I have been asked in a PM if I would like to comment on this. I am not an expert and have no formal training in algebraic abstract math. Everything I know about this particular field (and cryptography in general) is self-taught mostly in 2014 and 2015. And I have big gaps in my understanding which can only be resolved by teaching myself the higher math courses I didn't take at the university and I don't have time for attaining that base knowledge. Nevertheless I can comment conceptually and understand enough to have for example combined Cryptonote with Compact Confidential Transactions to form what I named Zero Knowledge Transactions. And I understand enough to have digested Shen-noether's Ring Confidential white paper over a period of a day or few days. And I was able to analyze the differences and similarities and ramifications of the high level differences in our approach. So with that in mind, I will comment on the above quoted issue.
Afaik, the main difference between the Secp256k1 type of ECC that Bitcoin uses and the Ed25519 Berstein version of the twisted Edwards curve that Cryptonote uses, is that Ed25519 has no branching in the code and thus has no timing attacks (although one might reason that timing attacks might be less useful in crypto currency, I am not sure if that is true in
all scenarios). And (perhaps more importantly) Ed25519 does not require a new random number on each subsequent signature, thus is deemed to less vulnerable to a faulty random number generator (or injection of virus thereof in the operating system). Also Ed25519 is moderately faster and has a prime order which is deemed to more secure (I don't remember if Secp256k1 has a prime order or not).
http://ed25519.cr.yp.to/So Secp256k1 is probably secure but Ed25519 is more secure.
Please feel free to quote me and claim it as an advantage for Cryptonote coins, but please acknowledge that I have also criticized Cryptonote for not solving the fundamental block chain Tragedy of the Commons economic issues and my opinion that metadata correlation makes their anonymity impractical for any (or most?) mainstream uses.
Thank you for the Secp256k1 vs Ed25519 comparison. I see that ArticMine has been debating with you in the Monero thread about the Tragedy of the Commons issue. Based on my understanding he feels that the tail emission of CryptoNote coins (such as implemented by Monero) are critical to avoiding this and that coins like Boolberry eventually be vulnerable unless a tail emission is added. I agree with ArticMine that a tail emission would help Boolberry but still think we have plenty of time to decide how to implement it based on the BBR emission schedule.
Your objection seems to be centered around the assumption that mining will eventually become centralized (due to cost of electricity and other factors giving some parties a comparative advantage). I look forward to seeing how future developments (such as smart mining being developed by Monero) and other changes impact decentralization.