Bitcoin

Bitcoin is open and transparent. The protocol is open, the wallet is open-source, and, most importantly, the blockchain is open. The transparency of the blockchain is key, it has been critical in the phenomenal success of Bitcoin. The blockchain is the work of a genius, but its really not that hard to understand. Any IT professional will already know the building blocks such as Public/Private Key encryption and signatures, and the structure itself is straight forward and logical. There are tens of millions of people who could understand it with a day or two of study and then move on to analyzing the blockchain and verifying its integrity. And a lot of people have done this. There are large numbers of open-source tools available for dealing with Bitcoin, everything from independent implementations of the wallet in any programming language you can think of, to analysis suites attempting to make some sense of the transactions taking place. The blockchain is constantly being examined by a large number of independent groups and any abnormalities are identified very rapidly.

The transparency of the blockchain enables anybody to easily verify the following three characteristics:

• no coins appear out of nowhere, except for those generated by mining - every input comes from an output
• no coin is spent more than once - every output is used as an input once or not used at all
• the total amount of coins that exist is equal to the total amount of coins that have been legitimately generated - the amount of coins generated is the sum of all coinbase transactions, the amount of coins that exist is the sum of all the unspent outputs

These three characteristics confirm that the Bitcoin system is working properly, that new coins are not being generated out of nowhere or disappearing into space. Critically, these characteristics can be confirmed completely independently of the Bitcoin protocol. There's no circular argument here, the ability to verify the correct functioning of the protocol does not depend on the protocol being correct.

Of course, the problem with this transparency is the lack of anonymity.

Monero

Monero is an alternative cryptocurrency that has evolved from the CryptoNote cryptocurrency. Unlike most alternative coins, CryptoNote is not an adjustment or evolution of the Bitcoin software but designed and built from the ground up. It solves Bitcoin's anonymity problem, making all transaction anonymous and includes some other great features such as anonymous destination addresses. It uses fascinating complex math that has not seen widespread use.

And there's my first concern with Monero, the complexity. In my extensive experience as an engineer, complexity is a big cause of problems. Simple stuff works, complex stuff breaks. Whether you're talking about security, availability, or performance - the simpler the better. Its a minor concern, but my spider-senses are tingling.

And then there's the math itself. In math, some stuff is provably true but a lot, particularly in the field of cryptography, is not. The history books are littered with "absolutely perfect" cryptosystems which, it turns out, were far from perfect. Some of the math is backed by some seriously respectable names in crypto mathematics, but this stuff definitely falls into the set of systems that cannot be proved to be correct. All that we can say is that no-one is known to have broken this math. Which is okay, but remember this because it comes up later.

And then there's the implementation: implementing complex systems is difficult, just look at the number of IT security vulnerabilities that are constantly being found and then imagine how many are not being found. Just because it looks like the math might be solid, does not mean that its been implemented correctly.

Lets look at the Monero blockchain. Now we have a problem, we can't trace coins through the blockchain, which is of course by design, its how Monero achieves its anonymity.

For a single transaction, Monero will use one output from a previous transaction as the input and several "fake" inputs. They aren't really fake, they're legitimate outputs selected from the blockchain but the person who generated the transaction doesn't have the private keys to them and they're only used to hide the real input. The inputs are signed using a "ring signature", which is a technique that is used to prove that the signature applies to one of the inputs but its impossible to tell which one.

So, with transactions like that, we cant tell which input to the transaction has actually been used. An output from a transaction may actually appear as an input to many transactions but it will only be really used in one of them.

Given this type of blockchain, lets look at the characteristics listed above:

• no coins appear out of nowhere, except those generated by mining - yes, this can be verified. Every output of a transaction comes from one of the inputs.
• no coin is spent more than once - an output may appear as an input to several transactions but we cant tell if the input is really used, so we cant tell whether the output has been spent or not - the "key image" in Monero prevents double spend and we can certainly verify that a key image has only been used once, but the question was whether we can verify if the coin has been spent more than once. If we assume that the key image works as intended, then yes, we can say that a coin has not been spent twice, but that's a big assumption and that is not independent verification.
• the total amount of coins that exist is equal to the total amount of coins that have been legitimately generated - we can count the number of coins generated by mining, but we cant tell whether outputs have been used or not and therefore we can't calculate the total amount of coins that exist. So no, we cant tell whether the total amount of coins that exist is equal to the total amount of coins that have been legitimately generated.

Conclusion

We cannot independently verify that the Monero blockchain is correct. The currency depends on the complex math, which cannot be proven to be correct. How do we know that some genius somewhere has not figured out a way to bypass the "key image" that prevents double spend? With a transparent blockchain, we would know if someone was duplicating coins or generating coins out of thin air. With Monero, we wont ever know.

TLDR; It is not possible to independently verify the Monero blockchain. In finance, that's a big fail.