect the owner’s balances. If you give me your BCH address, I still know how much you own. You’d have to maintain two addresses, one for receiving and one for sending just to get to the basic privacy protections Monero offers without any addon or user knowledge requirement.
CashFusion relies on a single server which means that it’s centralized and prone to attack. If one manages to take out CashFusion, all cash-fusions are unable to be completed. This is worse than Visa and MasterCard who have their own node network. These centralized companies are more decentralized than CashFusion itself! Reminder: Facebook, an almost $1T company went down for hours on Monday, October 4th, 2021 due to a DNS issue. Centralized internet services are all prone to being unusable by a user. The good thing is that there is no risk of losing funds (according to CashFusion).
Instead of using a basic BCH wallet, you now have to use CashFusion’s network. This is no different from simply downloading a Monero wallet and swapping BCH for XMR.
Bitcoin Cash users have the right mindset; privacy is a human right. They like the idea of privacy but have this loyalty towards BCH similar to smokers opting for cigarettes over ecigs. One is objectively better than the other.
ETH + Tornado Cash
The good thing about Tornado cash compared to CashFusion is that you don’t have to rely on a centralized service. The web app is a UI for the Tornado: Mixer smart contract. This is a very good use of smart contracts but still, this service does not bring Ethereum up to Monero’s default protections.
For one, you are restricted to sending and withdrawing 4 different quantities of ETH. How I would use Tornado is if I needed to “cleanse” ETH, I’d have to continuously send ETH to and then withdraw to different addresses each time. That’s 9 addresses if I had to move 0.9 ETH, not including transaction fees, the .0X amount of ETH left, and even the time/headache just to accomplish this. Up to $270 would be forfeited in order to get transaction privacy, not balance privacy.
A single Monero seed can have an infinite number of accounts and each account can have an infinite number of subaddresses. Instead of subaddresses showing up on the blockchain, a stealth address is created by the sender on the receiver’s behalf and shows up on the transaction. Each transaction also has 7 other possible signatures (sender’s being a stealth address again) and so the sender is protected as well. The transaction amount is also unknown to observers.
Tornado Cash is just a mixer and like all mixer’s unless all transactions go through Tornado, ETH with a history dating to a Tornado can be looked to be more suspicious than non-Tornado ETH.
Ethereum has one thing over Monero which is smart contracts but just because they are called smart, does not mean they are used in a very smart way. DAO exploit resulted in a hard fork because it affects the founders, then there’s the Polygon exploit, and the Indexed Finance exploit. Even after being audited, smart contracts can be exploited. DeFi is simply less secure at the moment compared to proprietary banking systems that are at least insured up to $100,000 per person. It’s open-source minus the community inspection. I do hope DeFi improves in the coming years but a question for the reader is why Ethereum and not Solana, Cardano, Stellar? Should Ethereum really move away from proof-of-work? Let’s find out in the next subsection.
Consensus Algorithm
Proof-of-Stake (PoS) vs Delegated Proof-of-Stake (DPoS)
Before we compare staking to working, let us first decide what’s objectively a better staking mechanism. DPoS suffers from even more issues compared to normal staking. Delegation is not more democratic, it’s more centralized. The rich have more votes and thus their delegate is more likely to win, and giving the rich voters a bigger share of the rewards. There is a sacrifice of centralization in the name of scalability and even according to Vitalik (ETH founder), there are incentives for the delegates to collude.
Proof-of-Work (PoW) vs. Proof-of-Stake (PoS)
So now we have come to the discussion of PoW vs PoS. Unlike previous critics, I’ll be arguing that PoW is better than PoS because it is more equitable and that PoS benefits the wealthy more than PoW. PoS critics usually try to argue that PoS is less secure than PoW, but I have never seen them respond back to the solutions proposed that punish bad actors, so I will only mention those arguments and state that I don’t consider them to be a solid winning point.
In PoW, there are costs to validating transactions in a block. The mining rewards are an incentive but a cost must be taken for a chance to get the rewards. There is real risk involved.
With PoS, the rich arguably get richer. A better argument is that the rich do not distribute or invest their coins in order to get richer. With PoW, the rich will have to actively spend their crypto (assuming a crypto world), distributing their coins to hardware companies and then the working class, in order to simply get the chance of more money. There is a measurable physical cost associated with it. Rewards are distributed to those who put in the most work, and not people who had the most. PoS is like a Central Bank giving newly printed money more often to the people who have saved the most. What’s to stop the UN to start a resolution that requires countries to buy up all PoS coins and then stake them together? Then the supply of ETH is fully controlled by the government at no cost to them.
