As far as I understood, bitcoin was not part of seizing Silk Road.  An attack on TOR was.

As usual, the crypto itself is not the issue, OPSEC is.

That's what crypto is for, in the end, no ?  To bring down state and law. Otherwise, I don't see its purpose.  So I can only applaud this...

Freedom of trade.  Like freedom of speech.  The two pillars of real freedom, taken away by state and law, taking it back to people.  The real aim of crypto: a new French Revolution in the making, that started with Galileo and Newton (the first distributed organisation, science, that brought down the pillar of the Ancien Regime: religion and King by the grace of God).
It took centuries.  But it got there.

The Silk Roads of today, with "forbidden trade" are like the books of Galileo 4 centuries ago, with "forbidden thinking".  And yes, both got condemned severely by law and justice.   

OK, I got some more view on ZCASH.  The way it is implemented doesn't make anonymous transactions standard or compulsory.  You have essentially bitcoin, and the possibility, if you want to, to convert them in "notes" and do anonymous transactions.  That's not good.

I think that ZCASH contains some very good cryptographic ideas, but that the way these are put in music in ZCASH is not so great.  I have 3 problems with ZCASH as it is announced.

1) the post-premine of 10% to the company.  That can be arranged by a fork.
2) the way the trusted setup is done.  I can accept a trusted setup where I'm part of myself or where I could have been part of, but not with some celebrities doing things.  There are ways to solve this, with thousands of participants.
3) the big no go for me: anonymity should be compulsory.

I think that ZCASH's crypto can one day be useful, but not the way it is put into music in ZCASH. 

I would think that the "life of an economic entity in Europe" does spend most of its financial life transferring Euros from one account to another.  Most accountancy of a small company in Europe consists of receiving Euros from customers, and paying Euros to personnel and providers.  They rarely buy gold, dollars, shares, real estate or other stuff as a matter of financial accountancy if they are not big.  Even inside, they shuffle Euros from one department to another, on "internal accounts".
I don't see why, one day, that wouldn't be the case with crypto.  I surely hope so.
And no, regulation sets in even if you remain within the "Euro" boundary, and never cross it to the gold, real estate, shares or whatever other asset class.  I also dream load that the whole of crypto will make the states crumble under their financial incompetence and scamming, and free the people from state and law, but I realise that this is only a dream.

The "right to spend" IS a form of ownership.  I would like to see you defend your thesis in court that if you've been selling drugs to Jack, who has been caught, in the above scenario, denying that the bitcoin value attached to address B is your ownership, even though you provably could transact it ; in other words, that you had its right to spend.


A "right to spend" of a cryptocurrency is exactly what defines its ownership.  In bitcoin, that corresponds to possessing the private key that comes with an address.  Of course, nobody can prove that you are in possession of such a key, UNLESS YOU USED IT exactly to do a transaction with. 

So in a certain way, UTXO can still be deniable ownership.  But past transactions that have been executed correctly on the chain, and that are led to your person, are an undeniable proof of past ownership.

If a past address B content was mixed with a transaction that was done by a known entity (in my example, an exchange like Kraken) TOWARDS YOU on YOUR DEMAND, and if you SPEND  the output of that transaction to a known entity that (KYC) knows you paid (to obtain a coffee), then there's no denying on your part that you WERE the owner of the spending rights of B at a point in time - because you USED them, and you were the only person capable of using it - so you must have been the owner of the spending rights.


Why don't you think that one day, crypto currencies will be the "prevailing financial system of the day" ?  Probably not the ones we have now, but technologically much improved ones.

For the moment, I think so too.  However, ZCASH has very interesting crypto.  The main problems I have with ZCASH are:

1) the post-premine by the company
2) the trusted setup
3) (not sure but I think) that ZCASH doesn't use compulsory private transactions, like monero does.

That said, ZCASH DOES have very good ideas.  I think that the main fundamental problem, the trusted setup, can be vastly improved.  When that will be the case, when it will be a grass-roots chain (no postpremine) and when the private transactions are the only possible, ZCASH has better anonymity properties than monero.  But without these 3 aspects, I think I prefer monero's anonymity, although it is not total.

DASH has, IMO, "historical" merit, in that it is one of the first cryptos trying to implement what could improve anonymity.  I think that DASH's anonymity tech (mixers) is outdated, and requires a lot of extra structure (master mixer nodes...) that has been made obsolete by the technology of ring signatures (Monero) and also by the technology of zero knowledge proofs (zcash). 

