[XMR] Monero - A secure, private, untraceable cryptocurrency

[smooth]

We've said this before, and it bears repeating: Monero is not an "investment". In fact, we are actively working against the price "naturally" rising merely as a result of us fudging some numbers. You see, Bitcoin's price rose because of an artificial scarcity created by a fixed number of coins and a diminishing block reward. Now that's all well and good, but the sudden creation of quite a bit of wealth for some early adopters has had several interesting consequences. The most interesting of them is the Coattail Riding Effect. You see, the vast majority of altcoins that are released nowadays, and this is especially true for proof-of-stake coins, exist solely to try and ride Bitcoin's coattails, making the group of early adopters in that altcoin tremendously wealthy.

With Monero we have opted not to repeat that process, and instead of simply running with a deflationary currency and hoping for some form of profit, we have instead aimed to aggressively move in the opposite direction and make it slightly inflationary. This means that Monero is NEVER going to become incredibly valuable overnight, and it's not going to make insta-millionaires out of anyone. It means that its value is going to come entirely from utility and usefulness, and that hoarding it for 6 months or a year or maybe even 2 years is not going to make you rich.

What is the new emission rate?

With T=2^64-1 unit in total and the (T-A)/N emission per block, when the total reach T in a few years, can you still use a small inflation to increase the total number of units? Or you have to change T = 2^128-1, for example?

There is no change. There is a small minimum once it gets close to T, and eventually T will be exceeded, but even that won't happen right away. What fluffypony is saying is there is no enforced scarcity due to coins "running out" (although even for bitcoin this process takes >100 years so maybe the significance is somewhat overstated). There will always be some new coins.

[smooth]

...

• PoW algorithm: CryptoNight [1]
• Max supply: ~18.4 million [2]
• Block reward: Smoothly varying [3]
• Block time: 60 seconds
• Difficulty: Retargets at every block

[1] CPU + GPU mining (about 1:1 performance for now). Memory-bound by design using AES encryption and several SHA-3 candidates.
[2] Actual number of atomic units is M = 2⁶⁴ - 1. A minimum subsidy may be implemented in the future with <1% annual inflation to preserve mining incentives.
[3] Uses a recurrence relation. Block reward = (M - A) * 2^-20 * 10^-12, where A = current circulation. Roughly 86% mined in 4 years (see graph).
...

I suspect that one of the reasons for current market behaviour is that the market simply cannot reconcile "Max supply: ~18.4 million" and "Roughly 86% mined in 4 years" with a tail emission. After all 14% of infinity is still infinity and infinity is >> 18.4 million. Making the OP actually reflect the consensus reached by the core team will go a long way toward calming the market jitters. Furthermore the sooner the tail emission amount is set the better.

These statements basically make sense, even interpreted in light of infinite supply. The actual number has a footnote after it. Follow the footnote and you see the minimum inflationary subsidy (at least the possibility of it). The supply will only grow very slowly once the minimum reward is reached so "roughly 86%" might be interpreted as ~86% of the amount that will exist in the near future (a decade or two).

The base supply target is the dominant short term effect, and the inflation only becomes dominant beyond 10-20 years (and even then slowly).

[smooth]

With Monero we have opted not to repeat that process, and instead of simply running with a deflationary currency and hoping for some form of profit, we have instead aimed to aggressively move in the opposite direction and make it slightly inflationary.

You overstate this a bit. A bit of tail emission to incentivize mining won't prevent great fortunes to be made in XMR. Greed as a bootstrapping mechanism was part of bitcoin's genius. I hope you agree that in the end, it will be people's willingness to hold Monero rather than their willingness to use it as a payment system that will keep Monero alive. And if people don't think it will be worth more in the future (i.e. a good investment), then they won't hold XMR. If all merchants end up using the Bitpay-equivalent of Monero to immediately receive USD and consumers use it temporarily to buy what they need anonymously because no one wants to hold it, then it becomes a game of Hot Potato.

