Created in April 2014, Monero (XMR) is a cryptocurrency with a focus on privacy and untraceability. Monero uses ring signatures, stealth addresses, and ring confidential transactions to hide the transaction’s sender, receiver, and amount. Although Monero has been adopted for applications on the darknet, its privacy implications are important for personal security and currency fungibility.
Monero’s mission is digital currency that has the anonymity of cash, and it’s private by default. When you use Monero to purchase something, the recipient doesn’t need to know who you are or where you received the money. Your transaction history is completely private. In addition to its focus on privacy, Monero is open source. This means anyone can access and use the platform for free. Monero’s transparency is one of its greatest assets in the quest for privacy.
- 1 The Problem with Bitcoin (and Other Cryptocurrencies)
- 2 Stealth Addresses: Keeping Recipients Private
- 3 Ring Signatures: Disguising Senders
- 4 Ring Confidential Transactions: Hiding How Much Was Sent
- 5 Adoption, Growth, and User Base
- 6 Monero Funding and Commitment to Open Source
- 7 Conclusion
The Problem with Bitcoin (and Other Cryptocurrencies)
Monero is one of the leaders of a privacy movement in cryptocurrency. This movement is concerned with guaranteeing that you can use cryptocurrency however you want, without fear of having your transaction history tracked or exposed. Privacy isn’t trivial. Even for law-abiding citizens, there are many reasons you might want to keep certain personal or business purchases and payments private.
Here are some examples from Monero’s website of why ordinary citizens should value privacy:
- You are travelling through parts of a country with a medium to high violent crime rate. You need to use some of your Bitcoin to pay for something. If every person you transact with knows exactly how much money you have, this is a threat to your personal physical safety.
- You are a business that receives a payment from a supplier. That supplier will be able to see how much money your business has, and therefore can guess at how price sensitive you are in future negotiations.
- You are a private citizen paying for online goods and services. It is common practice for companies to attempt to use ‘price discrimination’ algorithms to attempt to determine the highest prices they can offer future services to you at, and you would prefer they do not have the information advantage of knowing how much you spend and where you spend it.
This privacy movement, and Monero itself, came as a reaction to Bitcoin’s problems with transaction tracking. On the Bitcoin blockchain, you can see the sender’s address, recipient’s address, and amount for every transaction on the publicly-available blockchain. While the addresses are anonymous, with a little bit of work you can follow transactions to understand which addresses are sending money to where. The web of transactions eventually allows anyone in the world to see who is purchasing what with a little detective work.
In response to these privacy and traceability concerns in Bitcoin, Nicolas van Saberhagen developed the CryptoNote protocol for handling public addresses on the blockchain in a more opaque way, protecting users from traceability. The first cryptocurrency to implement the new protocol was Bytecoin in 2012. Over time, Bytecoin’s code became well optimized, and by 2014 it started to gain traction as a privacy currency. However, since it was originally developed as an academic experimental coin, by that time nearly 80% of its total coin supply has already been mined, making it problematic for wide adoption and scalability.
Monero is a hard fork of the original Bytecoin, started in 2014, that fixed the coin supply issues and other problems with Bytecoin. It uses the CryptoNote protocol in the form of CryptoNight proof of work hashing function to make it hard for mining by specialized computers. Instead, CryptoNight is optimal for ordinary CPUs to power the proof of work , leading to a more egalitarian and distributed mining community on Monero.
Monero guarantees anonymity and untraceability through a series of three technologies: ring signatures, stealth addresses, and ring confidential transactions.
Stealth Addresses: Keeping Recipients Private
Unlike Bitcoin, with Monero you don’t receive funds at your public address. Instead, when someone sends your Monero, they place the funds in a new anonymous account and lock that account with a password only you can discover. As a result, your Monero is never associated with your public address.
Every transaction on Monero involves creating one of these new anonymous accounts. Monero calls these new accounts stealth addresses. The idea behind the stealth address is to create a layer of anonymity between your public address and the Monero you own. The addresses on the publicly available Monero blockchain are stealth addresses, so personally identifiable information stays off the blockchain altogether.
If all my Monero is stored in stealth addresses, how do I know how much Monero I have?
Every time you launch Monero, your wallet will scan the blockchain for stealth addresses that have been created for you. These stealth addresses have been cryptographically designed so you (and only you) can detect them using something called your “private view key” Running your private view key and other information about each transaction through a cryptographic algorithm, your wallet automatically checks each new stealth address on the blockchain. When there’s a match, the transaction behind that stealth address was meant for you. However, other people who don’t have your private view key will not be able to tell who that transaction is destined for.
When you want to spend your Monero, you’ll use a different “private spend key” to unlock the stealth address and authorize the spending.
Ring Signatures: Disguising Senders
Stealth addresses solve a lot of the problems of traceability and anonymity, but one major challenge remains. Since the person who sent you the Monero in the first place knows about the stealth address (since they created it), they’ll be able to tell when you spend those funds on something else. We need a way to disguise the transactions you send.
