Why do they trust addition, then ?
Trusting in theory is not the same thing as trusting in practice.
About the most flakey link in the whole chain of crypto are wallets - everybody knows that. The chance of your wallet showing you the right balance at any given moment is about as good as the chance of me scoring 100 out of 100 basketball set shots with one hand tied behind my back. (That isn't very high b.t.w.
). Wallets stick, may be unsync'd, have backloged transactions - you name it. And thats just the un-hacked ones. None of this has anything to do with "trust in cryptography" or the number of PHD's you happen to have on your dev team.
Ok, so let us assume you have a broken wallet application. We will assume this on the bitcoin, and on the monero/zcash/other anon side.
What happens ? Your broken bitcoin wallet doesn't do the right verifications, and shows you a wrong balance. Your broken monero wallet does the same. So why is your broken bitcoin wallet now more to be trusted than your broken monero wallet ?
After all, and this is what I wanted to indicate to you earlier on, the bitcoin block chain is ALSO WAY TOO COMPLEX to "see visually that the transaction is right".
In order for the "transaction to be right", you have:
1) to verify the entire chaining of all block chain headers since the genesis block of Satoshi to verify that you have *A* right block chain.
2) to "hop backwards" from the transaction to be verified, to the whole TREE OF BACKWARD INPUTS, all up to their individual coinbases, and find ALL those transactions.
3) to verify the Merkle tree hash of each of the blocks where at least one such transaction occurs.
==> at this point you know that the transaction is transmitting you legit coins that have been created in a coinbase.
4) to verify all OTHER Merkle tree hashes of ALL other blocks. (now we know that you have the full list of reliable transactions on this chain)
5) to see if NO OTHER transaction ever had one of the outputs used in your backward chain as an input
==> now we know that along the path, there has not been any double spending.
6) listen on the bitcoin network, to find out if there are no chains propagated with more PoW then the one you just analysed.
This is NOT something you can "visually inspect". And if you leave one step out, you might:
A) not have the consensus block chain, where double spends have been left out
B) not have a valid block chain at all, where simply transactions have been left out (Merkle trees wouldn't fit, but this, you only know if you verify).
C) have double spend coins
D) have non-legit coins that don't go back to a coinbase transaction (bitcoin creation).
So ALL THIS HAS TO BE DONE before you can know that a transaction in bitcoin is legit. This is NOT something that is simple and "visual". Leave one step out, and you have a visual "check" that is wrong.
If you don't trust crypto, then you cannot trust this whole procedure ; if you can't trust your wallet having done this correctly, then you don't know anything about the legitimity of any transaction.
And no, you cannot do it with pen and paper. You have to trust software doing this, or write it yourself.
In other words, you have no clue about the right balance or the legitimity of any bitcoin transaction without trusting software and crypto in any case. So your argument that it would be simple to verify is not true. Once you have to trust software and crypto, you can trust software and crypto in a slightly more sophisticated edition too.
You cannot simply "verify the balance of the other guy" without going through the same steps as I have indicated here. If you have a block chain where a former spending of that balance was left out, or missed by your crappy wallet software (your hypothesis), you are as vulnerable as in any other case, believing a transaction. And to verify that this is not the case, you have to check the whole validity of the entire chain, AND make sure you have the right chain (highest PoW). That's a lot of crypto you have to believe.