Even if widely useful as a currency, people have to believe it has at least stable value, otherwise you end up with this: https://twitter.com/StateOfUkraine/status/545014542590554113

People don't necessarily need to believe they will become extremely wealthy to hold it. Even a modest return is acceptable as long as there is not a big fear of losing value.

The Monero version of those picture above is people dumping on Polo. It's become self-reinforcing to an extent: people think the value is dropping so they dump. Eventually we will reach some kind of equilibrium though, and build from there.

[nioc]

An extra 100k xmr added relatively low on the asks. Wonder if its due to .001 being broken, this tail emission discussion, both or something else.

https://bitcointalk.org/index.php?topic=753252

[ArticMine]

I suspect that one of the reasons for current market behaviour is that the market simply cannot reconcile "Max supply: ~18.4 million" and "Roughly 86% mined in 4 years" with a tail emission. After all 14% of infinity is still infinity and infinity is >> 18.4 million. Making the OP actually reflect the consensus reached by the core team will go a long way toward calming the market jitters. Furthermore the sooner the tail emission amount is set the better.

Remember that the OP reflects the current status of the code. Once the tail emission is set and committed to master the OP will be updated to reflect that:)

Yes the current status of the code is no tail emission. It is also my understanding that the amount of the tail emission (0.3 XMR or 0.1 XMR etc.) has not being decided and this needs to happen before any coding can begin. This issue is not trivial because it deals with a fundamental economic change. There is also the question that if this is not acted on promptly there is a very good change it could not happen at all. Consider is the 1MB block limit in Bitcoin. It was dropped to 1MB in 2010 by Satoshi to protect Bitcoin from denial of service attacks. Now four years later Gavin is trying to undo this change and is facing stiff opposition from the Bitcoin community. In both cases we are dealing with a hard fork. The key lesson here is that a hard fork with clear economic implications becomes way harder as the coin matures and may in fact become impossible. It was easy for Satoshi back in 2010, it may become impossible for Gavin in 2015. Time is simply running out.

The current situation leads and has lead to all sort of speculation and uncertainty. For example a speculator may hoard XMR betting that core team may not be able to implement the tail emission hard fork because they have left it for too long, effectively defeating the economic argument for the tail emission. If the speculator is wrong and dumps all of a sudden then this leads to wild price movements. Then there is the history over the last few months of the debate regarding the emission change for the main curve. The main argument was that the current emission curve would lead to an unfair "community premine". This argument of course fall flat if there is a tail emission. In fact I would argue that if the tail emission had been clear from the outset the whole emission curve discussion would either never had happened or stopped cold early on.

We can go along way here by clearly identifying in the OP:
1) The current state of the code
2) What is being planned. (With a clear disclaimer that there is no guarantee of 2 given the nature of a POW coin)

[ArticMine]

...

• PoW algorithm: CryptoNight [1]
• Max supply: ~18.4 million [2]
• Block reward: Smoothly varying [3]
• Block time: 60 seconds
• Difficulty: Retargets at every block

[1] CPU + GPU mining (about 1:1 performance for now). Memory-bound by design using AES encryption and several SHA-3 candidates.
[2] Actual number of atomic units is M = 2⁶⁴ - 1. A minimum subsidy may be implemented in the future with <1% annual inflation to preserve mining incentives.
[3] Uses a recurrence relation. Block reward = (M - A) * 2^-20 * 10^-12, where A = current circulation. Roughly 86% mined in 4 years (see graph).
...

I suspect that one of the reasons for current market behaviour is that the market simply cannot reconcile "Max supply: ~18.4 million" and "Roughly 86% mined in 4 years" with a tail emission. After all 14% of infinity is still infinity and infinity is >> 18.4 million. Making the OP actually reflect the consensus reached by the core team will go a long way toward calming the market jitters. Furthermore the sooner the tail emission amount is set the better.

