I personally am a big fan of homomorphic ring signatures. I think they should be more widespread in Bitcoin (Coinjoins are still a niche instead of 50% of all transactions).

However, due to the one time public keys of monero they need a unique tag to prevent double spent. I don't like this because the crypto becomes really complicated (Bitcoins beauty lies in its simplicity) and it makes L2 solutions impossible.

L2 solves the two advantages that Monero offers (unlinkability of two transactions of same user, unlinkability of a transaction within a set) while also being so fast and elegant.

Ring signatures have no effect on L2 usage, and key images are also not a problem at all here.

Monero can support L2 networks, it's just a bit more complex than Bitcoin:


But it is possible, and there are two new approaches I need to add there that will be very simple to implement after Monero implements the Seraphis upgrade that is being planned right now.

Monero with lightning will be unstoppable. :)

Same. Big fan of the ring signatures.

AFAIK Monero is private out of the box while Lightning needs a bit of tinkering to be fully private.

Lightning is just amazing btw.

I'm not a fan of ring signatures because they depend on good decoy selection. Monero failed at it once before. Maybe it fails at it again right now but we just don't know it.

There is ongoing research into decoy selection: https://ccs.getmonero.org/proposals/Rucknium-OSPEAD-Fortifying-Monero-Against-Statistical-Attack.html Also in the next release, the ring size will be increased from 11 to 16.

You can also churn (send your funds to yourself) to increase plausible deniability (churn TXs look the same as regular TXs on-chain, and can create distance between the true sender and recipient).

Complicated cryptography is sometimes necessary for advanced features, such as strong on-chain privacy-by-default. Monero is open source and people are welcome to audit the code or improve it.

Valid concern 🤔