One monero (cryptonight) hash is way, way more computing intensive than one bitcoin hash.

I gave you already an example with an employer and a subcontractor.  I can give you more.  The point is that open transaction links between addresses allows one to use partial off-chain identity information to complete the puzzle.  If those transactions are not explicitly known, but one only has a cryptographic proof that they exist, then this kind of "completing the puzzle" cannot be done.

Here's another example.  Joe sells "illegal" stuff to Jack against bitcoin.  So there is a transaction from address A (Jack's) to address B (Joe's).  Joe withdraws coins from his account on, say, Kraken to his address C (Joe's).    Next, Joe pays Mark some bitcoin from address B and C to Mark's and gets a return in address D (Joe's).  Next, Joe buys a coffee at Julia's café, and his wallet pays from D to address K (Julia's) and his return address E (Joe's).

Now, law enforcement arrests Jack.  Jack doesn't say anything, but law enforcement can see in Jack's wallet that Jack owned address A and hence paid to address B.  Suppose now that law enforcement works with Julia's cafe.  They see that after a few transactions, A - B - D - K Jack's coins end up at Julia's.  She can clearly identify Joe as the owner of address D.  But law enforcement looks for the owner of B, who did business with Jack.  Given that they see that B was combined with C into a transaction leading to D, and that they can find out that C is Joe's because it came from Kraken, Joe cannot deny to be the owner of B too.

Indeed, a transaction combining B and C(of Joe) into D (of Joe) can be nothing else but B being Joe's too.

As such, with just knowing that Jack paid B and Kraken and Julia's cafe, one can find out that B must be owned by Joe and that Joe worked for Jack.  So the relationship between Jack and Joe can be derived from the block chain, and information that doesn't relate to their relationship.

Do the same with cash.  There's no way law enforcement can ever trace back the relationship between Jack and Joe.  With monero, neither.


The point is that chain analysis can complete PARTIAL information by using the transaction network.

I have the impression that we are running in cycles.  "block chain" and "address" are only ONE means to implement a monetary token.

A monetary token needs to display a "right to spend" and a "power to transmit".

The "right to spend" has to derive from a proof, belief, reasonable expectation that that RIGHT IS LEGIT.  That's all there needs to be.  In order for a right to spend to be legit, it has:

1) to be created in a legit accepted way OR
2) to have been uniquely transmitted from a former legit "right to spend".

From the moment that one can have sufficient trust, belief, reasonable expectation that such is the case, then the right to spend is legit, and the token can act as a monetary asset.

The EXACT WAY in which the trust, belief, reasonable expectation of legit right to spend is achieved, is not important, from the moment that people can trust, believe, or reasonably expect it to be true.

One way is "through physics".  Physical objects, essentially through Pauli's principle and the fact that they are made up of fermions, automatically induce a "right to spend" if you physically hold them.  If I have a piece of genuine gold to show you, physics guarantees me that or I dug it up (legit "creation" of the monetary token), or someone gave it to me and doesn't have it any more right now.

Another way is "with an army of accountants".  That's how the fiat world works, with "legit rights to spend".

And another way is by having some computer derived proof of such.  That can be through a transparent block chain where the software can verify, hopping from transaction to transaction, back to the moment of creation (mining).  But that can also by another block chain mechanism, where a cryptographic proof is delivered that such transactions took place.

And maybe in the future we will invent still other schemes to prove the legit right to spend.  The exact way in which this is achieved, doesn't matter, from the moment that it is sound.

I agree that cryptocurrencies as designed today have a fundamental problem with very high volumes.  Bitcoin has a hard limit, others, like monero, can adapt, but at a certain point, the block chain growth becomes so large, that with present technology, this is problematic.  Maybe a 500 TB block chain is not a problem in the future ; for the moment, it is.

That said, there could be solutions to that.  Off-chain is one answer.  But "grouping transactions together" could be another one.  Suppose that a supermarket receives 300 transactions per minute from its customers.  There could be a kind of cryptographic technique, style zcash, that allows this supermarket to combine these 300 transactions into one single big one.  I don't know of any block chain that implements this at the moment (because no need: the only block chain that has problematic high volume at the moment is bitcoin, and there, it is hitting a hard protocol limit) ; but if so, it would again be something like an "obfuscated cryptographic proof that these transactions were OK without showing them".