These statements basically make sense, even interpreted in light of infinite supply. The actual number has a footnote after it. Follow the footnote and you see the minimum inflationary subsidy (at least the possibility of it). The supply will only grow very slowly once the minimum reward is reached so "roughly 86%" might be interpreted as ~86% of the amount that will exist in the near future (a decade or two).

The base supply target is the dominant short term effect, and the inflation only becomes dominant beyond 10-20 years (and even then slowly).

On a 1% tail emission the tail emission becomes dominant after approximately 7 years.

[smooth]

...

• PoW algorithm: CryptoNight [1]
• Max supply: ~18.4 million [2]
• Block reward: Smoothly varying [3]
• Block time: 60 seconds
• Difficulty: Retargets at every block

[1] CPU + GPU mining (about 1:1 performance for now). Memory-bound by design using AES encryption and several SHA-3 candidates.
[2] Actual number of atomic units is M = 2⁶⁴ - 1. A minimum subsidy may be implemented in the future with <1% annual inflation to preserve mining incentives.
[3] Uses a recurrence relation. Block reward = (M - A) * 2^-20 * 10^-12, where A = current circulation. Roughly 86% mined in 4 years (see graph).
...

I suspect that one of the reasons for current market behaviour is that the market simply cannot reconcile "Max supply: ~18.4 million" and "Roughly 86% mined in 4 years" with a tail emission. After all 14% of infinity is still infinity and infinity is >> 18.4 million. Making the OP actually reflect the consensus reached by the core team will go a long way toward calming the market jitters. Furthermore the sooner the tail emission amount is set the better.

These statements basically make sense, even interpreted in light of infinite supply. The actual number has a footnote after it. Follow the footnote and you see the minimum inflationary subsidy (at least the possibility of it). The supply will only grow very slowly once the minimum reward is reached so "roughly 86%" might be interpreted as ~86% of the amount that will exist in the near future (a decade or two).

The base supply target is the dominant short term effect, and the inflation only becomes dominant beyond 10-20 years (and even then slowly).

On a 1% tail emission the tail emission becomes dominant after approximately 7 years.

Not dominant to the total supply is what I meant. The "roughly 86%" figure will still be correct after 7 years and even after 10 or arguably 20.

[Come-In-Behind]

I'm happy about the Core team's decision after reading the last few pages. Seems they actually want Monero to be used a currency rather than being mainly a speculative investment. I like their attitude(s).

[mik_druid]

pump!

[ArticMine]

Not dominant to the total supply is what I meant. The "roughly 86%" figure will still be correct after 7 years and even after 10 or arguably 20.

This kind of argument is best dealt with by actually running the simulations. Which is why defining the parameters clearly and early is so important to the markets. Now with a 1% tail emission the 4 year money supply will be approximately 64% of the 20 year money supply. This is a far cry from "roughly 86%" of a now irrelevant number.

Now please do not get me wrong here. The core team has made the correct call on whole main and tail emission question. The OP simply does not reflect the reality of that decision.

[smooth]

Now with a 1% tail emission the 4 year money supply will be approximately 64% of the 20 year money supply. This is a far cry from "roughly 86%" of a now irrelevant number.

Only for some definition of "roughly" and also "<1%." Also note that I said arguably for 20 years, as it is clear as you point out there is some meaningful divergence by that point. But I think given the assumption that the total money supply will grow much more slowly in the out years, using the original target as a "rough" number for descriptive purposes of the overall shape of the curve was fine (for example by comparison with other coins with very different curves).

In any case I agree this should be fully specified soon. There is no reason to wait any longer.

[ArticMine]

In any case I agree this should be fully specified soon. There is no reason to wait any longer.

+(2⁶⁴-1)

[Oscilson]

The total is 2^64-1. For the base supply, it is 86% after 4 years. If you have 0.5% tail emission after that, it will take roughly 28 years to reach 2^64-1. Then do you need to increase the digit again to 128 bit?

