28
Apr
20

Monero (XMR) - understanding secure private currency systems

Monero is a secure, private, and untraceable currency system that uses innovative cryptography to ensure that all of its transactions remain 100% unlinkable and untraceable. Along with being one of the most popular privacy coins in the market, Monero is backed by some pretty interesting tech. So, in this guide, let’s put this project under the microscope and see what’s going on underneath the hood.

 

Monero – A brief history

 

Monero is based on the CryptoNote Protocol – an application layer protocol that fuels decentralized digital currencies. Back in 2012, Bytecoin, the first real-life implementation of CryptoNote, was launched. However, the general perception about the Bytecoin protocol was extremely negative, which is why the community decided to fork from it in April 2014, and a new chain called “Bitmonero,” which was eventually renamed to “Monero,” which means “coin” in Esperanto. Since the launch, the Monero blockchain was migrated to a different database structure to provide greater efficiency and flexibility

 

The core members of Monero protocol are Riccardo “fluffypony” Spagni, Francisco “ArticMine” Cabañas, othe, smooth, binaryFate, luigi1111, and NoodleDoodle.

 
Spaggni is the nickname behind the person that is considered the face of Monero. The image shows him in a grey suite and a black dress shirt. He is big boned.
 

Spaggni (the man pictured above) is considered the “face” of Monero and is one of the most well-known members in the cryptospace due to his active presence in social media. Spaggni recently stepped down from his position and was replaced by a developer who goes by the name “Snipa.”

 

Privacy and Fungibility

 

Privacy is at the forefront of Monero’s offering. They want their user to confidently trust Monero in a way that they don’t feel pressured into changing their spending habits for the risk of others finding out. Along with protecting user-confidentiality, the protocol’s privacy also enables Monero to be entirely fungible. Fungibility is a good or asset’s interchangeability with other individual goods or assets of the same type.

 

Let’s take an example to understand the significance of fungibility. Imagine you borrow $10 from a friend. When you return the loan, you can pay them back with any $10 note, right? There is no difference between two $10 notes (provided they are kept in passable condition). Plus, if you choose to, you can payback with 2 $5 bills or 10 $1 notes. The reason why you can do so is that the US dollar is fungible.

 

Now, if you borrowed your friend’s watch, you can’t give them back another watch, in return. The reason being, a watch is a unique item and not interchangeable. In fact, suppose you borrowed your friend’s Omega Seamaster, you came back with another Omega Seamaster, even then it won’t be a done deal.

 

Cryptocurrency and fungibility

 

All your popular cryptocurrencies like Bitcoin, Ethereum, etc. are powered by blockchain technology. One of the most well-known properties of the blockchain is “transparency,” i.e., every single Bitcoin can be traced to its very origins. What this basically means is that suppose you own a bitcoin which once was used in some illegal transaction, e.g. buying drugs, it would forever be imprinted in the transaction detail – this “taints” your Bitcoin.

 

Several exchanges and service providers may not accept these tainted Bitcoins since they want to avoid the hard questions they may be asked during a potential audit. This pretty much kills the fungibility of the coins, since you create a metric with which you can differentiate one Bitcoin with another bitcoin.

 

This is where Monero comes in. Since all their data and transactions are private, no one can know:

 

  • What transactions your Monero has gone through.
  • What was to buy with your Monero.
  • This lack of transparency removes any potential “transaction trails.”
  • Since no one can differentiate between a “clean” Monero and a “tainted” Monero, they are automatically fungible.
  •  

    Why fungibility is important

     

    Without fungibility, money becomes unreliable. A currency – whether it be digital currency or physical, paper money – must be fungible for the general population to accept it as a mode of transaction. Imagine living in a scenario where your $20 bills are no longer considered interchangeable. Imagine the chaos that would cause. This is why the fungibility provided by

     

    Monero Block Properties

     

    If you have been involved in the crypto space in any capacity, then you will be aware of the fact that Bitcoin blocks have a size limit of 1 Mb. This size limit has been the subject of heated debate over the past couple of years. In fact, this is the reason why Bitcoin broke up into Bitcoin and Bitcoin Cash in the first place.

     

    Monero, on the other hand, has no “pre-set” size limit because the developers wanted the protocol to scale dynamically. Unfortunately, what this means if certain steps aren’t taken, malicious miners can spam up the blocks with and bloat the entire blockchain. A built-in block reward penalty is has been integrated into monero to prevent this from happening. This is how the penalty works:

     

  • The median size of the last 100 blocks is taken which is called M100.
  • A new block is mined, whose block size is “NBS”
  • If NBS > M100, the block reward gets reduced in quadratic dependency of how much NBS exceeds M100.
  •  

    So, if NBS is [10%, 50%, 80%, 100%] greater than M100, the block reward gets reduced by [1%, 25%, 64%, 100%]. Generally, blocks greater than 2*M100 are not allowed, and blocks <= 60kB are always free of any block reward penalties.

     

    Another point of distinction with the Bitcoin blockchain is the block-time. While Bitcoin adds a block every 10 mins, Monero mines one every 2 mins. Currently, the block reward is around (1.74 + 0.00493) XMR.