This point is more economical and theoretical than about PoS: Inflation is when prices increase year over year. If done correctly, there is a higher cost to money hoarders than those who have an appropriate amount saved. The cost to live should be non-increasing but the cost of luxury goods should be non-decreasing and a marginal property tax can help tackle wealth inequality without direct discrimination. The wealthy should be able to live where they want and own as many properties as they desire but they should be dissuaded in raising the cost to live for others. I say all this because crypto should not benefit the fortunate more than the unfortunate. It should benefit innovation, and risk. I have purposely excluded investment because a scam also requires an investment and that is not something crypto should reward. Pre-mined coins disproportionately rewards those in power and not necessarily those that take on risk. The first buyers take on more risk than those who are facilitating the presale. There is more trust required than a PoW coin that simply utilizes users’ CPU. The price of the token is determine by those that mine it and are not set by the founders/upper class.
Weak Subjectivity When a node comes online for the first time, how will the node know the hash of the valid chain? In PoW, the correct chain is objectively the longest chain which is determined by computation power. In PoS, the new node will have to trust other nodes to be broadcasting the right information. Let’s look at Vitalik’s argument: “consider the kind of situation where weak subjectivity by itself would compromise a blockchain’s security. In such a world, powerful corporate or nation state actors would have the ability to somehow convince an entire community that block hash B was the block hash of block XXXYYY when most of them saw at the time and have stored in their own computers that the block hash of block XXXYYY was A, but for some reason such powerful actors would not have the ability to trick users into accepting a different location from where they download their client software.” According to Vitlak, a bad actor cannot set up more than half the network’s nodes and broadcast the wrong hash such that when the nodes restart due to a network update, they won’t rely on false information? It’s pretty obvious that the cost to set up 51% of broadcasting nodes is considerably less than the cost to achieve 51% of the network’s hash rate. I’ll admit this argument is very fuzzy, but I am open to removing it completely if one is willing to provide an unbiased risk analysis of weak subjectivity.
Another argument is PoS is permissioned vs PoW’s permissionless. To get Monero, one can mine it on any CPU. For PoS, one needs to buy the crypto from another entity to participate in the system.
A premine was probably required if there was never PoW and so PoS coins reward the rich at no cost to them. A system that favours merit over the oligarchs is always fairer.
Other arguments that other people use (Not part of my actual argument, just something to think about): Accumulated work (reversing the PoS chain is faster than than the PoW chain), finality requires 2/3 instead of 51%.
I strongly believe that ETH 2.0 will show everyone if PoS is here to stay or is significantly less secure than PoW, but it will not show if it is more equitable than PoW.
As for Monero. Monero would only adopt PoS if the community voted for it and for the time being, that seems unlikely. Any Monero fork that uses PoS will be used less than Monero itself, and by the network effect, Monero will be used, not PoSonero.
ASIC Resistant Proof-of-Work
Now that we have determined that PoW is more secure than PoS, let’s figure out why PoW is better on Monero than the other PoW cryptos like BTC.
For a proof-of-work network to be secure, it needs to prevent centralization and advantages. Cryptos like ETH1, BTC, BCH are all compatible with ASICs and thus prone to centralization by big corporations with ASIC farms. Monero however, uses the (4x audited) RandomX algorithm is optimized to run better on CPUs than GPUs and ASICs. Before RandomX, Monero needed hard forks to render any specialized ASICs useless, but with RandomX, the virtualisation techniques increased the complexity of implementing ASICs.
The logic behind ASIC resistance is as follows: PoW algorithms are meant to be inefficient for ALL parties. ASICs allow for hardware advantages and thus greater efficiency for some parties than the individual. The ASIC manufacturer maintains a hardware advantage over other miners and can thus produce more hashes per Watt than other miners. This is objectively more centralized. Example:
SHA-256: ASIC: 2x Hashes / Watt [Advantage to specialist] CPU: x / Watt
RandomX: ASIC: < x Hashes / Watt [due to Randomness + Virtualisation] CPU: x Hashes / Watt ASICs cannot be made to outperform CPUs since the entire algorithm creates a random program that leverages as many CPU features as possible.
Not only would it be costly and difficult to create an ASIC to run RandomX more efficiently, but there is also a massive risk that Monero can simply hard fork again and use a modified algorithm. There are more lucrative opportunities for profit-driven firms than to try and create a complex ASIC for an algorithm purposely created to make the process difficult.
Transaction Fees, and Liquidating Monero
I’m only including this for everyone to get the idea that transaction fees are only horrible for ETH at the moment.