[smooth]

The total is 2^64-1. For the base supply, it is 86% after 4 years. If you have 0.5% tail emission after that, it will take roughly 28 years to reach 2^64-1. Then do you need to increase the digit again to 128 bit?

Maybe but not necessarily.

It will be sufficient for a very long time that simply no single transaction can include more than 2^64-1 (this was already implemented in the original code, although I'm not really sure why -- extra defensiveness I guess). The total money supply figure is never used in the code except to calculate the declining block rewards, but that won't apply any more after the minimum is reached.

In theory a wallet would require some modification for presentation purposes if the balance (consisting of outputs from multiple transactions) of the wallet is >2^64-1 but this wouldn't affect the core code.

[owlcatz]

The total is 2^64-1. For the base supply, it is 86% after 4 years. If you have 0.5% tail emission after that, it will take roughly 28 years to reach 2^64-1. Then do you need to increase the digit again to 128 bit?

Maybe but not necessarily.

It will be sufficient for a very long time that simply no single transaction can include more than 2^64-1 (this was already implemented in the original code, although I'm not really sure why -- extra defensiveness I guess). The total money supply figure is never used in the code except to calculate the declining block rewards, but that won't apply any more after the minimum is reached.

In theory a wallet would require some modification for presentation purposes if the balance (consisting of outputs from multiple transactions) of the wallet is >2^64-1 but this wouldn't affect the core code.

hi, any TL;DR for us who don't have time due to life issues? did something change? Help, i can't dig through these pages!

Thanks in advance!

[PestoQuinty]

I think trend is the only thing that changed, going north slowly.

The total is 2^64-1. For the base supply, it is 86% after 4 years. If you have 0.5% tail emission after that, it will take roughly 28 years to reach 2^64-1. Then do you need to increase the digit again to 128 bit?

Maybe but not necessarily.

It will be sufficient for a very long time that simply no single transaction can include more than 2^64-1 (this was already implemented in the original code, although I'm not really sure why -- extra defensiveness I guess). The total money supply figure is never used in the code except to calculate the declining block rewards, but that won't apply any more after the minimum is reached.

In theory a wallet would require some modification for presentation purposes if the balance (consisting of outputs from multiple transactions) of the wallet is >2^64-1 but this wouldn't affect the core code.

hi, any TL;DR for us who don't have time due to life issues? did something change? Help, i can't dig through these pages!

Thanks in advance!

[smooth]

The total is 2^64-1. For the base supply, it is 86% after 4 years. If you have 0.5% tail emission after that, it will take roughly 28 years to reach 2^64-1. Then do you need to increase the digit again to 128 bit?

Maybe but not necessarily.

It will be sufficient for a very long time that simply no single transaction can include more than 2^64-1 (this was already implemented in the original code, although I'm not really sure why -- extra defensiveness I guess). The total money supply figure is never used in the code except to calculate the declining block rewards, but that won't apply any more after the minimum is reached.

In theory a wallet would require some modification for presentation purposes if the balance (consisting of outputs from multiple transactions) of the wallet is >2^64-1 but this wouldn't affect the core code.

hi, any TL;DR for us who don't have time due to life issues? did something change? Help, i can't dig through these pages!

Nothing changed. There was some discussion about changing the emission curve but there was no decision to change anything, nor any changes made.

[owlcatz]

Nothing changed. There was some discussion about changing the emission curve but there was no decision to change anything, nor any changes made.

Thank you sir, as always! it's all about the future to me.

[5w00p]

I like the discussion, especially fluffypony's thoughts on the utility of XMR being more important than mere speculation.

I have this thought:

Monero will be a seriously formidable currency when there are Monero forks (clones).

[smooth]

I like the discussion, especially fluffypony's thoughts on the utility of XMR being more important than mere speculation.

I have this thought:

Monero will be a seriously formidable currency when there are Monero forks (clones).

There are already two. They went nowhere