Honestly, if the idea is NOT that crypto goes more or less mainstream in the long run, I fail to see the point of it.


It is a chicken-and-egg problem.  When a currency is really used as a denominator, a property, called "stickiness of prices" occurs, which calms the price fluctuations and stabilizes the currency value.  But people will only accept denominations in a crypto when they think it is stable enough.


Crypto doesn't have to have limited supply.  Bitcoin has a limited supply in 130 years.  Monero has tail emission.  You could easily provide for a slightly inflationary currency.  BTW, our currency is NOT stable.  We've suffered an inflation of a factor of 23 since one century.

And there's another regulatory inflation: the NUMBER of cryptocurrencies.  If you have 300 different cryptocurrencies, each with a fixed supply, and you create 700 more cryptocurrencies, eating in the same store of value market, you have also a form of inflation.  If a cryptocurrency hard forks, you also have a form of inflation.  So there is an inherent variable money supply, by the number of cryptocurrencies/hard forks and their relative market caps.

The crypto market is much more elastic than one would naively think.

Well, if ethereum is fuel for smart contracts, then for sure people are storing a lot of fuel in their wallets   They must be planning on using a lot of smart contracts.  They are absolutely not thinking of the monetary value of ethereum, they are just scared they might run out of fuel 
Careful with lighters with so much fuel around...

I hold back my judgement of ETH when the next big exploit on a big ethereum contract will be discovered.

Is there actually some statistics on how much ethereum there is in each of the public contracts on ethereum ?
The DAO was a crazily high fraction of ethereum, but what is the next biggest thing on ethereum ?

This is a funny statement, BTW.  If you think that any "sound money" can be used as a BASE for a fiat system, then you are missing the point of a fiat system.  Fiat LEFT the concept of a monetary base already a long time ago (officially in 1972, in practice at least already in 1914).  Fiat money has a political goal, but is also practical as a currency to use on a daily basis, and is in fact more than good enough to get your salary, buy bread and coffee and so on.
Fiat cannot be tied to anything because that would limit its political leverage.  People have been lying for centuries about these ties that were just made up, and then made impossible to be verified (on purpose).

In as much as fiat would have a sound monetary base, it would lose its political function, and hence we could use crypto DIRECTLY.  Why keep this whole structure of central banks, commercial banks, and all this BS, if we can just use crypto *directly* ?  If we keep all this structure, it is to obfuscate the political goal of fiat, and render it useful at the same time (which is necessary of course for its political goal to be reached).  But then, it can never be "sound", so crypto is of no use.

And if it is sound, it doesn't need all this structure.

From the moment that the monetary asset is *abstract* and is not a commodity any more, nor a genuine promise (debt), the monetary asset is NOTHING ELSE but record-keeping of RIGHTS TO SPEND.  Since fiat money left the gold standard, it is exactly that: a record-keeping system of RIGHTS TO SPEND.

Crypto is not the first abstract token right to spend system.  Fiat (electronic fiat) was there first.  The "right to spend" has nothing to do with traceability.   Fiat money is not publicly traceable and very private banks, like the Swiss banks (until the US bullies bribed them into spying on their customers) were PERFECTLY accepted and trusted, as long as they had trusted internal accountancy that said that all transactions were legit.

Bitcoin resolved the "trusted accountancy" problem in the blunt way, by publishing the books in the open.  But this brings in a lot of privacy problems that were solved long ago by Swiss banks.


Of course.  But that's a straw man.  You were claiming initially that a non-transparant block chain COULD NOT be a sound monetary bookkeeping system in which people can have trust.  First of all, you're contradicted by fact: there are non-transparent block chains that ARE valued on the market.

In the same way, I could argue - old-school style - that an asset that is not "backed" by a commodity (like gold), or a debt (like a mortgage) can never be a monetary asset.  First of all, fiat already proved that statement wrong, and second, bitcoin proved that wrong, when people argued that fiat is "backed by guns, bombs and fighter planes": bitcoin isn't.

So a priori statements of when tokens cannot be money are often proven wrong.

The only thing that is needed for a token to become monetary asset (but by no means WILL become, but CAN become) is:
1) an accepted way of creating the tokens (with bitcoin, it is mining, with fiat, the king only can print).
2) a provable system of "genuine coins" (correctly created, and no double spend)
3) the recursive belief system that you can accept it, because others will accept it (the true magic of monetary assets in general) bootstrapping somehow.

