Originally launched in April 2014 as BitMonero, Monero (symbol XMR), means money in esperanto. Monero, a fork of Bytecoin, is a secure, private and untraceable currency, built on the Cryptonote protocol.
Monero uses ring signatures, ring confidential transactions (RCT) and stealth addresses to obfuscate transactions at the protocol level.
Technical Details
Launched: April 14, 2014
Total coin supply: Initially 18.4 million coins (After this, there will be a permanent fixed production of 0.3 XMR per minute to balance out lost coins per year)
Algorithm: Proof of Work (PoW) using CryptoNight
Block reward: Smoothly varying
Block time: 120 seconds
Difficulty: Retargets at every block
Cryptonote, the initial codebase and precursor to Monero
Issue With Bitcoin That Monero Aims to Solve
One of Bitcoin’s big downfalls is the lack of flexibility for the implementation of new features, which require almost complete network updating. (As we are seeing with the blocksize debate)
This includes hard-coded constraints and natural elements of the design (such as block frequency, maximum amount of money supply, and # of confirmations required).
The traceability of both transaction amounts, as well as the sender/receiver, is publicly viewable automatically with Bitcoin unless specific steps are taken by the user.
The proof of work algorithm (PoW) has also violated the original Satoshi vision of “one-CPU-one-vote” with the advent of GPU and Application Specific Integrated Circuit (ASIC) hardware. This allows those miners to gain majority control (51%+) over the network and govern changes. (Like a fork, to keep the network going.)
Irregular emission refers to the construct where the Bitcoin rewards are halved every 4 years. The original intent was to create limited smooth emission with exponent decay. (More predictable not choppy pattern)
Instead, we have a piecewise linear emission (as pictured below) which creates the opportunity for a double spend attack. This is due to the network hash rate decrease at each halving. Note the “stairwell” like moves.
The Bytecoin Fork and details of its creation
Bytecoin is the first known implementation of the CryptoNote protocol with code produced entirely from scratch. But, why was Monero needed if there was already an implementation of this? Well, as always with Crypto, prepare for some drama.
As elaborated in this Monero subreddit from 3 years ago, there was not only a Bytecoin premine but also falsifying the blockchain to show a fair distribution. Then, there were 2 years of “crippled” code that could have been improved but was not. Ricardo Spagni aka “Fluffypony” said the Monero team fixed these problems in a few weeks.
Monero technology fundamentals
The main tech behind Monero is a balance of allowing the user to control their keys and operate privately with proven security mechanisms while also allowing malleability and development in the network. (E.g. variable blocksize, integration of Kovri)
How a normal (not fully anonymous) transaction works
The default set-up for Bitcoin transactions is completely transparent and pseudonymous if steps are not taken to obscure one’s identity and transactions (e.g. a VPN and mixing services). This means your IP address can be connected to your device (i.e. personal identity) with enough resources dedicated to connecting the two.
Ring Signature Transactions
Protecting the sender with Ring Signatures
Ring Signatures (shown above) are digital signatures where several signers sign a transaction. (Think: signing with a joint account but with no one knowing the true signer)
The sender generates a one-time spend key and the recipient is the only party that can detect and spend the money based on that key.
Key images, a cryptographic key, are derived from each output being spent and prevent double spending. This is because there’s one key image per output (expenditure) on the Blockchain.
Ring Confidential Transactions (RCT) hide the amount sent
The sender can reveal just enough information for the miners to confirm the transaction without disclosing publicly the total amount spent. (Known as a “commit”) This allows the transaction to be validated as authentic without losing the privacy as a user.
Stealth addresses make the recipient incognito
A stealth address, also known as a one-time public key prevents recipient’s funds being linked with their wallet. That address can be audited by a 3rd party to prove the transaction occurred. (With the sender sharing their public view key)
The recipient gets their funds through their wallets private view key which scans the blockchain. Once detected and retrieved by the wallet, a single use private key is created (corresponding with senders public key).
The recipient can now spend those funds using their private spend key. This occurs without the sender, recipient, nor the amount transacted publicly linked.
How Monero transactions work
This process is very succinctly explained in this Monero Bitcointalk thread (numbers go with a picture below):
“Bob decides to spend an output, which was sent to the one-time public key. He needs Extra (1), TxOutNumber (2), and his Account private key (3) to recover his one-time private key (4). When sending a transaction to Carol, Bob generates its Extra value by random (5). He uses Extra (6), TxOutNumber (7) and Carol’s Account public key (8) to get her Output public key (9).