     

    When the Monero supply runs out, there will be a continuous 0.3 XMR/min supply to incentivize the miners.

     

    ASIC resistance

     

    Monero’s underlying CryptoNote protocol makes it extremely ASIC-resistant. The hashing algorithm used in CryptoNote based systems is called “CryptoNight”. CryptoNight is a memory-hard hash function. It is designed to be inefficiently computable on GPU, FPGA and ASIC architectures. It was hoped that this would prevent the creation of mining pools and make the currency more evenly distributed.

     

    So, why has CryptoNight considered a memory-hard algorithm? Let’s take a look:

     

  • It requires 2 MB of 2MB of fast memory to work. The amount of parallelizing hashes is limited by how much memory can be crammed inside a chip. However, this really shoots up its price. So, a manufacturer needs to put as much memory inside the chip as they possibly can while still making sure that they are affordable.
  • CryptoNight has been designed to take advantage of AES-Ni instruction sets available in CPUs and GPUs.
  •  

    Multiple keys

     

    Another fascinating aspect of Monero is its multiple-key system. In bitcoin, ethereum, etc. you just have one public key and one private key. However, Monero has 2 public keys and 2 private keys. These keys can be broadly classified into the following :

     

  • View keys.
  • Spend keys.
  •  

    View keys

     

  • Public view key: The receiver uses this to generate a one-time stealth address where the funds will be sent to.
  • Private view key: The receiver scans the entire blockchain to locate the funds with this key.
  •  

    Spend keys

     

  • Public spend key: The sender uses this to use ring transactions and verify the signature of the key image. This will be explained later.
  • Private spend key: Used to create the key image which the sender uses to send transactions.
  •  

    Your Monero address is a 95-character string made of the public spend and public view key. This should give you an overview of what Monero is and how it works. Now, let’s get into its cryptography.

     

    Monero Cryptography

     

    There are three key aspects to Monero’s cryptography:

     

  • Ring Signatures to maintain the privacy of the sender.
  • Confidential Addresses to maintain the privacy of the receiver.
  • Ring CT aka Ring Confidential Transactions, to maintain the privacy of the transaction.
  •  

    #1 Ring Signatures

     

    When you send a cheque to someone, you need to validate it by signing off with your signature, right? However, because of this approach, anyone can see what your signature looks like. What if an expert forger learns how to do your signature and steal your checkbook?

     

    Suppose you randomly pick four people from the street and tell them to sign over your signature with their own. Now, it will be near impossible for anyone to decipher your original signature. That, in essence, is how ring signature works.

     

    Let’s see this mechanism in the context of Monero. Suppose Alice wants to send 10 XMR to Bob. Here are the steps she is going to follow to ensure her privacy:

     

  • She will first determine the ring size, aka the number of random outputs taken from the blockchain which will act as decoys to hide the original output. Bigger the ring size, higher the level of privacy, bulkier the transaction, and more the fees.
  • She signs the outputs with her private spend key and sends it to the blockchain.
  •  
    Monero transaction inputs end up in ring signatures, ensuring secure private transactions
    Image credit: Monero Youtube channel.
     

    In the diagram above, we have chosen a ring size of five (one real output and four decoys).

     

    Every transaction in Monero comes with its own unique key image. So, even if the miners can’t check the transaction itself, they can check the key image to ensure that the system isn’t double-spending.

     

    #2 Stealth Addresses

     

    This is another handy piece of cryptography that Monero leverages to ensure receiver privacy. Every Monero user has two public keys, the public view key, and the public send key. For the transaction to go through, the sender’s wallet will use the receiver’s public view key and the public spend key to generate a unique one-time public key.

     

    This is the computation of the one-time public key (P).

     
    P = H(rA)G + B
     
    In this equation:
     

  • r = Random scalar chosen by Alice.
  • A = Bob’s public view key.
  • G = Cryptographic constant.
  • B = Bob’s public spend key.
  • H() = The Keccak hashing algorithm used by Monero.
  •  

    The computation of this one-time public key generates a one-time public address called “stealth address” in the blockchain where the sender sends the Monero intended for the receiver.

     

    When that’s done, the receiver will use their private spend key to scan the blockchain for their Monero. When they come across the transaction, the protocol automatically calculates the private key that corresponds to the one-time public key. Using this, they can unlock their Monero.

     

    #3 Ring CT

     

    Ring CT or Ring Confidential Transactions can be used to preserve the privacy of the transaction details. Prior to the implementation of Ring CT, the transactions used to be broken down into smaller components, and then those components received their ring signatures. Eg. Consider the diagram below:

     
    Monero transaction inputs can broken down to smaller transactions which end up in other pools of transactions (ring signatures).
     
    Image courtesy: Monero Youtube
     

    A transaction worth 12.5 XMR has been broken down into 10 XMR, 2 XMR, and 0.5 XMR. Each of those transactions will get their own ring signatures and then added to the blockchain. While this did safeguard the sender’s privacy, what it did was that it made the transactions visible to everyone.