To properly compare fees, we will normalize each cryptocurrency market cap to that of Bitcoins, to get the normalized price and thus normalized USD fee. For most cryptos, transactions correlate with fees but with Monero, the opposite is true, one factor being that dynamic block sizes that end up lowering the fees per transaction. The argument for fees is to penalize spam, which is the attack on NANO that went on for months. The only incentive to run a NANO node is to accept NANO…The entire worth is derived from the network effect and not actual technology or cost like PoW cryptos.
Notes
For Ethereum, the normalized Fee is poised to change when ETH 2 rolls out which will allegedly make it competitive with Solana.
With Monero, transaction fees actually decrease as transactions increase due to dynamic block sizes. You can read more about dynamic block sizes in my Intro to Monero at the beginning of this article. If the minimum transaction fees are deemed too high, Monero can always reduce it in a hard fork, but at the moment there is no need.
With Stellar, the fee was back-calculated from $0.00025 / transaction currently. I’m not sure if it’s tied to fiat or just transaction traffic.
There really isn’t much to say about transaction fees. Anything less than $2 / transaction is good since credit card transactions cost %1.5–3 and thus sellers can accept crypto transactions that are short up 2%.
Supply caps and block reward reductions may play a role in the future, but I’d rather wait and see make baseless speculations.
Liquidating and Purchasing Monero
This is not important to the argument, but is important for Monero users.
By now if you hate Monero, you will be tempted to start throwing a temper tantrum about Monero being de-listed and the “fear of regulations”. Guess what you can use instead? You can use https://fixedfloat.com/ to exchange XMR to XLM for a 0.5% fee and then deposit XLM on the exchange you use to sell immediately to fiat. Make sure the exchange you use can be trusted or that any crypto you deposit can be recovered through at least legal means. The reason I chose XLM and not any other crypto is because I did the math, and the math says that Stellar is the cheapest today to use as a medium.
To buy Monero, just do the same as above, but the other way around.
International Standards
Finally, Monero and Stellar use the ISO 4217 currency standard for international currencies in the same way that XAU is for the troy ounce of gold. This reason is semantic, so it comes last.
Conclusions
Monero offers interchangeability, all aspects of financial privacy without requiring users to know special methods, and an ASIC-resistant proof-of-work system. These three important themes may make Monero the best cryptocurrency today, but its openness and constantly improving technology are why it will remain the best. Monero is digital money, not securities.
Monero community member, programmer and privacy advocate Elijah Lopez has published a detailed technical essay summarizing why Monero is the best cryptocurrency:
There is no balance check. No one knows how much is stored at any address or with whom exactly that address has made transactions.
The values of the transaction and message are known only to the sender and the recipient.
Monero uses hidden addresses to hide how many times an address has received Monero.
Monero uses circular signatures to protect the identity of the sender. At this point, each transaction has 10 other possible signers, called decoys.
Transaction fee decreases as the number of transactions in the network increases
Block sizes are dynamic in the long run, but limited by miners’ penalties in the short run, which ensures block size stability.
Monero is created from scratch, not a bitcoin fork.
Monero adheres to the philosophy of constantly improving technology. The goal is to be the best, and hard forks do not hinder this goal.
Interchangeability.
For cryptocurrency to be money, it must be fungible.
If cryptocurrencies are not fungible, users risk being denied service because someone doesn’t like their coins. This is a problem with all cryptocurrencies except Monero.
Monero is better than ZCash. Z-cash offers privacy by choice, not by default. Transactions that are transparent by default force shielded transactions to stand out. This leads to discrimination and suspicion against users using shielded transactions. In addition to these problems, ZCash gives away 10% of its total offering to its founders. This is contrary to fair decentralization and democracy.
Monero is the only cryptocurrency that is not controlled by corporations. For a proof-of-work network to be secure, it must prevent centralization and advantages. ETH1, BTC, BCH, are ASIC compliant and therefore susceptible to centralization by large corporations with ASIC farms. However, Monero uses the (4 times tested) RandomX algorithm, optimized to work on processors better than on GPUs and ASICs.
Monero offers interchangeability, all aspects of financial privacy without requiring users to know specific methods, and an ASIC-resistant proof-of-work system. These three important themes may make Monero the best cryptocurrency today, but its open and constantly improving technology is why it will continue to be the best.
Monero is digital money, not Securities.
If you enjoyed this article and want to support my future works, feel free to donate anonymously:
Thanks to Monero, I only have one wallet with multiple addresses, and I don’t have to worry about someone nosy spying on the amount of Monero I’ve lost in an accident.
No Comments