This can be achieved in many ways.  One way is an open ledger, style bitcoin.  Another way is using a cryptographic proof of 2), like monero or zcash.  Fiat uses armies of accountants.

3) is magic, and we don't know why it happens sometimes, and why not in other cases.

When the magic is gone, it is called "hyperinflation".  This can also come from 1) or 2) failing severely.

I will give you a very direct example of where it matters.  
I have an employer, and I have a small business at the same time.
I sometimes do business with subcontractors of my employer.  I do NOT work on the same stuff (that is illegal), but I do work for a subcontractor on rather confidential (but perfectly legal) things.
These things are totally separate and my employer doesn't know this, isn't supposed to know, and I'm not doing illegal stuff.

BUT.  Suppose that I get paid in bitcoin.  Suppose that the subcontractor gets paid in bitcoin by my employer.  And suppose that that subcontractor pays me in bitcoin too.

It will not be very difficult for my employer to find out that he's paying someone (me) that the subcontractor is paying too.  There might be a suspicion that I'm frauding my employer with that subcontractor.  I'm not.  But "follow the money".
The only way to clear this out with my employer, would be to explain in detail what I'm doing... but it is confidential for the subcontractor.  (again it has nothing to do with my employer or his business).

This is problematic in bitcoin.  With monero, there are no such issues.  

Today, I'm protected by my bank.  My employer doesn't know who else is putting money on my bank account.  But on a public ledger, it is not difficult to see that there is a mixing that happens between the coins that went to me, and the coins that went to the subcontractor by my employer.  If moreover, I pay the canteen at work, for sure they see that the subcontractor's coins end up, through me, at the canteen.

I'd be in a difficult situation: reveal confidential information, or be suspected by my employer ?

YOU say that crypto means "everything is at an address", but that is not what money is about.  Money is about:

1) I have the RIGHT AND POSSIBILITY to transmit the token I have, to you
2) those tokens are guaranteed to be created ONLY in a well-specified way
3) those tokens can only be transmitted from their creation origin to you.

Cash is not an address for instance.

The "crowd" will only see their application's balance.  The crowd will not analyse the block chain.  If I TELL Joe Schmoe that I pay him 20 XMR, and he sees his application tell him that he now has 20 more XMR, he will believe me.  Exactly as with bitcoin.

Now, whether I tell him that he got 20 REAL coins that have been created in the past, and that his software verified that, by looking exactly WHEN AND WHERE they were created, and then how they hopped over to his wallet, OR I tell him that his software verified that THERE EXISTS a moment of creation of his coins and that there EXISTS a path of transactions to bring those coins to his wallet, and that this existence is cryptographically proved in the same way that his signature is cryptographically proved when he orders a bank transaction, I think that for Joe Schmoe, that is the same.

After all, most people are quite happy to SEE ON THEIR BANK BALANCE 50 million dollars, and they have never known where those dollars came from, who had them in the past, and how these dollars hopped from their creation to their account.  In fact, most people would be VERY SURPRISED to learn where these dollars were created from: namely NOT from the FED at all, but rather invented by the bank itself when they gave a mortgage to Jack Wonk, yesterday.

This hasn't stopped people from accepting dollars.

Now, if you believe in cryptographic signatures as PROOFS of existence, then you can easily accept a cryptographic proof that a coin was created correctly and was transmitted correctly, EVEN IF YOU CANNOT KNOW THE EXACT PATH.  You can probably convince a person much more that a cryptographic proof is valid, rather than that a crowd of accountants have verified the accounts.  People do with the last thing.  If there is "mathematical proof" that it is correct, then that's good enough I would think.

And if you don't believe in cryptographic signatures, then you shouldn't believe bitcoin either.  You have no idea whether the guy sending the coins to you cannot fake your signature and erroneously prove that he's you.  You have no idea whether all the transactions were in fact correct because if one can fake signatures, one can fake transactions.  

So there's no difference in principle.  Just in sophistication.  The monero cryptographic proof is more sophisticated than the bitcoin proof.  But both are just as valid.  And none is "visible and able to be eye-balled".  You maybe need somewhat more math and crypto to understand monero than you need to understand bitcoin.  Like you need to understand somewhat more tech to understand email than you need to understand snailmail.

You are arguing that a proof depends on the intelligence of the receiver.  While I would agree with you that the receiver's beliefs will depend on his ability to "understand", you are somehow arguing that proofs must be dumb, or they are not proofs.  I do not agree with that and I will show you the relativity of the argument.