     

    To mitigate, Monero introduced the concept of RingCT. RingCT hides the transaction amounts within the blockchain, meaning that transaction inputs don’t need to be broken down into known denominations and a wallet can now pick up ring members from any Ring CT outputs.

     

    The Upcoming Kovri Project

     

    The Monero development team is currently working on the Kovri project, which will add unprecedented amounts of privacy to the protocol. Kovri will encrypt and route Monero transactions via various I2P Invisible Internet Project nodes. I2p or invisible internet project is a routing system that allows applications to send messages to each other privately without any outside interference. So, if properly executed, Kovri will hide the IP address of transactions, extending the security of Monero, while reducing the risk of network monitoring.

     

    Kovri will protect Monero and its users from:

     

  • Node partitioning attacks.
  • Associations between a particular txid and the user’s IP address.
  • Mining and/or running a node in highly adversarial environments.
  • Metadata leakage (e.g., OpenAlias lookups).
  •  

    Why user-confidentiality matters (Taken from Monero.how)

     

    So, why bother using Monero? Why should you embrace the privacy philosophy it touts? “Monero.how” gave the following examples to help us understand why privacy matters. You can check out the examples here. We’ve taken them verbatim to not reduce the impact of the use-cases.

     

  • You are traveling through parts of a country with a medium to high violent crime rate. You need to use some of your Bitcoin to pay for something. If every person you transact with knows exactly how much money you have, this is a threat to your personal physical safety.
  •  

  • You are a business that receives a payment from a supplier. That supplier will be able to see how much money your business has, and therefore can guess at how price sensitive you are in future negotiations. They can see every single other payment you’ve ever received to that Bitcoin address, and therefore determine what other suppliers you are dealing with and how much you are paying those suppliers. They may be able to roughly determine how many customers you have and how much you charge your customers. This is commercially sensitive information that damages your negotiating position enough to cause you relative financial loss.
  •  

  • You are a private citizen paying for online goods and services. You are aware that it is common practice for companies to attempt to use ‘price discrimination’ algorithms to attempt to determine the highest prices they can offer future services to you at, and you would prefer they do not have the information advantage of knowing how much you spend and where you spend it.
  •  

  • You sell cupcakes and receive Bitcoin as payment. It turns out that someone who owned that Bitcoin before you was involved in criminal activity. Now you are worried that you have become a suspect in a criminal case, because the movement of funds to you is a matter of public record. You are also worried that certain Bitcoins that you thought you owned will be considered ‘tainted’ and that others will refuse to accept them as payment.
  •  

    Where can I store my Monero?

     

    There are several wallet options that you can use to store your Monero:

     

  • Cake Wallet: Cake wallet is an excellent option for you if you are an iOS user. The wallet has several useful features along with basic wallet functionality, such as the ability to exchange your Monero for different currencies. Cake Wallet never sends your private view key to an external server. This can be a double-edged sword as, while it’s slightly more private, it’s not recommended for everyday use since every single time you have to wait for the wallet to synchronize with the Monero blockchain locally.
  •  

  • MyMonero: The easiest wallet to use for beginners. You can quickly generate a wallet address and the associated private keys using the MyMonero website. The core Monero development team maintains MyMonero, and the codebase is entirely open-source. MyMonero doesn’t send your private key to its servers as it remains on your local machine. However, MyMonero trades complete privacy for convenience in one particular aspect. Instead of scanning the blockchain locally on your computer, the wallet sends your view key to its servers and uses the key to scan for incoming transactions to your account. So, if MyMonero’s servers are compromised, your view key is at risk of exposure. Thankfully, since Monero utilizes stealth addresses, a hacker will only be able to see your incoming transactions with the view key. They won’t be able to tell where the transaction originated from, or see any of your outgoing transactions.
  •  

  • Ledger Nano S: The most secure and convenient way to store Monero, or any cryptocurrency for that matter, is a hardware wallet. The Ledger Nano S is one of the most well-known wallets in the space. Unlike the other two options, it’s not free, and you’ll need to spend $59. However, the tradeoff you receive when it comes to privacy and ease-of-use is completely worth it.
  •  

    Conclusion

     

    While Bitcoin is incredibly revolutionary, its most critical flaw is its lack of privacy. Bitcoin public addresses can compromise user privacy. Monero leverages ingenious cryptography to ensure the confidentiality of the sender, receiver, and the transaction itself. If you want to know more about the project, you should check out its whitepaper and research papers here.

     

    disclaimer

    CHAIA.iO is not a registered investment, legal or tax advisor or a broker/dealer. All investment/financial opinions expressed by CHAIA.iO or the authors of the respective articles on www.chaia.io are from personal research and experience of the owner of the site or the authors and are intended as educational material. Although best efforts are made to ensure that all information is accurate and up to date, occasionally unintended errors or misprints may occur. You should take independent financial advice from a professional in connection with, or independently research and verify, any information that you find on our Website and wish to rely upon, whether for the purpose of making an investment decision or otherwise.

    Rajarshi Mitra
    Blockchain Researcher