Words, words, words, but somehow know understanding of the actual process.

Every transaction involves two keys: a public spend key, and a public view key. The destination for an output in a transaction is actually a one-time public key computed from these two keys. The formula used for calculating this is: P = H_s(rA)G + B (where H_s is a hash function, r is a random, G is a basepoint, A is the public view key, B is the public spend key).

When scanning incoming transactions every transaction is scanned to see if is for "you". To do this, your wallet computes P' = H_s(aR)G + B (following the same definitions as before, except that a is your private view key, and R = rG, which is packed elsewhere into the transaction). Notice that this only requires your private view key and your public spend key, and this check is immutable and cannot be faked. You cannot receive transactions and identify them without the corresponding private view key.

In order to spend the funds you have to compute a one-time private spend key for that output using H_s(aR) + b (where b is your private spend key), so it's impossible to spend the funds without it. Literally that's all the cryptography you need to understand, but I guess when your aim is to deflect attention from an instamined scam it helps to call it a "mountain of cryptography".

From this we can also determine that it is possible to enumerate all the view keys, but as the key space is 2²⁵⁶ it's not possible unless you have more processing power than all the energy in the universe, and more time than the universe has existed.

The upshot of this is that an auditor only needs your private view key to identify all of your transactions. On the other hand, with Bitcoin and its clones you would typically need to sign every address you own (or for something like Electrum you'd be able to provide your master public key). In some ways the private view key is like the Electrum master public key, in that with both you can view every transaction for that account, and there's no way to fake that data. As with any audit, though, you could always have a second wallet for your secret transactions, but typically auditors would uncover that through other mechanisms.

The claim that the auditor has to "see the balances in the sending addresses" is ludicrous - if I, as a company, receive a payment from Microsoft Inc. do my auditors go and ask Microsoft for their bank balance?

Every transaction involves two keys: a public spend key, and a public view key. The destination for an output in a transaction is actually a one-time public key computed from these two keys. The formula used for calculating this is: P = H_s(rA)G + B (where H_s is a hash function, r is a random, G is a basepoint, A is the public view key, B is the public spend key).

When scanning incoming transactions every transaction is scanned to see if is for "you". To do this, your wallet computes P' = H_s(aR)G + B (following the same definitions as before, except that a is your private view key, and R = rG, which is packed elsewhere into the transaction). Notice that this only requires your private view key and your public spend key, and this check is immutable and cannot be faked. You cannot receive transactions and identify them without the corresponding private view key.

In order to spend the funds you have to compute a one-time private spend key for that output using H_s(aR) + b (where b is your private spend key), so it's impossible to spend the funds without it. Literally that's all the cryptography you need to understand, but I guess when your aim is to deflect attention from an instamined scam it helps to call it a "mountain of cryptography".

From this we can also determine that it is possible to enumerate all the view keys, but as the key space is 2²⁵⁶ it's not possible unless you have more processing power than all the energy in the universe, and more time than the universe has existed.

The upshot of this is that an auditor only needs your private view key to identify all of your transactions. On the other hand, with Bitcoin and its clones you would typically need to sign every address you own (or for something like Electrum you'd be able to provide your master public key). In some ways the private view key is like the Electrum master public key, in that with both you can view every transaction for that account, and there's no way to fake that data. As with any audit, though, you could always have a second wallet for your secret transactions, but typically auditors would uncover that through other mechanisms.

The claim that the auditor has to "see the balances in the sending addresses" is ludicrous - if I, as a company, receive a payment from Microsoft Inc. do my auditors go and ask Microsoft for their bank balance?

The criticism, if factual, should denounce every coin I just claimed was faulty, therefore I should join the debate and end this ring-signature conspiracy.

I like making logical fallacies and assert that all the blockchain must be public without making the obvious point that only your received and spent outputs are necessary to audit just as the case in international business when the auditor will in no way have jurisdiction to audit foreign accounts.  I also fail to see how my faulty argument applies to darksend if it is truly anonymous. So never mind the obvious comparison that the viewkey acts as a receipt verified mathematically by the network. 

No. It doesn't mean that because an auditor wants to verify the origin of the funds and therefore has to see the balances in the sending addresses as well.

Ever heard of "double entry bookkeeping" ? That alludes to the fact that there are two or more balances involved in a transaction, not one.

A great tribute to bitcoin's success as 'money' is the fact that their is public consensus that all the recent bitcoin "heists" of late (Bitstamp, etc) were in fact thefts and not somebody 'fooling the system'. That consensus is only achaived by virtue of the public blockchain and the fact that EVERY SINGLE ADDRESS is auditable. Not public by choice but public by force.

That is the very same consensus that gives the balance in an address its value - and thereby turns it into money.

Privacy is supported by the private blockchain. The phrase "public-private key encryption" alludes to the fact that one key is supposed to be public and the other private. In cryptocurrency therefore, we maximise the anonymity of the private key by maximising the fungibility of the public addresses - not my making them invisible but my making them more fungible, a very different thing.