You didn't check the bitcoin block chain by hand either, did you.  I would say that with more than 80 GB of data to wade through, you cannot "see" the bitcoin block chain's transaction web any more "with the naked eye" than you can see the proof of veracity on, say, the Monero block chain.

==> you need to use a tool in which you trust.  In your case, it is the bitcoin core software.  If you simply download the bitcoin core software, and it TELLS YOU that a certain transaction in your favour is legit, and adds it to your balance, I suppose that you ACCEPT that on FAITH in the bitcoin core software.

In the same way, if simplewallet of bitmonero tells you that your wallet has *this* amount of coins, then I suppose you can trust that just as well, or just as little.

Now, you can go and READ the source code of the bitcoin core software, compile it yourself, understand every byte in the bitcoin block chain, or write code yourself that is your own wallet software, based upon the bitcoin protocol, and hence VERIFY YOURSELF the "veracity" of the bitcoin transactions and the legitimity of the coins you receive.

--> but this requires specialized computing skills.  Most people don't have them, or don't bother to do so.  Most people can imagine that *sufficient smart persons in the world have verified it* and trust the bitcoin core software.

As such, you can:
1) trust blindly the software and the white paper
2) verify it all yourself, with sufficient skill and time
3) suppose that you can trust 1), because there are sufficient people that have done 2) even if you don't belong to them.

But in any case, the *proof* is not transparent to you, or to Joe Schmoe, even with bitcoin, and you have to use tools you trust, have to trust that there are competent people that checked it, or be one of those competent people yourself.

If I give you 80 GB of data, there's no more clear evidence that I have legit coins by looking at the pen drive, than by looking at the screen of bitcoin core.

Now, to cryptographic proofs.  You can try to understand the cryptography.  Or you can trust it blindly.  Or you can trust that sufficient competent people have looked into it and trust it.  After all, YOU ALREADY DO SO.   Indeed, you have to believe in the cryptographic difficulty of mining, you have to believe in the cryptographic impossibility of faking signatures.  Already by using bitcoin, you have to believe (or understand, or believe that sufficient people understand) cryptographic theories.

Monero just puts this on a slightly higher level.  If you *understand* the cryptographic proof of the unique existence of transactions, then that is just as valid for you as if one showed you the transactions themselves.  If you don't understand them, you have to believe it blindly, or you have to believe that sufficient people who do understand this, think it is OK.

But there's no difference in principle: you understand it, and you accept the proof because you understood so, you accept it blindly because the software says so, or you believe that sufficient people who understand it, accept it.



I think that the main problem is that you *understand* bitcoin sufficiently, and that you maybe don't understand the cryptography behind monero.   Why would you believe the tool "blockchain.info" ?   Because you think that you could, if you had enough time, do it yourself.  You don't trust monero's block chain, because probably (I'm guessing) you're less at ease with cryptography and you have to trust others more.


I guess that in 2011, bitcoin was in a similar state.  But, as I said, at the end of the day, the ONLY way to verify it yourself is to fully understand the white paper, to fully understand the crypto, and to write a piece of code yourself that analyses the block chain.  I bet that it will be a line command tool you'd be writing.



If you screw up the database of bitcoin core, you have the same kind of problems.  But that has nothing to do with the "monetary value" or the "monetary authenticity", you're only talking about TOOLS.


Absolutely not.  I'm pretty sure that MOST journalists have never looked at the block chain with a hex editor.  I did.  I wanted to understand bitcoin to the last little byte.  I now feel confident that I COULD write a command line tool that analyses the entire block chain.

I haven't totally reached that point with monero, but I'm not very far.  The learning curve is comparable, but the crypto is harder.


On the contrary.  Your "eye-balling" is illusion.  You cannot eyeball the bitcoin block chain.  And you need to understand certain cryptographic notions.

If you UNDERSTAND the proof of a cryptographic signature, then all doubt is gone too when you verify a signature.  If you understand cryptographic ring signatures, then you have no doubt either that the legit transactions exist.  You do not have to "see" them, not any more than you have to see my private key to believe my signature.

Even with bitcoin, there is OR serious competence and effort needed, OR you have to trust tools that tell you it is OK.  With monero, the needed competence is just somewhat higher.  But it is relative.