Monero’s solution is called a ring signature, and it’s a cryptographic concept with research that dates back to 2001. The basic idea involves gathering a group of possible senders together and authorizing the transaction together:
Imagine Alex wants to send Monero to Betty. Alex would randomly select several other stealth addresses where the funds could potentially come from. The Monero algorithm then mixes these transactions together, recording multiple transactions and potential senders on the blockchain. Even though the owners of these stealth addresses are not currently online, their wallets constantly appear to be transacting in order to mask real transactions.
In Alex’s case, mixing more addresses into the transaction makes it more difficult to trace, but since more mixing requires more network computing power if he chooses to raise the mixing rate he’ll have to pay higher fees. In general, there’s no need to mix in more than 4 addresses in order to guarantee anonymity.
With all the mixing, it seems likely that someone will be able to exploit the system and spend the same coin twice. However, Monero implements a technology known as a key image to prevent such a double spend. The key image combines Betty’s one-time public destination with Alex’s one-time private key for that stealth address. The result of the cryptographic algorithm is a proof that the one-time private key used to sign the transaction has not been used before, without revealing which private key in the ring of transactions authorized the spend.
Like Bitcoin, Monero uses unspent transaction outputs (UTXOs) for accounting. Imagine a stealth address that you control has 10 XMR. If you want to send 3 XMR to a friend, you can’t send only 3 XMR. This is because new outputs you create have to equal the total inputs. You can only use the key image for a stealth account once, so if you want to spend part of the 10 XMR in your account, you’ll have to spend it all. We solve this challenge by dividing your 10 XMR into two transactions – one for 3 XMR and another for 7 XMR – and we sign those outgoing transactions with the one-time key image. The 3 XMR goes to your friend and the 7 XMR goes to a new stealth address that you control. Both of the new transactions get mixed into ring signatures to hide the fact that you’re the sender.
The concept of ring transactions becomes especially interesting when you consider that your funds could be mixed in with other transactions on the network. In fact, with thousands of transactions per day, it’s likely your funds will be mixed into other transactions many times at all hours of the day and night. The overall effect of transaction mixing is it looks like everyone is transacting all the time, making it nearly impossible to track the real transactions through all the noise.
Ring Confidential Transactions: Hiding How Much Was Sent
Ring Confidential Transactions (Ring CT) are an expansion of ring signatures for Monero. Shen Noether originally proposed the idea for Ring CT in a 2015 white paper as a way to hide the amounts in each transaction. Noether argued that even though Monero transactions are anonymous, they could still be linked together using analysis of the transaction amounts.
His Ring CT solution involves using cryptography on the transaction information and key pairs of the participants in order to hide amounts, origins, and destinations all at once. The cryptography behind this process is known as Multilayered Linkable Spontaneous Anonymous Group Signatures (MLSAG). For a detailed explanation of how MLSAG works, you can review the white paper.
Ring CT went live on the Monero blockchain in January 2017, and it upgraded and replaced the original ring signature protocol.
Adoption, Growth, and User Base
As of December 2017, Monero is the 9th most valuable cryptocurrency in the world by market cap. Over the past year, between December 2016 and December 2017, Monero has seen a 37x increase in valuation.
Much of this growth in valuation has come not from currency speculation, but from people actually using Monero to purchase things. According to WIRED and CoinDesk, Monero owes its early growth to darknet user adoption, especially the website Alphabay, for private, untraceable payments. That said, Monero is not inherently a darknet coin, and it’s worth remembering that Bitcoin also found its early traction with darknet users.
Anonymity and untraceability are important characteristics in cryptocurrency because they contribute to the currency’s fungibility. Fungibility is the concept of inherent value in currency, absent transaction history. This means that when I pay for something with a dollar bill or a euro, the shopkeeper can’t see how I received the money. Instead, the shopkeeper trusts that the currency is valid simply based on face value. In contrast, Bitcoin has had a fungibility issue where some coins are blacklisted because they’ve been stolen or included in illicit transactions.
Monero’s untraceable currency makes blacklists impossible, leading to greater trust in the currency itself, not in each coin’s transaction history. Monero is also working on a new technology known as Kovri to hide the IP addresses of nodes on the network. This adds greater untraceability and outstrips current masking technologies like Tor and VPNs. Kovri uses layered encryption to hide the data users are sending, using Kovri to connect to the Monero network will come default in future Monero releases.
Monero Funding and Commitment to Open Source
Monero is committed to being community-driven and focusing on the needs of its user base. Monero’s code is open source, and the Monero developers did not receive a premine, instantmine, or any portion of the block reward. To date, the Monero source code has received contributions from 295 developers around the world.
Monero is a viable alt-coin with privacy, open source, and decentralization at its core. Monero’s core team has positioned Monero as a competitor to Bitcoin and claims it can overcome Bitcoin’s network effects with its superior product. While Monero shows promise and is easily one of the most technically sophisticated cryptocurrencies on the market, other currencies such as Zcash and Dash, are stepping up their implementation of privacy measures, too.