In the input, Bob hides the link to his output among the foreign keys (10). To prevent double-spending he also packs the Key image, derived from his One-time private key (11). Finally, Bob signs the transaction, using his One-time private key (12), all the public keys (13) and Key Image (14). He appends the resulting Ring Signature to the end of the transaction (15).”
Key differences from other mainstream privacy protocols
How does Monero compare with alternate privacy-focused solutions?
The main point of differentiation with Monero is the CryptoNote implementation, which has been around since 2001 and has received significant peer-review around its functionality. (Traceable Ring signatures for example)
Two other implementations of privacy technology include:
ZeroCoin/ZeroCash — Using zero-knowledge proofs (ZKP) this protocol obscures the sender and the entire economy. Any exploits (such as creating false proofs/spending) wouldn’t be known until much later due to the anonymous nature of the network. One of the biggest risks is the lack of maturity and peer review behind the cryptography. Also, ZKP relied on the initial RSA private key generated to be destroyed by the creators. (As supposedly done in this computer burning ceremony)
ZCash transactions which use the Zero-knowledge Security Layer (ZSK)
CoinJoin is a mixing protocol that combines transaction but does not mask users, senders or transactions at a protocol level. Originally developed by bitcoin developer Gregory Maxwell, Coin Join is used by Dash, who leverages the Masternode (MN) model where users must possess 1000 DASH to host a MN. Critics say this creates a single point of failure as the individual nodes who provide the mixing service are vulnerable to Sybil attacks.
Charlie Lee, the creator of Litecoin, was recently asked by Edward Snowden about Zcash vs Monero:
Critiques, Weaknesses, and Concerns
Although it appears Monero has many accolades, what are some of its weaknesses? As discussed in this subreddit there are a few:
- Privacy — There’s been the ability to track the IP address of the node that originated a transaction. This logging of IP addresses could cause de-anonymization of users.
- Mining Centralization — The majority of Monero mining is by 4 pools who each have no more than 20%. In addition, the advent of ASIC Monero mining further threatens the original ethos of “one-CPU-one-vote” especially as things scale.
- Darkweb PR — Although this is not a direct cause of the Monero team, it is worth noting as the branding and public perception is always something to keep in mind and could slow adoption as people fear its use for illicit purposes.
- Transaction size — Monero transaction are much larger than Bitcoin’s which requires more data and causes a larger blockchain which is continuously growing daily.
- Development Difficulty — The ability to incorporate with multi-coin wallets and other integrations that would make use more widespread have been slow.
- Limited Merchant Tools — The tools for merchants to integrate payments is difficult and hard to integrate at this time. However, there are more and more third party services popping up to help remedy this.
Accomplishments to date
- Kovri fork, creating more secure transactions with an I2P layer in C++ — This version rebuilt from scratch leverages, I2P, known as the Invisible Internet Project is a TOR alternative which would add a secure layer for all transactions pushed to the network. This was after user anonimal pleaded with the Monero community who agreed to fund full time development to make it a reality. (Gotta love crowdfunding)
- Monero Hardware wallet released — This project was organized and created as a funding mechanism in the Monero community called Forum Funding System (FFS) spearheaded by Michael Schloh von Bennewitz 15+ software and maker veteran as well as anonimal, Lead developer of Kovri. This is in addition to Ledger and Trezor integration in the works.
- You can Pay on Overstock with Monero — Thanks to Shapeshift and their API, Overstock now accepts Monero as well as several other altcoins. This shows further credibility to have the more mainstream adoption.
Conclusions
Monero has been a really steady and innovative player in this fascinating game of not just Cryptocurrency but privacy. The technology aims to pick up where Bitcoin left off and even doesn’t work (i.e. non-ASIC mining, anonymity).
The dedication of the team to building code and auxiliary functions (like Kovri which was a separate but very relevant project) is very apparent. Competent teams are gold in a world of “flavor of the month” coins and ICOs.
Additionally, the technical details for these projects are not simple by any means and that further makes this project that much more fascinating and a great engineering feat.
Keep this secure, privacy coin on your radar, its team is a leader in the industry and will be one to watch indefinitely.
Originally published at coincentral.com.