In the same way you cannot convince your granny that all transactions on the bitcoin block chain are valid if she doesn't believe you, you can probably not convince Joe Schmoe that ring signatures are cryptographic proofs.  But in no way you can make your granny "eyeball" the bitcoin block chain without using something that she doesn't understand, and can refuse to believe.

You are very confused about what a cryptocurrency stands for.  You've some shards of right statements, and then you make a logic soup of it.

You start off not too badly: "commodity money" vs "debt money".  However, these indicators refer to the creation process of the asset that becomes money, and not to the monetary asset itself.  The monetary asset itself is still a different thing, and a cryptocurrency will illustrate this aspect in an amazing way.

The "commodity money" vs "debt money" explains the "bootstrap" of a monetary asset, but doesn't qualify the asset itself.  

It goes like this.  A commodity money starts out with a token that is also a product, a commodity.  For instance, a bull, or a nail.  Bulls have value, because they are products that people are willing to offer goods and services for to obtain them to USE them (to eat, to do work, to reproduce...).  Nails have value because you can hammer them, make tables and wooden houses with.  They have "intrinsic value".  As such, obtaining them (against value) you can sell them again (against value), and they are an obvious "store of value".  You can use them as an intermediate good.

However, in as much as this becomes general practice, the DEMAND for this commodity will become a large time the initial demand for it by the people simply using them.  If you only use bulls to eat them, then there will be a certain demand for bulls.  If you also use bulls as store of value, then the demand for bulls will be MUCH HIGHER.
Now, there are two possibilities: this higher demand can induce a higher production.   Or this higher demand can result in a much higher bull price.  In the first case, production is elastic, in the second case, production is inelastic.  In as much as production is elastic, the thing usually doesn't work well as a monetary asset, because the very idea that just anyone can PRODUCE the asset makes it pretty low value.  In as much as there is genuine scarcity, however, the MONETARY PRICE of the asset will be way way higher than the original "intrinsic" usage price of the commodity.  This high monetary price rests on ONE SINGLE PILLAR: recursive belief.

If a bull is normally worth 50 pieces of bread, but because of its general monetary use, it goes up to 1000 pieces of bread, the ONLY reason why you are willing to deliver 1000 pieces of bread for a bull, is that you BELIEVE THAT SOMEONE ELSE WILL ACCEPT IT for 1000 pieces of bread.  And that person will do so because he believes that yet another person will accept it ; etc..

The original "commodity" value of the bull doesn't mean anything any more.  It was the onset, but the price of a bull has nothing to do any more with the value of the usage of a bull.  It is PURE BELIEF.

Debt money has another origin: it has as intrinsic value "a promise".  If I promise you to mow your lawn, that promise is worth about one service of mowing, diminished with the risk that I don't keep my promise.  That promise can be traded just like any other asset that is worth something.

In exactly the same way as with bulls, promises can start to be used as intermediate stores of value.  However, for this to work, again, its production has to be somewhat inelastic.  As anybody can promise anything, most promises are too elastic to be accepted as monetary asset.  But special promises issued by a special unique entity (the King, the central bank, ...) can and do become valuable MONETARY ASSETS.  In the same way as nobody eats the monetary bull, nobody goes and claims the promises by the King or by the central bank.  They are BTW, BOGUS promises, but that doesn't matter.  Their TRANSFORMATION FROM PROMISE INTO MONETARY ASSET follows exactly the same way as with a commodity money.

==> what counts is an infinitely recursive belief system (you accept it against value, because you believe that someone will accept it against value, exactly because he believes that someone else. ....) of the value of a token, and INELASTICITY IN ITS PRODUCTION.

Now, a crypto currency is the full abstraction of this.  It is not a promise, and it is not related to a commodity.  It is an ABSTRACT TOKEN.  The only thing that one needs to believe, is that the production of these tokens is INELASTIC.  That's all.

A cryptocurrency value token is nothing else but the PROOF that you are ENTITLED TO POSSESS one of these rare abstract assets, and that you are able to transmit this proof to the person you pay.  That's all.

As such, a cryptocurrency is the purest form of abstract money: it didn't bootstrap, not as a commodity, nor as a promise.  It didn't have any intrinsic value.  It is just a token of which the production is inelastic, and the possession can be proved and transmitted.

Whether this proof is "naive" and explicit: "Joe created the token legally, then Jack got it, then Joe got it, and finally I got it", or whether the proof is more abstract, such as "cryptographically, I prove that I own a legally created token that came to me though legit transactions", doesn't matter.