You can't go burying the public blockchain in a mountain of cryptography.

What you've got is an encrypted bookkeeping system for banks. Go the Ripple route and try selling it to them 

I need to do more research before I criticize what I don't understand and stop making presumptions that endorse my cognitive dissonance (because I know if this argument fails, then I'll have to come up with all new infographics with more bogus claims)  I'll start here. https://moneroeconomy.com/faq/en/how-can-monero-be-both-anonymous-and-transparent-same-time

Don't want to go offtopic here, but isn't David a transhumanist? Maybe destiny has greater plans for Monero than we currently envision

edit: It was nice to see a small price increase on Monero b-day, I confess I bought a little

^^ its all an experiment constantly tested through the iterations of time. Cryptocurencies is one such. The fact that the state, and the US as the (I guess?) most statiest of the states, hasn't come down and totally quashed the thing, imo, gives credence to the fact that the modern era is open to adaptable forms of making shit happen.

Pragmatism, not idealism.

https://www.youtube.com/watch?v=laoq1eeIUxQ

(thats a link to fitter happier by radiohead btw)

Pretty much, yes, especially within the context of people living within the United States. I know that's not a popular opinion among the uber-libertarians and crypto-anarchists that tend to be attracted to cryptocurrency, but it's just my opinion. Considering the list of world-powers/super-powers over the last few hundred years, the USA is probably the least tyrannical (maybe if you call the amalgam of countries that make-up the EU a super-power they would be a bit less "tyrannical").

I have no clue

What do you expect from people who entertain the idea that privacy has any value.

Or that making the private half of the blockchain "disappear" is a solution to privacy. Or that providing a viewkey that another user(s) can use to verify the transaction data trustlesly via the blockchain (that's been verified by math!) for one or all of their transactions equates to an "audit".

Or who think that now we have a financial model with total accountability (NSA Rules!) and transparency (which still exists via the viewkey), people are going to want to go back to opacity where no-one can see sh*t that's none of their business and that's a breeding ground for scams, heists and corrupt technology--like Evan's instamine and the masternode reward system. (Do I sound enough like a concern troll? I'm really working on my technique).

That's the real scam here - not some "instamine" that Evan claims was an accident though that doesn't actually change what happened which was an instamine. 500,000 coins in a few hours is an instamine in most people's book, but maybe if I put quotaion marks around it like Farley's motivational speaker people will think I'm being authentic and mocking the "elitist Monerians".

The State of Monero in its first anniversary, April 18, 2015

Risto Pietilä, Operational Executive in MEW - Monero Economy Workgroup


Beautiful Birthday Present.

You're the one having difficulty "rationalizing'  how any moron could call an instamine a fair launch and a good for the invested community;)

You might have a point if you had created the value and he had "instamined" it.

As it his, he created the value and everybody else benefited.

So give the faux outrage a break. Markets will sort out how much it matters.

There's nothing I despise more than a moanero troll in the crypto world. I don't think they realise there damaging the crypto world as a whole with their non stop fud. I mean if I was fresh money there's no way I'd invest in any coin...

LoL !

You should get yourself a uniform   Or maybe a cheap suit to sell snake oil like Evan has.

(And be proud of yourself for supporting a coin with a fair mine and a ledger that is as public as YOU want it to be)

How can Monero be both anonymous and transparent at the same time?
Monero is "private, optionally transparent". By default, you can get very little information from Monero (you can know that a transaction occurred, but not whence, how much and whither).

But you can decide to give one particular person access to your balance by providing this person a viewkey, a specific string. For the moment, support is limited to MyMonero.com-created addresses, since this wallet is the only one able to take advantage of viewkeys and MyMonero doesn't yet allow reading a non-MyMonero.com-created address (such as an address created with simplewallet). But later, support will be extended to any wallet and addresses.

Another optional transparency feature, hinted at in the original whitepaper but not implemented yet, is auditable addresses.

Finally, we have also considered other methods of allowing for transparency on specific transactions. People want to be able to selectively prove payments on demand and generally open up to transparency in a controlled manner, without everything being linkable and traceable to the rest of their transactions.

See also this comment by Riccardo Spagni/fluffypony on reddit:

I'd argue that there is another option. If I may demonstrate: Monero currently implements cryptographically sound transactional unlinkability and untraceability. However, it allows individuals to (completely optionally) give their "view key" to a select few, or to the government, or even publish it somewhere.

A view key can be used to reveal all transactions for an account. This means that companies could still be audited, charities could make their accounts publicly visible, and parents could see what their kids are spending the money on. Additionally, details of a transaction can be revealed via a similar mechanism on a per-transaction basis.

So the option I alluded to earlier is this: there already exists a cryptocurrency that has privacy by default, transparency optional. Governments wouldn't need to outlaw it, as law enforcement could still be given the tools to investigate illicit transactions (although they'd need to ask for the person's viewkey first, but that's no different than asking for someone's password to reveal incriminating evidence on their computer).