The ONLY thing, in the end, that gives a crypto currency, or any other MONETARY asset, its value, is the BELIEF that others give it value, and will accept it for at least the value you give to it.  No more, no less.  It is pure belief, and nothing else.    Whether it is gold, a bull, a dollar bill, a bitcoin, a number on your bank account.   The only thing that matters is that you believe that there will be people accepting it against said value.

However, in order for that belief to be able to take ground, one has to believe that the transaction system works and that the production is inelastic.

In as much as "block chain transparency" is not the same thing as "financial transparency", then you agree with me that "block chain transparency" is only a (naive) tool to guarantee correct origin (mining according to the rules) and no double spend of a coin.  If that proof can be delivered without explicit transparency, with cryptographic proofs, then that's just as good, right ?

Now, the problem with block chain transparency is exactly that it leads, unfortunately, to financial transparency, by chain analysis.  As such, block chain transparency is no good.  It is somewhat the equivalent of "showing my private key" to prove that I have the private key.  It is a sure, but naive way to prove something.  If I can prove you that I have the private key, without revealing it, with a cryptographic proof, that's much better I would think.   This is essentially what cryptonote, and also zerocash, do: to give you a PROOF that this coin has not been double spend, and was of correct origin, without revealing exactly HOW.  If I can sign any message you give me with my private key, and you can verify that, then that is just as good proof that I have that private key, than when I show it to you explicitly, no ?  What is important for you is to know that I'm the owner of that private key, not the fact of seeing that private key (which brings much more problems).  If I have a block chain that can prove that I have coins that were transmitted to me via correct transactions, and originated in a correct mining, then that is good enough, without you having to know exactly what transactions and exactly what origin, which would reveal too much other stuff, right ?

There IS an argument for block chain transparency, but that is exactly financial transparency.  In that case, block chain transparency is used as a means to obtain financial transparency.  But if you are in favour of that, again, I ask you whether you publish your bank account transactions also in the public.  Probably you don't.  Some people insisting on financial transparency may be in favour of block chain transparency - so that you can block thieves' money, that you can boycott certain merchants/exchanges and their customers, and that law enforcement can see what you do with your crypto money (and your boss and neighbour too).

But if you are not favourable to that, then there's no reason to be in favour of a transparent block chain, because chain analysis can do all that, with some effort.

That's a funny statement.  Nobody wants financial *transparency* (otherwise, show me where you've put up in public all your bank accounts....).  The transparency in bitcoin was simply ONE way to verify that spending a coin was legit, that is, that there was no double spend, and that its origin was "a real coin according to the agreed-upon rules of creating coins".

As long as these two aspects are guaranteed, no double spend, and no counterfeiting, the monetary token is valid.  It is because Satoshi didn't have a better idea, that he set up a system where you can follow every coin from creation, through every transaction, to your wallet: it is ONE way to prove the two fundamental properties: legit and no double spend, by showing this succession of transmissions in the open.

There have been invented, afterwards, more sophisticated ways to prove the same.  Cryptonote is one, zerocash is another.  They guarantee you cryptographically that a certain wallet content derives from correctly created coins, and have never been double-spend.  That's good enough.  This is cryptography at its best.

Compare it to the following situation:

A document, containing a public key, has a signature that can be verified with said public key.  This document is public and well-known for years, but nobody knows who is the author.

One day, I reveal myself as the author.  How do I prove this ?

The bitcoin way would be: I show my private key on a TV show, and I show you that with that private key, I can reproduce the signature.   So I have shown people that I was indeed, the one who had signed that document.  Problem is, now my private key is out, and all *other* documents I also signed that way, can be claimed by everybody.

The monero way would be: send me just any message of your likings, and I will produce a signature to it, that can only be provided with my private key.  I send you back the signature ; you can verify it with the public key in the document.

In BOTH CASES I have proved that I possess the private key.  In one method, I simply SHOWED you.  In another method, I produced a PROOF that I have it without revealing it.

Bitcoin vs. monero is similar: in bitcoin, the origin and non-double spending of a coin is shown in the open, hence proving non-double spending and correct origin.  In monero, one PROVES you that the coin was correctly created, and that there EXIST transactions that bring it to my wallet without any double spend, but you simply not see them ; but they are proved.  In the same way that you could not see my private key, but I proved to you that I have it.

Transparency on the block chain was a means, not a goal.